On 11/17, Marc Perkel wrote: > for example, if the sending domain has no MX records of its own it > is more likely spam that if there are 3 or more MX records that
There could be a useful correlation there, but I need to point out that if a domain has no MX records, the correct thing to do is to send email to the A record for the domain, and I've seen legit domains configured that way and unwilling to change. It's not even a violation of RFC. > There might be other methods of detecting serious domains. If they > are using expensive services. Spammers would not have their dns > hosted with Ultra DNS, or use the expensive registrars, or other > services that are expensive. There *could* be something there. I'm not familiar with Ultra DNS, but any service provider that's known to be good about blocking customers for spamming, it could be useful to detect the use of that provider, and use it as a kind of white list. Maybe even some network providers are better about kicking off spammers than others? I'll actually forward that idea along to the DNSWL folks for consideration as criteria for whitelisting. > Who thinks I'm onto something? You could be. Find out and let us know :) The ASRG list is also generally interested in this type of discussion: http://irtf.org/mailman/listinfo/asrg -- "Life is either a daring adventure or it is nothing at all." - Helen Keller http://www.ChaosReigns.com
