On 06/09/2014 10:32 PM, Patrick Domack wrote:
Quoting Matthias Leisi <matth...@leisi.net>:
On Mon, Jun 9, 2014 at 8:43 PM, Kevin A. McGrail <kmcgr...@pccc.com>
wrote:
I think the core issue is that age of domains is a good indicator of
spam.
So there is merit in building a distributed look-up system using SA.
I have more ideas than resources, of course...
I repeat my question: which domain? HELO, MAIL FROM, From:, ...?
-- Matthias
HELO hasn't matched anything in my tests.
MAIL FROM has matched many, though the helo's are always a different domain
From I have only started doing yesterday, and not sure exactly how I
will track them. Likely just wait a few days, and check my ham/spam
folders and compare what rules where hit.
LOTS of the recent .us & .me will match sender/ptr/A/HELO