Why do I need further validation. Because mail admins have different levels of abilities and mail server may or may not force proper configuration. Can you name one mail server that verifies that it is setup properly.
It would be great if mail servers had preset rolls and they verified their settings but they do not. HELO, RDNS, MXrecords call all be set improperly even by Len or Scott. but Len and Scott will probably find the mis-configuration quickly. the newbie admin will not find it quickly and needs help. So to fail a piece of mail that may or may not be SPAM based on what the spam filter says is not necessarily a good idea. You can with some certainty block messages. But you can not guarantee that all messages that fail spam test are spam with out a human looking at the message at least once. I am sure there are people on this list that added part of the HELO string I sent into their HELO filters. I know I make changes based on posts to this group. I do research to see if it fits into my configuration. I am glad you have found clear telltale signs of spam. But I am always acceptable of even my own configuration. because of the dynamic nature of spam. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry > Sent: Wednesday, October 20, 2004 5:49 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Random Helo strings > > > ----- Original Message ----- > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > > > Darin got it correct I was pointing this out becuse some on this list > > suggested the blocking an email that has an ip for its hello is > not a good > > way to block spam. I personally think it is. > > > > Using HELOISIP or CONTAINSIP is a valid blocking method. If the > ip is well > > formed [x.x.x.x] I check it against the ip of the connecting servers ip > > address if they match I let it through, do not get many spams this way. > > Yesterday 346 messages where ip addresses as the helo that is 9% of our > > total volume. > > > > And posting the methods the spammers are using to try to get past spam > > blocking is definitly an interest to us all. > > Maybe so. But I just think that there are some clear telltale signs of > spam, and that if they are found, then why not simply reject the message > right then and move on. Why do you need further validation that > the message > is spam? > > Anyway, just my 2 cents... > > Bill > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
