I also should have expounded more on my post. The MX servers are not listed, rather the webmail servers are. Since I scan 2 hops, it is the 2nd hop that is getting hit on.
What I have done for that is the following filter: MAILFROM END NOTENDSWITH @aol.com TESTSFAILED END NOTCONTAINS SPAMCOP REVDNS -15 ENDSWITH .mx.aol.com The -15 is counter weight for SPAMCOP which I only weigh at 15. (Hold at 25 delete at 35) John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Monday, February 28, 2005 9:37 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] SpamCop listing AOL webmail servers > > Well, John. I'm sure that's a rhetorical question, but I'm feeling a > little chatty while I listen to hold music. > > SpamCop and pretty well every other blacklisting service make no > allowance for how much good mail is coming from an IP address. They > only do blacklisting. > > The funny thing is that since IronPort now owns SpamCop.net, you'd think > that they could use the statistics that they expose at SenderBase.org to > adjust the weighting mechanism that SpamCop uses. > > I'm sure that > > a) AOL isn't perfect, and spam does come from some accounts, > b) Automated (and semi-automated) listing mechanisms like SpamCop will > impede traffic > c) AOL is the ISP that everyone loves to hate. SpamCop users may well > go ahead and > and report suspicious emails. > d) Spam and virus blowblack needs to be carefully weeded out by ISPs so > that they > don't get listed by sending unexpected responses to forged addresses. > > It's been said by wiser heads, but I'll say it again for folks without > John's depth of experience: Don't weigh individual tests high enough to > be caught by a single false positive. That likely means that you will > get some spam in, but that's preferable to blocking mail that you > shouldn't. > > I've been burned by multiple ip4r tests blocking ISPs, and have > counterweighted those mail servers accordingly. That also means that > I'm more likely to get spam. > > I'll also add that false positives in blacklisting has made content > inspection much more important to me. Mail Sniffer from SortMonster.com > helps me out a huge amount, and has taken away much of my burden for > maintaining my own filter text files. > > A SURBL lookup like invIURIBL from invariantsystems.com or via > spamassassin would certainly help out too (but I'm not there yet). > > Andrew 8) > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff > (Lists) > Sent: Monday, February 28, 2005 7:10 AM > To: [email protected] > Subject: [Declude.JunkMail] SpamCop listing AOL webmail servers > > > http://www.spamcop.net/bl.shtml?205.188.139.132 > > WHY? (grumble mumble grumble &^%&^$^*(&^%^%&^&^&) > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
