>We are running Sohos SMTP and we get marked with
>X-RBL-Warning: This E-mail has headers consistent with spam [40001002]
>
>Would this be the trigger ? Message-Id:
><<mailto:VwAAAJkbLzwkZp8xXA4AAA==@warpdrive>VwAAAJkbLzwkZp8xXA4AAA==@warpdrive>
Although that Message-ID: header is technically invalid ("warpdrive" isn't
a fully qualified Internet host name), that type of Message-ID: header is
so common that Declude won't use it for either the BADHEADERS or
SPAMHEADERS tests.
The problem with this one is that the From: header is poorly formed
(although probably technically valid). For example, the following header
could trigger the SPAMHEADERS test:
From: "User Name"<[EMAIL PROTECTED]>
Note that there is no space after the second quote and before the
bracket. Depending on how you read the RFCs, that is probably valid, but
could break some mail clients. Note that the SPAMHEADERS test checks for
spam-like headers that are probably technically valid, so Sophos may not
want to change it (unlike the BADHEADERS test, which will only catch E-mail
with spam-like headers that are also invalid, and would have to be fixed).
>Also when we get notices from Networksolutions it gets marked with BadWhois
>X-RBL-Warning: Inaccurate or missing WHOIS data
>Is the whois tracking important enough to be concerned with?
Now *that* is very funny!
The BADWHOIS test (run by http://www.rfc-ignorant.org ) lists domains that
don't have valid information in WHOIS. The idea is that if you receive
mail from a domain that can't be contacted, you don't want their mail (if
there is no contact information, there is no way that they can stop one of
their users from spamming).
I just checked the WHOIS for Network Solutions (at
http://www.netsol.com/cgi-bin/whois/whois?STRING=networksolutions.com&SearchType=do
):
Registrant: Network Solutions Registrar (NETWORKSOLUTIONS5-DOM)
505 Huntmar Park Drive Herndon, VA 20170-5142 US
Domain Name: NETWORKSOLUTIONS.COM
Administrative Contact, Technical Contact:
NETWORK SOLUTIONS (NSOL-NOC) [EMAIL PROTECTED]
VeriSign, Inc.
21355 Ridgetop Circle Dulles, VA 20166
US
123 234 1234
...
So if someone using an @networksolutions.com address spams you, the
quickest ways to take care of the problem would be to E-mail
[EMAIL PROTECTED], or call (123) 234-1234. I'm guessing the
E-mail address is invalid, and I can guarantee that phone number won't work.
Kind of funny that the "Masters of WHOIS" (the same ones that refuse to
allow our customers access to their WHOIS data) have a bogus WHOIS record
themselves.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
