Hi;
In assigning negative weight should we assign the domain as it appears
in the log?
Almost all newsletters from Microsoft are assigned a warning for REVDNS.
So should we assign a negative 5 weigth to:
Microsoft.com
Or:
Newsletters.Microsoft.com
Or:
delivery.pens.microsoft.com
This is also true for e-Mails coming from AOL.
Thoughts?
Kami
Header Example:
---------------------------
Received: from rainer.bnt.com [12.4.218.18] by mail.durability.com with
ESMTP
(SMTPD32-7.11) id A402122001AE; Thu, 11 Jul 2002 02:21:54 -0400
Received: from delivery.pens.microsoft.com ([207.46.239.124])
by rainer.bnt.com (8.12.3/8.12.3) with ESMTP id g6B6LR4M096110
for <[EMAIL PROTECTED]>; Thu, 11 Jul 2002 02:21:27 -0400 (EDT)
(envelope-from
[EMAIL PROTECTED]
m)
X-Authentication-Warning: rainer.bnt.com: Host [207.46.239.124] claimed
to be delivery.pens.microsoft.com
Received: from tkmsftddsq04 ([10.201.232.143]) by
delivery.pens.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905);
Wed, 10 Jul 2002 23:20:31 -0700
Reply-To:
<[EMAIL PROTECTED]
om>
From: "Microsoft"
<[EMAIL PROTECTED]
om>
To: <[EMAIL PROTECTED]>
Subject: [SPAM]Microsoft Security Bulletin MS02-035: SQL Server
Installation Process May Leave Passwords on System (Q263968)
Date: Wed, 10 Jul 2002 23:20:31 -0700
Message-ID: <10169001c228a3$0ebd4320$8fe8c90a@tkmsftddsq04>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft CDO for Windows 2000
Thread-Index: AcIoowUUrcgBWo70Rq6QFLWjpHSfdA==
Content-Class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
X-OriginalArrivalTime: 11 Jul 2002 06:20:31.0675 (UTC)
FILETIME=[0F07E0B0:01C228A3]
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA
207.46.239.124 with no reverse DNS entry.
X-RBL-Warning: HEUR10: Heuristic spam detection level 10 [0.999975]
X-Declude-Sender:
[EMAIL PROTECTED]
m [207.46.239.124]
X-Declude-Spoolname: D2402122001ae2ad8.SMD
X-Note: This E-mail was scanned by Declude (www.declude.com) for spam &
virus.
X-Spam-Tests-Failed: REVDNS, WEIGHT10, HEUR10
x-Weight: 13
X-Note: This E-mail was sent from [No Reverse DNS] ([207.46.239.124]).
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 326074069
---------------------------------
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
