Another idea for a new test, a close cousin to the SpamDomains test:
>Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com >(SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700
This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net)
24.208.0.0/14 rr.com rr.net
In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message.
That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
