Hi Scott: Today's discussions gave me the idea of some form of "Confidence" test. Ideally, that test should NOT require any external config files (low maintenance). It is somewhat similar to the IPNOTINMX "positive" test - in that it is intended to assign a negative weight for email that has a "high confidence" in the sending domain (e.g., the sender is who he says he is.)
The test would: - inspect the sending 2nd level domain (e.g., @..."rr.com", @..."verizon.net", etc.) - inspect the RDNS 2nd level domain - inspect the HELO 2nd level domain If the sending 2nd level domain matches the RDNS, it is given a "good confidence" negative weight, if it matches BOTH, it is given additional "high confidence" negative weight. If the RDNS is time-out, but the HELO matches, it is given a "good confidence" negative weight. If the RDNS doesn't exist, then no credit is given. - if NO match is found, then the test ignores the TLD (top level domain) and generically compares the 2nd level identifier only (e.g., @..."rr.*", @..."verizon.*", etc.) If a match is established using that method, then a lesser "little confidence" negative weight. For extra credit <G> allow for an OPTIONAL configuration file where one can define equivalent 2nd level domains, similar to SPAMDOMAIN. This file is only looked up, if initially a match is NOT established. If a match is found that way, it is treated as if the 2nd level domain matched. Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, June 09, 2003 03:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Using SPAMDOMAINS and negative weights? >No. I mean that the test fails only if the from-domain was found in the >sd.txt file and the corresponding REVDNS- records does not match. (+X >points) >On the other side the test should pass only if the from-domain was also >found in the sd.txt file and the corresponding REVDNS- records does >match. (-X points) If the sd.txt file doesn't contain the sender-domain >the test should be ignored completely (0 points) The problem here is that instead of having a test with 2 results (pass/fail), you've got a test with 3 results (pass/fail/unknown). That would require a major change to the Declude architecture to handle. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
