When I first heard about the SPAMDOMAINS test and was starting to get a grasp of how it worked, I was thinking that its main purpose was to pay special attention to very common and well-known domains which are also commonly used as the sender during the SMTP conversation. Domain names like YAHOO.COM, AOL.COM, MSN.COM, EARTHLINK.NET, etc.
That's correct.
These are pretty well known domain names that a lot of spammers tend to use. I figured you'd add those types of domains to your SpamDomains.txt file, making sure to add any other servers that legit mail from those domain names come from, e.g. HOTMAIL.COM -> MSN.COM.
Correct.
But as I've been working with it and looking at its results I'm sort of coming to a different realization. In addition to the "big name" domains as I mentioned in the last paragraph isn't any domain which is ever used the Sender of a spam message a legitimate candidate for inclusion in the SpamDomains.txt list? For example, when I browse the spam with SpamReview. I see a lot of domains like SUPERSTORESPECIALS.COM, POSTALMANAGER.COM, PARA3DS.COM and others. Hardly anyone on the Internet knows about these domain names yet they are attached to quite a lot of the spam. Aren't those good candidates for SPAMDOMAINS as well.
Yes, those would probably be good candidates as well. The only thing you need to be careful of is that you don't catch legitimate E-mail from those domains. If those domains could send legitimate E-mail, it may not come from an IP that has their domain in the reverse DNS entry (lots of legitimate E-mail is sent from IPs that have a reverse DNS entry that doesn't correspond to the sender).
And I think there might be another added benefit. When someone is sending e-mail to you and they are using your own address as the sending address (which I've been seeing a lot of lately), e.g. NEXUSTECHGROUP.COM. I know that I have control over my mail servers and I can put up whatever Reverse DNS entries that I want. So if I get a message from NEXUSTECHGROUP.COM by having my own domains on the SPAMDOMAINS list I'm ensuring they can't use that technique either.
That works very well (assuming that legitimate users of your domains won't be sending E-mail from IPs that don't belong to you).
What I'm thinking about doing is adding any domain which shows up in SpamReview, assuming it's not a false positive, to my SpamDomains.txt list. I realize I might catch a little legit e-mail at first but as long as I stay on top of the "legit" aliases shouldn't SPAMDOMAINS by itself make great strides in eliminating spam regardless of the other tests I have active. Is there any reason I wouldn't want to have a lot of domains on my SpamDomains.txt list? Would that add too much load to the system? Am I just reading too much into the powerfullness of this test?
If you do this, you will likely end up with some false positives. However, adding a domain to the SPAMDOMAINS test is a safer than adding it to a blacklist (since the SPAMDOMAINS test can allow a lot of legitimate mail from listed domains to get through).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
