> Is there any reason I wouldn't want to have a > lot of domains on my SpamDomains.txt list? Would that add > too much load to the system? Am I just reading too much into > the powerfullness of this test?
Don't forget people that has running their own few mailboxes as one of multiple virtual hosts on the ISPs mailserver. There can be a lot of different domains/hosts on one single IP but this IP can have only one single REVDNS entry. All this virtual hosts will fail the spamdomains test if the domain is listed in the spamdomains file. This test will only work if the sender-domain is contained in the REVDNS entry of all IP's where a legit message can came from. Don't forget also that there can be legit messages send from another IP. For example someone has configured his own email address [EMAIL PROTECTED] in his mail client but connects to the smtp-server of his current dialup-provider. If this smtp-server don't has implemented a mechanism to deny unfamiliar sender addresses this message can come to your server from an IP-Address with an REVDNS-entry that has nothing todo with yahoo.com. (and will fail the test) So I recommend to not overvaluate this test. It helps a lot (like nearly all other test) in a weighting system. My opinion is that we can work in the other direction and give a negative weight if the right part of sender-domain, helo-message and revdns-entry is the same. For example a message from [EMAIL PROTECTED] sent from an host greeting with EHLO mail.domain.com and having an REVDNS-entry smtp1.domain.com seems to be a legit source, a good configured mail system and should receive negative points because a spammer has to comply with a lot of things before he can earn this negative points. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
