Be careful blocking solely on RDNS and HELOBOGUS. There are many legitimate mail servers out there with ignorant DNS admins. We are lucky to have Scott, Len (on the Imail list), and DNS Stuff/Report. I have taken the approach to attempt to enlighten them with the following email. Because my users recover their own email it make doing this easier.
------------------------ Hi, I am Kevin Bilbee the Network Administrator at Standard Abrasives. We are having some issues receiving email from your mail server. I would appreciate it if you could help me out. Your mail server is missing a few DNS entries that are required to validate that email is coming from your server and not someone pretending to be you. About 60% of the mail coming into our server is unsolicited (SPAM) so being able to identify legitimate email is important to us. These items are outlined below. X-RBL-Warning: HELOBOGUS: Domain acsmail1.amas.nl has no MX or A records. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 194.151.97.18 with no reverse DNS entry. This is the link to the Internet Engineering Task Force site and the RFC for Common DNS Operational and Configuration Errors section 2.1. It discusses DNS and common configuration errors pertaining to mail servers. http://www.ietf.org/rfc/rfc1912.txt?number=1912 If you could forward this to your IT department or send me contact information for them, I would appreciate it. Mail from your server is not lost, it is delayed 1 day while waiting for review. If it is found to not be spam, the recipient has the option to recover the message. If they do not recover it in 14 days, it is purged from the system. I understand that mail from your server is not spam and is legitimate business email. But our spam filter cannot make that determination unless the above so human intervention is involved to complete delivery to the final recipient. After my signiture is a message with the full headers for you to review. Thank you for your assistance in this matter, Kevin Bilbee Network Administrator Standard Abrasives, Inc. ---------------------------- I have had great results in getting legitimate admins to fix there setups my biggest problem is with admins in China and admins that think it is a security risk for their firewall to have these entries. I also had our international department review the email so as not offend people in other countries with harsh language. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Joshua Levitsky > Sent: Friday, July 18, 2003 3:29 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] DNS Test? > > > Think of the companies that offer spammers a haven. If you could block > everything hosted by that ISP it would be wicked nice. There's no > end to the > mail servers these bastards can setup, but registered DNS servers > is a whole > other story. I don't take mail if there's no PTR, and the HELO has no A > record so these people spamming me have to use DNS servers which > are harder > to switch constantly because it takes 24 - 48 hours for that stuff to > change. > > -Josh > > ----- Original Message ----- > From: "Rifat Levis" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, July 18, 2003 6:08 PM > Subject: Re: [Declude.JunkMail] DNS Test? > > > > It is seems like a intersting test , but it will do more harm to ISP , > > I am just thinking my case , having more than thousands domains. > > If 1 of those domains start doing a spam , thousands of others will have > > problems. > > The isp mail servers also . > > > > Adding a small weight can do the job :) > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
