It is known that AOL, Hotmail and Yahoo will often fail NOABUSE, NOPOSTMASTER and REVDNS, as they are not setup nor do they care.
John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Thursday, September 04, 2003 1:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives positives It's just you :) The From address is often forged. The address that matters the most is the server from which the E-mail came, which is listed in the top of the headers, i.e. Received: from declude.com [24.107.232.14] by igaia.com with ESMTP (SMTPD32-7.13) id A78F250118; Thu, 04 Sep 2003 15:50:39 -0400 The information in that line in the messages you receive is what is responsible for tripping most of the tests you indicated (real AOL trips NOPOSTMASTER for instance). If you reverse lookup the IPs that you find there, my bet is that they won't match the domains of the From addresses they are using. The software and your filters are actually doing their job very well if those messages are failing. Matt Paul Hung wrote: Has anyone found that AOL, Hotmail, and Yahoo.com addresses have been failing on the following tests: helobogus, nopostmaster, noabuse, revdns These e-mails usually fail these four tests, and thus trigger my Weight10 rule. I performed a reverse DNS lookup on several of the IP addresses and found that there was no entry for reverse DNS. Any ideas? Is it just me? - Paul --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.