It is known that AOL, Hotmail and Yahoo will often fail NOABUSE, NOPOSTMASTER and REVDNS, as they are not setup nor do they care.
John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Thursday, September 04, 2003 1:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives positives It's just you :) The From address is often forged.� The address that matters the most is the server from which the E-mail came, which is listed in the top of the headers, i.e. Received: from declude.com [24.107.232.14] by igaia.com with ESMTP (SMTPD32-7.13) id A78F250118; Thu, 04 Sep 2003 15:50:39 -0400 The information in that line in the messages you receive is what is responsible for tripping most of the tests you indicated (real AOL trips NOPOSTMASTER for instance).� If you reverse lookup the IPs that you find there, my bet is that they won't match the domains of the From addresses they are using.� The software and your filters are actually doing their job very well if those messages are failing. Matt Paul Hung wrote: Has anyone found that AOL, Hotmail, and Yahoo.com addresses have been failing on the following tests: �helobogus, nopostmaster, noabuse, revdns These e-mails usually fail these four tests, and thus trigger my Weight10 rule. �I performed a reverse DNS lookup on several of the IP addresses and found that there was no entry for reverse DNS. Any ideas? �Is it just me? - Paul --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
