Re: [Declude.JunkMail] A slight increase in spam not getting caught thanks to Network Solutions thanks to Network Solutions

Wed, 17 Sep 2003 12:08:24 -0700

False positives will come from users that misspell their domain name in their mail client. I have had that happen. There are also lots of forms being used on Web sites that take the user's input and construct a message using their address as the From in order to facilitate replies, and I can tell you from experience that lots of these people screw up (especially AOL users). I'm not sure if blocking on this one test is advisable in that instance, probably more so depends on your user base and whether you think it's appropriate to block mail from people that make mistakes in spelling, but otherwise don't have problems. I think HELOBOGUS also picks up on the misspellings (too busy to verify at the moment).

Because of this, I'm playing it conservatively for the time being. Same goes for MAILFROM.

Matt


Joshua Levitsky wrote:


On Sep 17, 2003, at 12:17 PM, Sheldon Koehler wrote:

Scott,

Will adding 64.94.110.0/24 to the ipfile block these?

BLACKLISTIP ipfile D:\IMail\Declude\ipfile.txt x 20


Bill posted this in response to my posting about being able to use this...

Below is the right hand side test you can use that Bill posted. It has a score of 1 but from my testing I have found I can give it a test of 20 which is what I fail on and I have had no false positives. I check everything that gets filtered by routing various mail to IMAP folders and then sifting through it.

VERISCAM rhsbl . 64.94.110.11 1 0

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.



--
===================================================
Matthew S. Bramble
President and Technical Coordinator
iGaia Incorporated, Operator of NYcars.com
---------------------------------------------------
Office Phone: (518) 862-9042
Fax: (518) 862-9044
E-mail: [EMAIL PROTECTED] or [EMAIL PROTECTED]
===================================================


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to