http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&config=declude_junkmail_declude_com&restrict=&exclude=&words=spamdomains.txt
There seem to be two primary schools of thought also with this test. One is to limit the test to just those domains that people commonly forged, i.e. yahoo.com, hotmail.com, aol.com, etc. Another seems to be to extend the file to include many popular domains, many of which aren't commonly forged.
I personally see a slightly increased potential for problems with the second method because it raises the chance that a new mail server domain will start being used and therefore scored improperly by the test. In one of the posts, Dan recommended splitting into two tests, one being "spammier" domains where he put the biggest problem domains in and scored it higher.
This whole discussion also about VERP (reference to Bill) and forging also clues in on a potential source of false positives from the commonly used SPAMDOMAINS configuration. There are definitely legitimate senders that use VERP. Because the filter works as a MAILFROM CONTAINS compared to REVDNS CONTAINS, so you have to watch out for partial matches. I have a customer that has his attbi.com E-mail forwarded to his account on my server, and any legit stuff that uses VERP method and includes one of these domains would trip the test. It seems that some of these free E-mail providers are now allowing messages to be forwarded. I'm not sure what happens to the MAILFROM (X-Declude-Sender) when a message is forwarded though, if it changes, the FP problem wouldn't exist.
I would suggest looking at the possibility of modifying the list of domains to have @ symbols before the domains that you are matching because VERP that lists the receiver's domain in the address can't have more than one @ symbol, and that would potentially cut down on FP's and allow you to score the filter very high. Here's an example of what I'm talking about:
@yahoo. .yahoo.
I've yet to test any of this out though, so maybe some others can clarify any potential issues or suggest a method better than what I have stated.
Matt
Eje Gustafsson wrote:
Talking about SPAMDOMAINS anyone have a list they would like to share with me (on or offlist). I just setup this test and put in the ones I could THINK of of top of my head (yahoo, msn, hotmail and a couple of others) but my list was no more then about 10-12 before I ran out of domains I could think of that I know was commonly used..
Best regards,
Eje "Aya" Gustafsson mailto:[EMAIL PROTECTED]
The Family Entertainment Network http://www.fament.com
Phone : 620-231-7777 Fax : 240-376-7272
- Your Full Time Professionals -
Online Store http://www.wisp-router.com/
MikroTik, Star-OS, PACWireless, EnGenius, RF Industries
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
