Re: [Declude.JunkMail] Another very effective filter test

[Matthew Bramble]

You should exclude your backup MX servers.  This follows along the lines of using IS instead of CONTAINS or ENDSWITH.  It's better IMO to have the test not score known exclusions along with spoofers of those known exclusions rather than just applying a score to anything.  I'm scoring at 70% of my fail weight, and the only reason that I don't score higher is because of things like firewalls which people set up sometimes to use the hosted domain in their HELO.  Some Web site mailers can also be improperly configured this way.  I might still raise it though and let my customers complain when they set up an offending device or piece of software.  Non-customers should never be doing this, and so it's safe to fail them automatically. Matt John Tolmachoff (Lists) wrote: But then that would cause a problem as I believe Karen had pointed out of when you have a backup MX that sends to the primary.   Then again, 7 is only about 1/3 of my hold weight.   John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Thursday, September 25, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Another very effective filter test   Matt, what the spammers do is use the names that are listed as you mx records as their helo name, so if your domain is abc.com, but you have your mx records setup as mx1.abc.com and mx2.abc.com, then you will either want to use:   HELO     0    IS    mx1.abc.com HELO     0    IS    mx2.abc.com   or   HELO     0   CONTAINS    abc.com   Bill