Re: [Declude.JunkMail] Another very effective filter test

[Matthew Bramble]

That's definitely something that I will continue to consider if I start to see it happening.  Right now I prefer it without so that it doesn't tag (but not score) the known exclusions, which at least makes testing easier for me.  It also protects from customers that manage their own DNS from setting up things with sub-domains that can send mail and fail this test.  For instance, if they need to apply a hostname to a firewall for SMTP purposes, I would recommend that they use a sub-domain instead of something else that might be invalid.  I also have so many filters running now that can get hit but not score that determining what exactly happened is increasingly difficult.  Others might have none of these issues, in which case what you suggested is much simpler and has the potential of being more effective. Matt Bill Landry wrote: Maybe so, but why exclude yourself to flagging other forged combinations of your hostname/domain name?  I would still suggest using either CONTAINS or ENDSWITH so that you can catch all of the various combinations that spammers might use.   Bill ----- Original Message ----- From: Matthew Bramble To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 12:22 PM Subject: Re: [Declude.JunkMail] Another very effective filter test Bill, The first example is what I did.  BTW, I have found from monitoring that most (all so far) spammers just simply use what appears after the @ symbol instead of having something lookup the MX every time. Matt Bill Landry wrote: Matt, what the spammers do is use the names that are listed as you mx records as their helo name, so if your domain is abc.com, but you have your mx records setup as mx1.abc.com and mx2.abc.com, then you will either want to use:   HELO     0    IS    mx1.abc.com HELO     0    IS    mx2.abc.com   or   HELO     0   CONTAINS    abc.com   Bill