RE: [Declude.JunkMail] Integrity Checker

[Kami Razvan]

Hi JD:   In my opinion the more tests we have the less false positives we will have since we can reduce the high weight for some of our other tests.   What I find interesting is our spam is no longer failing with borderline weights.  As we have added more and more tests a spam fails with much higher weight and those that are borderline (we hold on 20) have a higher probability to be false positives.   One example of a test that at first we found to be a great test but over time we have reduced its weight to 5 is REVDNS.  More and more legitimate mail fails that test.  So if we can come up with tests that can trigger spam and yet with reverse tests negate the ones we know our chances of success increases.   What triggered this was getting a porn email where HELO was .Microsoft.com.  Can we ever imagine eBay sending an email where HELO is eBay but REVDNS is EarthLink or a DSL?   For example:   Domain    REVDNS    HELO    (perhaps even IP range)   this will work best with such companies as eBay, Microsoft, Amazon, etc.   So if a REVDNS comes up that does not match the domain or HELO then it gets a certain weight.   it should be easy to implement...   Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J.D. Springer Sent: Saturday, October 11, 2003 11:08 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Integrity Checker Kami: I think this is a good idea in concept, but could produce a lot false positives if not used carefully. For example: When I travel, I have to use mail.earthlink.net as my SMTP server. Some airlines send out reservation confirmations from servers that are not theirs. J.D. Kami Razvan wrote: Hi;   I wonder if a test could be setup that checks for the integrity of the email.  For example:   === X-Declude-Sender: [EMAIL PROTECTED] [67.121.210.25] X-Declude-Spoolname: D17aa0bbd0062ac07.SMD X-Note: This E-mail was scanned & filtered by Declude [1.76i5] for SPAM & virus. X-Weight: 13 X-Hello: microsoft.com ===   Why should @gundamfan.com have a HELO of microsoft.com?   Perhaps an extension of SPAMDOMAINS where one could specify the email and the REVDNS could also be extended to HELO.  So HELO of Micorosoft.com should only be allowed if REVDNS is also Microsoft and email is Microsoft.com.   Or can we do this already?   Regards, Kami --- [This E-mail scanned for viruses by Declude Virus at MAILER.DB2Consulting.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.