I took note that the MAILFROM test was changed in version 1.68 to fail on the FQDN, and maybe something else recently happened also, I'm not sure. I've been noticing one to two new false positive senders recently though from mostly larger companies, sending E-mail from addresses on sub-domains that have been failing. At least one of these it turns out, while it doesn't have an A record for the sub-domain, does have an MX record for the sub-domain:
[EMAIL PROTECTED]
I did note while verifying this a second time just a moment ago, the first try resulted in a time out on my local client when checking the MX record. Timeouts are of course a standard occurrence, and it would be best if a match was not returned when checking a sub-domain for an MX if that is in fact what is happening. It would be nice not to mix a very reliable test, domain.tld exists, with a less reliable test, A or MX record exists, because then it's only practical to score according to the least reliable set of results. I have noted that on other hits that were false positives for spam, most of these also fail HELOBOGUS for a double whammy, so the net result is punishing them twice for the same mistake on their end. The HELOBOGUS thing wasn't an issue with this one, but it is typically seen with those failing MAILFROM and trapped by my server with neither an A record or MX record exists, but the domain.tld does.
Would you please look into how that FQDN could have failed MAILFROM, and also consider maybe breaking out the sub-domain into a different test so that it can be scored differently (lower) since it is less reliable.
Thanks,
Matt
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
