I took note that the MAILFROM test was changed in version 1.68 to fail on the FQDN, and maybe something else recently happened also, I'm not sure. I've been noticing one to two new false positive senders recently though from mostly larger companies, sending E-mail from addresses on sub-domains that have been failing. At least one of these it turns out, while it doesn't have an A record for the sub-domain, does have an MX record for the sub-domain:
[EMAIL PROTECTED]
The problem here is that the domain has extremely serious DNS problems. Specifically, if you go to http://www.dnsstuff.com/tools/lookup.ch?name=news.stephenking.com&type=MX and http://www.dnsstuff.com/tools/lookup.ch?name=news.stephenking.com&type=A and hit refresh a couple times, you'll see that they have 2 DNS servers (ns1.mediatemple.net and ns2.mediatemple.net). One reports an MX record, the other reports that there are none. One reports that there are no A records, the other reports one.
So if your DNS server hits the wrong ones at the wrong times, the E-mail will fail the MAILFROM test.
I did note while verifying this a second time just a moment ago, the first try resulted in a time out on my local client when checking the MX record. Timeouts are of course a standard occurrence, and it would be best if a match was not returned when checking a sub-domain for an MX if that is in fact what is happening. It would be nice not to mix a very reliable test, domain.tld exists, with a less reliable test, A or MX record exists, because then it's only practical to score according to the least reliable set of results.
The test will only fail if the domain has no MX or A records, and will not fail if a timeout occurs.
In this case, it is appropriate that the E-mail fail, since news.stephenking.com has no MX or A records, per some of their DNS servers.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
