My personal oppioion is that ISP's, government agencies, Technology companies should be held to a higher standard than the average business. If they are not following standards then they should be held for review. They can be comprimized by zombies just like everyone else.
After reviwing the held messages then notify the admin of the problem. I think part of the problem with false positives are the people finding the misconfigurations are modifying their rule sets to accomidate the failure of other mail admins to configure their systems correctly. When they should be notifying them of their problems so they can fix them. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Goran Jovanovic > Sent: Tuesday, April 20, 2004 8:11 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] US Treasury cannot do it right? > > > OK if I am right the US Treasury Department needs help! > > They identified themselves as 10.0.7.238 instead of a > host.domain !!?? This is very bad. > > There is a REVDNS for the sending IP > 66.77.65.238 PTR record: lists.qai.irs.gov > > What am I asking here? Perhaps it is just amazement that the > e-mail got out like this. I suppose there is nothing that we > can do from this end except build enough room in our tests to > prevent legit stuff from getting caught. > > The more I look into this SPAM stuff the scarier it gets..... > > --------------------------------------------------------------------- > > Received: from 10.0.7.238 [66.77.65.238] by tlsonline.com > (SMTPD32-8.10 ) id A63E11DB00DA; Tue, 20 Apr 2004 12:56:30 -0400 > Date: Tue, 20 Apr 2004 12:55:42 -0400 (EDT) > Message-Id: > <[EMAIL PROTECTED] > ts.treas.g > ov> > From: US Treasury Release: News <[EMAIL PROTECTED]> > To: "US Treasury Release: News" <[EMAIL PROTECTED]> > Subject: [US Treasury] Treasury and IRS Address Foreign Tax > Credit, Partnership Transactions > List-Unsubscribe: <mailto:[EMAIL PROTECTED]> > List-Subscribe: <mailto:[EMAIL PROTECTED]> > Reply-To: US Treasury Release: News <[EMAIL PROTECTED]> > X-Message-Id: <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]" > X-RBL-Warning: HELOBOGUS: Domain 10.0.7.238 has no MX or A > records [0301]. > X-RBL-Warning: IPNOTINMX: > X-RBL-Warning: NOLEGITCONTENT: No content unique to > legitimate E-mail detected. > X-Declude-Sender: [EMAIL PROTECTED] > [66.77.65.238] > X-Declude-Spoolname: D563e11db00dae005.SMD > X-Note: This E-mail was sent from lists.qai.irs.gov ([66.77.65.238]). > X-Spam-Tests-Failed: NOABUSE, HELOBOGUS, IPNOTINMX, > NOLEGITCONTENT, HELOISIP, HELOISIPX [7] > X-Note: This E-mail was scanned by Declude JunkMail > (www.declude.com) for spam. > X-Note: Total spam weight of this E-mail is 7. > X-Country-Chain: > Organization: The LAN Shoppe > > > > Goran Jovanovic > The LAN Shoppe > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
