Re: [Declude.JunkMail] Null Sender and NDRs

Tue, 15 Jun 2004 16:24:58 -0700 

If a message fails sniffer and has a mailfrom of <>, I give it additional points:

mailfrom-null-sender.txt:
MAILFROM        24      CONTAINS        <>
MAILFROM        1       STARTSWITH      MAILER-DAEMON@

Sniffer-combo.txt:
TESTSFAILED     END     CONTAINS        SNIFFER-NOTFOUND
TESTSFAILED     END     CONTAINS        SNIFFER-GREYMAIL
TESTSFAILED     0       CONTAINS        SNIFFER-TRAVEL
TESTSFAILED     0       CONTAINS        SNIFFER-INSURANCE
TESTSFAILED     0       CONTAINS        SNIFFER-AV-PUSH
TESTSFAILED     0       CONTAINS        SNIFFER-WAREZ
TESTSFAILED     0       CONTAINS        SNIFFER-SPAMWARE
TESTSFAILED     0       CONTAINS        SNIFFER-SNAKEOIL
TESTSFAILED     0       CONTAINS        SNIFFER-SCAMS
TESTSFAILED     0       CONTAINS        SNIFFER-PORN
TESTSFAILED     0       CONTAINS        SNIFFER-MALWARE
TESTSFAILED     0       CONTAINS        SNIFFER-ADVERTISING
TESTSFAILED     0       CONTAINS        SNIFFER-SCHEMES
TESTSFAILED     0       CONTAINS        SNIFFER-CREDIT
TESTSFAILED     0       CONTAINS        SNIFFER-GAMBLING
TESTSFAILED     0       CONTAINS        SNIFFER-OBFUSCATION
TESTSFAILED     0       CONTAINS        SNIFFER-EXPERIMENTAL
TESTSFAILED     0       CONTAINS        SNIFFER-GENERAL

combo-nulll-sniffer.txt:
TESTSFAILED     END     NOTCONTAINS     SNIFFER-COMBO
TESTSFAILED     120     CONTAINS        MAILFROM-NULL-SENDER


Scott Fisher
Director of IT
Farm Progress Companies

>>> [EMAIL PROTECTED] 06/15/04 05:34PM >>>



 
     Goran Jovanovic
     The LAN Shoppe
One of my clients is getting hammered big time with NULL MAILFROM. They
are all NDRs from all over the place. Yesterday 56% of his mail was NDRs

Total Messages: 3009

TEST                     # FAILED   Percentage
NULLMAILFROM.................1680.......55.83%

I had originally thought that punishing NULL senders would help with
some SPAM messages that I saw coming in but how can you deal with this?

I would want to let legitimate NDRs in but not these

The NDRs are bouncing back to users like [EMAIL PROTECTED] and other such
fictitious addresses. This domain is not a local IMail domain but rather
a gateway domain so I have no way of checking against a userlist.

Any thoughts?

Thanx

Goran 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to