Darrel,
Check out the pointer records for ScotiaCapital.com. This is where I get
the mail from
Answer:
199.188.32.23 PTR record: mail2.sdbi.com. [TTL 86400s] [A=199.188.32.23]
199.188.32.23 PTR record: mail2.sdbi.ca. [TTL 86400s] [BAD: No A record]
199.188.32.23 PTR record: mail.scotiacapital.com. [TTL 86400s]
[A=199.188.32.23, 199.188.32.22]
199.188.32.23 PTR record: mail2.scotiacapital.com. [TTL 86400s]
[A=199.188.32.23]
199.188.32.23 PTR record: mail2.scotiacapital.co.uk. [TTL 86400s]
[A=199.188.32.23]
199.188.32.23 PTR record: mail2.scotiacapital.net. [TTL 86400s]
[A=199.188.32.23]
199.188.32.23 PTR record: mail2.scotiacapital.org. [TTL 86400s]
[A=199.188.32.23]
199.188.32.23 PTR record: mail2.scotiacapital.ca. [TTL 86400s]
[A=199.188.32.23]
199.188.32.23 PTR record: mail.scotiacapitaux.com. [TTL 86400s]
[A=199.188.32.23, 199.188.32.22]
199.188.32.23 PTR record: mail2.scotiacapitaux.com. [TTL 86400s]
[A=199.188.32.23]
199.188.32.23 PTR record: mail.scotiacapitaux.ca. [TTL 86400s]
[A=199.188.32.22, 199.188.32.23]
199.188.32.23 PTR record: mail2.scotiacapitaux.ca. [TTL 86400s]
[A=199.188.32.23]
What would you do here? List them all? This is a pain!
Goran Jovanovic
The LAN Shoppe
2345 Yonge Street, Suite 302
Toronto, Ontario M4P 2E5
Phone: (416) 440-1167 x-2113
Cell: (416) 931-0688
E-Mail: [EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED])
> Sent: Saturday, February 12, 2005 4:45 PM
> To: [email protected]
> Subject: Re: [Declude.JunkMail] Thoughts on Filtering/Whitelisting
>
> Goran,
>
> I actually use reverse dns filters to address stuff like this. It
allows
> them (remote domain) to move to new IP addresses and as long as they
keep
> up
> their PTR we are all set.
>
> REVDNS -30 ENDSWITH .ipswitch.com
>
> Darrell
>
> -------------------------------------------
> Check out http://www.invariantsystems.com for utilities for Declude
And
> Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration,
> MRTG
> Integration, and Log Parsers.
> ----- Original Message -----
> From: "Goran Jovanovic" <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Saturday, February 12, 2005 4:11 PM
> Subject: [Declude.JunkMail] Thoughts on Filtering/Whitelisting
>
>
> Hi all,
>
> I have a Nigerian SCAM filter (from Kami) which has a test for
>
> solicitation of an offer
>
> and weights it at 20.
>
> Now it turns out that Scotia Capital has a disclaimer on all their
> outgoing e-mail with that phrase in it. So I see that I have a couple
of
> options and I am not really sure what would be best.
>
> 1) I could remove the phrase from the Nigerian filter. This would
solve
> the Scotia Capital problem but perhaps let through Nigerian scam
> letters.
>
> 2) Leave the filter in but credit a HELO -20 CONTAINS
ScotiaCapital.com
>
> 3) Create a global whitelist that all my domains would look at and put
> @ScotiaCapital.com in the whitelist file. Obviously this would open my
> domains up to spoofed e-mail/spam
>
> 4) I suppose I could whitelist the IP address but that would leave me
> managing IP addresses and if they changed then my whitelisting would
> break.
>
> I would be tempted to implement #1 as it is simple but I could let
> unknown amounts of SPAM through based on that phrase.
>
> #2 looks good and this process could be extended to other domains that
> are mis-configured and fail HELOBOGUS etc.
>
> #3 will allow me to start applying "whitelist" requests from one
domain
> to all domains if they are legitimate requests. There is a government
> list that already is in 2 domain's whitelists as both are accountants.
>
> #4 is not very appealing to me as the IP can change at any time
>
> So does anyone have another way to do this or would you pick options
1,
> 2, 3, or 4 and why.
>
> Thanx
>
>
> Goran Jovanovic
> The LAN Shoppe
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
