Goran, I have consistently found that providers that handle mail for other companies are reliable enough that I can merely counterweight their IP. I hardly ever trust their reverse DNS, and even less often the HELO.
I have a last resort test where I have a mixed bag of counterweights. Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Goran Jovanovic > Sent: Thursday, September 08, 2005 8:33 AM > To: [email protected] > Subject: [Declude.JunkMail] How to credit a domain > > Hi all, > > I get messages like this all the time and I am always in a > dilemma on what to do about them. This is a legit mail that > scored 10 (where I start tagging mail). > > -------------------------------------------------------------- > ---------- > - > Received: from mx.dstsystems.com [204.167.177.68] by > mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id > AAD8195300F2; Wed, 07 Sep 2005 15:09:12 -0400 > > X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has no MX > or A records [0301]. > > X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68] > > X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com > ([204.167.177.68]). > > X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], > NOLEGITCONTENT [0], SIZE-S [0] > -------------------------------------------------------------- > ---------- > - > > So this mail came from domain dstsystems.com on the IP > 204.167.177.68 but it is from domain ifdsgroup.com. Now my > preferred method of dealing with this type of problem is to > credit based on REVDNS. Again in this case there is a good > REVDNS but it is not from the same domain as the MAILFROM (if > it was then I would have no problem in crediting the REVDNS). > > So is there a way to figure out if dstsystems.com is a e-mail > hosting company and then I would not want to credit the > REVDNS as I do not know what other domains they host. > > If I cannot figure out the link then I would not credit > REVDNS and would move to step 2. Credit HELO. HELOs can be > spoofed but in this case the HELO is basically the same as the REVDNS. > > Next step is crediting MAILFROM. This I can do with the > ifdsgroup.com and lower the score for e-mail from this > domain. Again it can be spoofed but ... > > I would prefer to credit REVDNS as that cannot be spoofed but > I am leery of crediting an "unknown" domain when it does not > relate to the MAILFROM address. > > Any thoughts on how (if possible) to connect the two domains? > Or do I simply drop down to option 3 and credit MAILFROM? I > suppose that I could try and figure out the admin responsible > for dstsystems.com and tell them to fix the HELOBOGUS error > in which case my problems would (mostly) go away. > > Any thoughts and comments are appreciated. > > Thanks > > > Goran Jovanovic > The LAN Shoppe > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
