One would suspect if they have PTR's setup for all their customer's IP's
like other providers.
Example:
customer1-xx-xx-xx-xx.dtsystems.com
This way you may not get killed by a customer IP infected with a trojan
since you are only reverse weighting the mail server IP.
Darrell
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
----- Original Message -----
From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, September 08, 2005 12:21 PM
Subject: RE: [Declude.JunkMail] How to credit a domain
Andrew,
Why would you counterweight their IP and not the REVDNS? It seems that
it is basically the same thing?
Goran Jovanovic
The LAN Shoppe
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Thursday, September 08, 2005 11:52 AM
To: [email protected]
Subject: RE: [Declude.JunkMail] How to credit a domain
Goran, I have consistently found that providers that handle mail for
other companies are reliable enough that I can merely counterweight
their IP. I hardly ever trust their reverse DNS, and even less often
the HELO.
I have a last resort test where I have a mixed bag of counterweights.
Andrew 8)
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Goran Jovanovic
> Sent: Thursday, September 08, 2005 8:33 AM
> To: [email protected]
> Subject: [Declude.JunkMail] How to credit a domain
>
> Hi all,
>
> I get messages like this all the time and I am always in a
> dilemma on what to do about them. This is a legit mail that
> scored 10 (where I start tagging mail).
>
> --------------------------------------------------------------
> ----------
> -
> Received: from mx.dstsystems.com [204.167.177.68] by
> mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id
> AAD8195300F2; Wed, 07 Sep 2005 15:09:12 -0400
>
> X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has no MX
> or A records [0301].
>
> X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68]
>
> X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com
> ([204.167.177.68]).
>
> X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5],
> NOLEGITCONTENT [0], SIZE-S [0]
> --------------------------------------------------------------
> ----------
> -
>
> So this mail came from domain dstsystems.com on the IP
> 204.167.177.68 but it is from domain ifdsgroup.com. Now my
> preferred method of dealing with this type of problem is to
> credit based on REVDNS. Again in this case there is a good
> REVDNS but it is not from the same domain as the MAILFROM (if
> it was then I would have no problem in crediting the REVDNS).
>
> So is there a way to figure out if dstsystems.com is a e-mail
> hosting company and then I would not want to credit the
> REVDNS as I do not know what other domains they host.
>
> If I cannot figure out the link then I would not credit
> REVDNS and would move to step 2. Credit HELO. HELOs can be
> spoofed but in this case the HELO is basically the same as the
REVDNS.
>
> Next step is crediting MAILFROM. This I can do with the
> ifdsgroup.com and lower the score for e-mail from this
> domain. Again it can be spoofed but ...
>
> I would prefer to credit REVDNS as that cannot be spoofed but
> I am leery of crediting an "unknown" domain when it does not
> relate to the MAILFROM address.
>
> Any thoughts on how (if possible) to connect the two domains?
> Or do I simply drop down to option 3 and credit MAILFROM? I
> suppose that I could try and figure out the admin responsible
> for dstsystems.com and tell them to fix the HELOBOGUS error
> in which case my problems would (mostly) go away.
>
> Any thoughts and comments are appreciated.
>
> Thanks
>
>
> Goran Jovanovic
> The LAN Shoppe
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be
> found at http://www.mail-archive.com.
>
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
