Oop, there was one other thing. I try to avoid the temptation of counterweighting a fragment of their reverse DNS.
For example, if there were a ComCast.net mailhost problem that I wanted to counterweight, it would be tempting to add: REVDNS -100 ENDSWITH ComCast.net Which would accomplish the goal, but that the same time as letting in a tidal wave of spam from zombies on their cable subscriber network! That all being said, I also have a very few Declude PRO filter text files that accomplish counterweighting for problematic domains that need help to get their mail through my setup, but whose complexity to keep the spam out preclude it from going in my mixed bag of counterweights. Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Colbeck, Andrew > Sent: Thursday, September 08, 2005 9:31 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] How to credit a domain > > Hi, Goran. > > I like to counterweight based on their IP for a couple of > reasons. The first is that if their administration is not up > to par (so that I have to counterweight them), the odds are > good that their revdns is flawed or that their DNS is subject > to timeouts. > > I also find that, as a practical matter, a company is as > likely to change their IP as their revdns so neither is more > "stable" than the other. > > Third, a lot of the companies with this kind of problem also > fail REVDNS anyway! > > Last, larger companies can sometimes easily be spotted in > SenderBase.org as having all of their mailhosts on a small > subnet and I can use a REMOTEIP CIDR mask. > > Andrew 8) > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Goran > > Jovanovic > > Sent: Thursday, September 08, 2005 9:22 AM > > To: [email protected] > > Subject: RE: [Declude.JunkMail] How to credit a domain > > > > Andrew, > > > > Why would you counterweight their IP and not the REVDNS? It > seems that > > it is basically the same thing? > > > > > > Goran Jovanovic > > The LAN Shoppe > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > [mailto:Declude.JunkMail- > > > [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > > > Sent: Thursday, September 08, 2005 11:52 AM > > > To: [email protected] > > > Subject: RE: [Declude.JunkMail] How to credit a domain > > > > > > Goran, I have consistently found that providers that handle > > mail for > > > other companies are reliable enough that I can merely > counterweight > > > their IP. I hardly ever trust their reverse DNS, and even > > less often > > > the HELO. > > > > > > I have a last resort test where I have a mixed bag of > > counterweights. > > > > > > Andrew 8) > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf Of Goran > > > > Jovanovic > > > > Sent: Thursday, September 08, 2005 8:33 AM > > > > To: [email protected] > > > > Subject: [Declude.JunkMail] How to credit a domain > > > > > > > > Hi all, > > > > > > > > I get messages like this all the time and I am always in > > a dilemma > > > > on what to do about them. This is a legit mail that > > scored 10 (where > > > > I start tagging mail). > > > > > > > > -------------------------------------------------------------- > > > > ---------- > > > > - > > > > Received: from mx.dstsystems.com [204.167.177.68] by > > > > mail1.gonetworks.net with ESMTP (SMTPD32-8.13) id > > AAD8195300F2; Wed, > > > > 07 Sep 2005 15:09:12 -0400 > > > > > > > > X-RBL-Warning: HELOBOGUS: Domain mx.dstsystems.com has > no MX or A > > > > records [0301]. > > > > > > > > X-Declude-Sender: [EMAIL PROTECTED] [204.167.177.68] > > > > > > > > X-Note: Reverse DNS: Sent from dstsys-cp.dstsystems.com > > > > ([204.167.177.68]). > > > > > > > > X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], > NOLEGITCONTENT > > > > [0], SIZE-S [0] > > > > -------------------------------------------------------------- > > > > ---------- > > > > - > > > > > > > > So this mail came from domain dstsystems.com on the IP > > > > 204.167.177.68 but it is from domain ifdsgroup.com. Now > > my preferred > > > > method of dealing with this type of problem is to > credit based on > > > > REVDNS. Again in this case there is a good REVDNS but it > > is not from > > > > the same domain as the MAILFROM (if it was then I would have no > > > > problem in crediting the REVDNS). > > > > > > > > So is there a way to figure out if dstsystems.com is a e-mail > > > > hosting company and then I would not want to credit the > > REVDNS as I > > > > do not know what other domains they host. > > > > > > > > If I cannot figure out the link then I would not credit > > REVDNS and > > > > would move to step 2. Credit HELO. HELOs can be spoofed > > but in this > > > > case the HELO is basically the same as the > > REVDNS. > > > > > > > > Next step is crediting MAILFROM. This I can do with the > > > > ifdsgroup.com and lower the score for e-mail from this > > domain. Again > > > > it can be spoofed but ... > > > > > > > > I would prefer to credit REVDNS as that cannot be spoofed > > but I am > > > > leery of crediting an "unknown" domain when it does not > relate to > > > > the MAILFROM address. > > > > > > > > Any thoughts on how (if possible) to connect the two domains? > > > > Or do I simply drop down to option 3 and credit MAILFROM? > > I suppose > > > > that I could try and figure out the admin responsible for > > > > dstsystems.com and tell them to fix the HELOBOGUS error > in which > > > > case my problems would (mostly) go away. > > > > > > > > Any thoughts and comments are appreciated. > > > > > > > > Thanks > > > > > > > > > > > > Goran Jovanovic > > > > The LAN Shoppe > > > > --- > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], > > and type > > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > > http://www.mail-archive.com. > > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], > and type > > > "unsubscribe Declude.JunkMail". The archives can be found at > > > http://www.mail-archive.com. > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
