Quoting Justin Mason <[EMAIL PROTECTED]>:
- - if a spammer were to use a hostname like "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel to verify that I was (a) using SpamAssassin to filter to my mail, and (b) that that address is valid. So blindly resolving the full hostname was judged as unsafe. However, replacing hostname portions with another token is not useful: assuming that "jm_at_jmason_dot_org.spamdomain.com" will have the same A as "spamdomain.com" or "www.spamdomain.com" is naive and easily evaded.
This is a good point, but honestly, they also know that you aren't likely to be
one of the users that clicks on spam and they won't be making much money from you. The method has shown to be effective enough that I don't care if my email address is added to as many lists as they want to add it since I won't see their spam anyway.
- - more importantly, the results weren't very good. ;) Not as good as URIBL_SBL and the SURBL rules, at least. iirc, the hits mapped very closely to URIBL_SBL, esp since Spamhaus explicitly list nameservers of spammed domains.
The results weren't good? I actually had a discussion with Steve Linford at spamhaus and they came up with a similar method themselves. Their tests were as good as mine - nearly 100% effective.
The details should be on bugzilla somewhere. Thanks anyway though!
Are these the results from a few years ago? The only spam I get these days that
makes it through spamassassin is mail that would have been caught by the above method. I think its worth looking into again. -- Evan Langlois
