On 6/11/2014 12:36 PM, Axb wrote:
On 06/11/2014 05:57 PM, Joe Quinn wrote:
On 6/11/2014 11:54 AM, Axb wrote:
Shouldn't the URIBL plugin only looks at msg body and not headers..
I don't think so. If you run this rule on a message body that uses a
shortener like goo.gl, it will see that there is no MX record for goo.gl
and FP.
??? why should it have an MX record?
Do you really think that your daily collection of .ru pillz and
.us/me/biz/club snowshowers use MX records? What for?
I may have misunderstood what you wrote.
goo.gl is a legitimate example of a URI that you will frequently find in
the body of ham messages. It does not have an MX record. If you scan the
message body for URIs that lack MX records, you will score on goo.gl and
likely FP. This rule, if implemented, should only look at parts of the
message that imply "this domain will be receiving messages".
For instance, if you receive a message that has a return path of
[email protected], the simple fact of it being Return-Path
implies it will be accepting email. The lack of an MX record in that
case would be a valid spam indicator.
Point being, a blanket "every URI in an email must have an MX record" is
not correct, but a little extra logic would be useful.
