On Wed, 11 Jun 2014, Joe Quinn wrote:
On 6/11/2014 12:36 PM, Axb wrote:
On 06/11/2014 05:57 PM, Joe Quinn wrote:
> On 6/11/2014 11:54 AM, Axb wrote:
> > Shouldn't the URIBL plugin only looks at msg body and not headers..
> I don't think so. If you run this rule on a message body that uses a
> shortener like goo.gl, it will see that there is no MX record for goo.gl
> and FP.
??? why should it have an MX record?
Do you really think that your daily collection of .ru pillz and
.us/me/biz/club snowshowers use MX records? What for?
I may have misunderstood what you wrote.
goo.gl is a legitimate example of a URI that you will frequently find in the
body of ham messages. It does not have an MX record. If you scan the message
body for URIs that lack MX records, you will score on goo.gl and likely FP.
This rule, if implemented, should only look at parts of the message that
imply "this domain will be receiving messages".
Disagree.
Excluding common known redirector sites like goo.gl, it *should* consider
body URIs.
For instance, if you receive a message that has a return path of
[email protected], the simple fact of it being Return-Path
implies it will be accepting email. The lack of an MX record in that case
would be a valid spam indicator.
That, too, but that wouldn't be a part of the URIBL plugin, so this check
sounds reasonable for whatever's doing DNS checks on those bits as well.
Point being, a blanket "every URI in an email must have an MX record" is not
correct, but a little extra logic would be useful.
Not correct absent an exclusion list, agreed.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
No representation without taxation!
-----------------------------------------------------------------------
741 days since the first successful private support mission to ISS (SpaceX)
