Marc Perkel wrote: >> 1) On what grounds, exactly, is a host added to this list? >> > I have a list of host names - some from my white list, some from my > yellow list (yahoo, hotmail, etc.). I'm adding to the name based lists > all the time. Then when I get email from these domains then I record the > IP in the same color list. For example, wellsfargo.com never sends spam. > It's all good. So they are whitelisted by name.
So, what would happen if _I_ sent you an email from [EMAIL PROTECTED] Let's see: rose:~# swaks --from [EMAIL PROTECTED] --to [EMAIL PROTECTED] --header "Subject: An obviously faked email" === Trying a1.junkemailfilter.com:25... === Connected to a1.junkemailfilter.com. <- 220 venus.ctyme.com ESMTP Exim 4.68 Thu, 17 Apr 2008 16:39:21 -0700 -> EHLO rose.clues.ltd.uk <- 250-venus.ctyme.com Hello rose.clues.ltd.uk [87.127.213.26] <- 250-SIZE 262144000 <- 250-PIPELINING <- 250-AUTH PLAIN LOGIN <- 250-STARTTLS <- 250 HELP -> MAIL FROM:<[EMAIL PROTECTED]> <- 250 OK -> RCPT TO:<[EMAIL PROTECTED]> <- 250 Accepted -> DATA <- 354 Enter message, ending with "." on a line by itself -> Date: Fri, 18 Apr 2008 00:39:20 +0100 -> To: [EMAIL PROTECTED] -> From: [EMAIL PROTECTED] -> Subject: An obviously faked email -> X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks -> -> This is a test mailing -> -> . <- 250 OK id=1JmdhN-0008RV-VQ -> QUIT <- 221 venus.ctyme.com closing connection === Connection closed with remote host. > Any IP where the host > ends in wellsfargo.com that send an email, I record the IP in my > whitelist. Cool, so I can now spam you for 10 days? >> 5) In your documentation at the URL above you state "127.0.0.3 = >> yellowlisted - mixed source - do not blacklist or whitelist". Yet >> here you've said, of hosts that should never be blacklisted, "some >> from my yellow list", which is correct? >> > I have a white list which means a pure ham domain, and blacklists which > are pure spam domains. Yellow is a mixed domain, like Yahoo, which is > neither white nor black. > > Read the wiki to understand it in more detail. > I was quoting from your wiki. > The idea is that forward confirmed rDNS can't be faked I don't understand what you mean by "forward confirmed rDNS ". Can you elaborate? -- Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus Consultant | [EMAIL PROTECTED] | filtering. Inoculate antibodymx.net | m: +447896578023 | your mail system. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
