[Declude.JunkMail] Blocking on no REV DNS?
Years ago it was recommended not to block mail on a missing reverse DNS because many legitimate mail servers were mis-configured. We know services like AOL block on missing DNS. Just wondering, do you block on missing REV DNS? If not, do you at least add weight? I'm getting to the point where if a mail server doesn't have a reverse DNS then I'm thinking the heck with them --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blocking on no REV DNS?
For what it's worth, I still test against REVDNS and it's never been worth a HOLD action all by itself. I score it at 25% of my HOLD weight threshold. Reverse DNS lookups can go through a lot of lookups; if their DNS is too slow and doesn't respond, you will inadvertently score against them unfairly. Worse, if your DNS is slow or your Internet tube is clogged, you'll inadvertently score against everybody. I keep a single file full of counterweight lines (instead of whitelisting) and the comments are inconsistent, but a quick check tells me that 4% of the comments I made included a mention that the sender triggered REVDNS. If you want to get fancy, look into using or making combo tests where you add weight based on tests being triggered. Andrew from Vancouver. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 14, 2011 6:22 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Blocking on no REV DNS? Years ago it was recommended not to block mail on a missing reverse DNS because many legitimate mail servers were mis-configured. We know services like AOL block on missing DNS. Just wondering, do you block on missing REV DNS? If not, do you at least add weight? I'm getting to the point where if a mail server doesn't have a reverse DNS then I'm thinking the heck with them --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. We are pleased to announce that Bentall LP and Kennedy Associates Real Estate Counsel, LP joined forces on December 1, 2010. To learn more, visit: www.bentallkennedy.com Nous avons le plaisir de vous annoncer que Bentall LP et Kennedy Associates Real Estate Counsel LP se sont associees le 1er decembre 2010. Pour en savoir plus, rendez-vous a www.bentallkennedy.com This message (and any associated files) may contain confidential, proprietary and/or privileged material and access to these materials by anyone other than the intended recipient is unauthorized. Unauthorized recipients are required to maintain confidentiality. Any review, retransmission, dissemination or other use of these materials by persons or entities other than the intended recipient is prohibited and may be unlawful. If you have received this message in error, please notify us immediately and destroy the original. Ce message et tout document qui y est eventuellement joint peuvent contenir de l'information confidentielle ou exclusive. L'acces a cette information par quiconque autre que le destinataire designe en est donc interdit. Les personnes ou les entites non autorisees doivent respecter la confidentialite de cette information. La lecture, la retransmission, la communication ou toute autre utilisation de cette information par une personne ou une entite non autorisee est strictement interdite. Si vous avez recu ce message par erreur, veuillez nous en aviser immediatement et le detruire. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blocking on no REV DNS?
I suppose it depends on your clients. I host mostly small to medium business sites, bounce on reverse DNS at my gateway and only get a question once or twice a year, where I assist some clueless Email Admin about contacting his ISP to set up the proper reverse DNS. I explain to them that we are in line with AOL, Hotmail, Google and others that have policies against missing Reverse DNS to show that he may have FOUND the problem by trying to email US, but that in fact, his emails to most places on the Internet are being silently deleted, held or flagged as SPAM - without giving him a warning as WE do. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 14, 2011 9:22 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Blocking on no REV DNS? Years ago it was recommended not to block mail on a missing reverse DNS because many legitimate mail servers were mis-configured. We know services like AOL block on missing DNS. Just wondering, do you block on missing REV DNS? If not, do you at least add weight? I'm getting to the point where if a mail server doesn't have a reverse DNS then I'm thinking the heck with them --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blocking on no REV DNS?
Headers from a typical email with missing reverse DNS: Received: from UnknownHost [208.94.247.117] by xx X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 208.94.247.117 with no reverse DNS entry. What is the best way to filter on no reverse DNS? _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, February 14, 2011 10:49 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Blocking on no REV DNS? I suppose it depends on your clients. I host mostly small to medium business sites, bounce on reverse DNS at my gateway and only get a question once or twice a year, where I assist some clueless Email Admin about contacting his ISP to set up the proper reverse DNS. I explain to them that we are in line with AOL, Hotmail, Google and others that have policies against missing Reverse DNS to show that he may have FOUND the problem by trying to email US, but that in fact, his emails to most places on the Internet are being silently deleted, held or flagged as SPAM - without giving him a warning as WE do. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 14, 2011 9:22 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Blocking on no REV DNS? Years ago it was recommended not to block mail on a missing reverse DNS because many legitimate mail servers were mis-configured. We know services like AOL block on missing DNS. Just wondering, do you block on missing REV DNS? If not, do you at least add weight? I'm getting to the point where if a mail server doesn't have a reverse DNS then I'm thinking the heck with them --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter for this?
Anyone put together a filter for this? a href=http://en.marriedcomb.com/LsyRi_xEczPyAVLP-6RXIfBHyQKlpLloCVCdRiUQj80C BkFIRsplDbsWp-UntnvcapomnOB34oekSnZlNAVa7SoEUKZSJf38K79Yq79zOT6qBNCTYzL5B1Gh PqJ5DauCbtWAubdB8kPQoicfAlkPQyyuRB1333A1YAWUvJhpVPksIVa9IVTj5SmfPzJBU23BtNGm LCRUhh-f7TYUkYiSFW1IMFkxyEq98JftNph7Um4mcdzmcpYAh62VI94SDrIhDY8g2Zo-QorZUUZW rwG41Sj6iKchOqqfHLTYKLmL7s5oJBjZ7EZSuBU7CFX8LvTo0pB6qyyUQ4mp35lBXcOsZ1zHmnGL Bl_htJf1VGFa4gsO7P6mFVZB3QNk3TPUYWaoBR5AtFjxfs3mv11TZ60J6w Getting dozens of these a day coming through. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blocking on no REV DNS?
Not sure if you're asking how to trap items without reverse DNS? It would be a line like this in the GLOBAL.CFG: WHITELIST AUTH REVDNS revdnsexists x x 5 0 (which would add a weight of 5 if there is no reverse DNS - but whitelist your clients who have no reverse DNS but still should be permitted to connect to your SMTP relay). Then, you could pick up on that test name in your $default$.junkmail, and decide what action you might want, e.g.: REVDNS ALERT or REVDNS HOLD Or REVDNS LOG Etc. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 14, 2011 2:07 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Blocking on no REV DNS? Headers from a typical email with missing reverse DNS: Received: from UnknownHost [208.94.247.117] by xx X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 208.94.247.117 with no reverse DNS entry. What is the best way to filter on no reverse DNS? --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter for this?
Dave, the target IP address is a really old spammer block according to SpamHaus: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL79159 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL79123 Do you have a URL scanner? It should have picked off this one sample. Besides the Zero Day component of Declude, there's a de facto add-on that's used by the denizens of this list, but I forget what it's called. FWIW, no, I'm not seeing this particular domain or destination IP in the last 45 days. Andrew. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 14, 2011 2:07 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter for this? Anyone put together a filter for this? a href=http://en.marriedcomb.com/LsyRi_xEczPyAVLP-6RXIfBHyQKlpLloCVCdRiUQ j80C BkFIRsplDbsWp-UntnvcapomnOB34oekSnZlNAVa7SoEUKZSJf38K79Yq79zOT6qBNCTYzL5 B1Gh PqJ5DauCbtWAubdB8kPQoicfAlkPQyyuRB1333A1YAWUvJhpVPksIVa9IVTj5SmfPzJBU23B tNGm LCRUhh-f7TYUkYiSFW1IMFkxyEq98JftNph7Um4mcdzmcpYAh62VI94SDrIhDY8g2Zo-QorZ UUZW rwG41Sj6iKchOqqfHLTYKLmL7s5oJBjZ7EZSuBU7CFX8LvTo0pB6qyyUQ4mp35lBXcOsZ1zH mnGL Bl_htJf1VGFa4gsO7P6mFVZB3QNk3TPUYWaoBR5AtFjxfs3mv11TZ60J6w Getting dozens of these a day coming through. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. We are pleased to announce that Bentall LP and Kennedy Associates Real Estate Counsel, LP joined forces on December 1, 2010. To learn more, visit: www.bentallkennedy.com Nous avons le plaisir de vous annoncer que Bentall LP et Kennedy Associates Real Estate Counsel LP se sont associees le 1er decembre 2010. Pour en savoir plus, rendez-vous a www.bentallkennedy.com This message (and any associated files) may contain confidential, proprietary and/or privileged material and access to these materials by anyone other than the intended recipient is unauthorized. Unauthorized recipients are required to maintain confidentiality. Any review, retransmission, dissemination or other use of these materials by persons or entities other than the intended recipient is prohibited and may be unlawful. If you have received this message in error, please notify us immediately and destroy the original. Ce message et tout document qui y est eventuellement joint peuvent contenir de l'information confidentielle ou exclusive. L'acces a cette information par quiconque autre que le destinataire designe en est donc interdit. Les personnes ou les entites non autorisees doivent respecter la confidentialite de cette information. La lecture, la retransmission, la communication ou toute autre utilisation de cette information par une personne ou une entite non autorisee est strictement interdite. Si vous avez recu ce message par erreur, veuillez nous en aviser immediatement et le detruire. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter for this?
Andrew, I'm running invURIBL. It gave a weight of 10: X-invURIBL-Scan: Scanned by invURIBL 3.1.1 on 2/14/2011 3:50:50 PM X-invURIBL-Weight: 10 X-invURIBL-Range: HIGH That only brought it up to 15 and my hold weight is 20. My declude is a number of years old. I don't believe I have the zero day. My problem is I have so little time to work with Declude. By the time the spam gets bad enough that I can't put up with it and need to tweak my filters again, I've forgotten so much its like starting over. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, Andrew Sent: Monday, February 14, 2011 5:30 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter for this? Dave, the target IP address is a really old spammer block according to SpamHaus: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL79159 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL79123 Do you have a URL scanner? It should have picked off this one sample. Besides the Zero Day component of Declude, there's a de facto add-on that's used by the denizens of this list, but I forget what it's called. FWIW, no, I'm not seeing this particular domain or destination IP in the last 45 days. Andrew. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 14, 2011 2:07 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter for this? Anyone put together a filter for this? a href=http://en.marriedcomb.com/LsyRi_xEczPyAVLP-6RXIfBHyQKlpLloCVCdRiUQ j80C BkFIRsplDbsWp-UntnvcapomnOB34oekSnZlNAVa7SoEUKZSJf38K79Yq79zOT6qBNCTYzL5 B1Gh PqJ5DauCbtWAubdB8kPQoicfAlkPQyyuRB1333A1YAWUvJhpVPksIVa9IVTj5SmfPzJBU23B tNGm LCRUhh-f7TYUkYiSFW1IMFkxyEq98JftNph7Um4mcdzmcpYAh62VI94SDrIhDY8g2Zo-QorZ UUZW rwG41Sj6iKchOqqfHLTYKLmL7s5oJBjZ7EZSuBU7CFX8LvTo0pB6qyyUQ4mp35lBXcOsZ1zH mnGL Bl_htJf1VGFa4gsO7P6mFVZB3QNk3TPUYWaoBR5AtFjxfs3mv11TZ60J6w Getting dozens of these a day coming through. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. We are pleased to announce that Bentall LP and Kennedy Associates Real Estate Counsel, LP joined forces on December 1, 2010. To learn more, visit: www.bentallkennedy.com Nous avons le plaisir de vous annoncer que Bentall LP et Kennedy Associates Real Estate Counsel LP se sont associees le 1er decembre 2010. Pour en savoir plus, rendez-vous a www.bentallkennedy.com This message (and any associated files) may contain confidential, proprietary and/or privileged material and access to these materials by anyone other than the intended recipient is unauthorized. Unauthorized recipients are required to maintain confidentiality. Any review, retransmission, dissemination or other use of these materials by persons or entities other than the intended recipient is prohibited and may be unlawful. If you have received this message in error, please notify us immediately and destroy the original. Ce message et tout document qui y est eventuellement joint peuvent contenir de l'information confidentielle ou exclusive. L'acces a cette information par quiconque autre que le destinataire designe en est donc interdit. Les personnes ou les entites non autorisees doivent respecter la confidentialite de cette information. La lecture, la retransmission, la communication ou toute autre utilisation de cette information par une personne ou une entite non autorisee est strictement interdite. Si vous avez recu ce message par erreur, veuillez nous en aviser immediatement et le detruire. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
