Clarification. When I say that spammers can't spoof RNDS what I mean is
that if you do a reverse lookup and get a spoofed name then when you
look up the spoofed name it won't resolve back to the IP you looked up.
I'm testing this idea now.
Marc Perkel wrote:
OK - here's an idea I'm rolling around in my brain and thinking this
could work to massively automatically generate white lists of IP
addresses from companies that generate no spam at all. This could be
used not only to greatly reduce false positives, but also you reduce
system load. Any IP listed is ham and no need for further testing.
One thing that spammers can't spoof is RDNS. So if the RNDS of an IP
is xxx.xxx.amd.com then we know the email is ham. Suppose that we
start with a list of companies that we know that any email that comes
from those hosts will always be ham then we can create a dynamically
generated whitelist based on host IP addresses that come from the list.
A query comes in to a specially written DNS server where the RNDS is
looked up and it's xxx.ibm.com and ibm.com is in the list of blessed
ham hosts. We would need a fast way of getting rid of the subhost part
to do the lookup, stripping the xxx part off to get the domain, . We
would then return a yes response and cache the data in a local database.
The database could contain tens of thousands of domains that never
send spam. How would we get this list? For now I'm doing it manually
but it could possible be done by tracking ham and spam hist over time
of verious IP addresses and looking for patterns of behavior that
would indicate that indicate that the source is 100% clean.
Of course this wouldn't solve domains like yahoo, hotmail, comcast,
and other mixed source spam but it would allow a lot of email to be
preclassified as ham without further testing.
Who likes this idea?
- Re: Automatic Whitelist Generation - Why wouldn't this w... Marc Perkel
-
