Quoting Jason Haar <[EMAIL PROTECTED]>: > ..that seems new. I see it's an RBL that "contains domains registered > within the last five days". > > Can someone explain what that means? I guess it means "seen by DOB > within the last five days" more than a domain that was registered within > the last five days?
It means the domain was registered within the past 5 days. > I say that because email from my home domain (registered 4 years ago) is > currently on the list... samba.org seems to be on the list, which is an error: ;; ANSWER SECTION: samba.org.dob.sibl.support-intelligence.net. 2100 IN A 127.0.0.2 Domain ID:D2485610-LROR Domain Name:SAMBA.ORG Created On:10-Jan-1998 05:00:00 UTC Last Updated On:28-Nov-2005 03:51:37 UTC Expiration Date:09-Jan-2009 05:00:00 UTC Sponsoring Registrar:Network Solutions LLC (R63-LROR) Status:CLIENT TRANSFER PROHIBITED Registrant ID:20553835-NSI Registrant Name:Samba Team Registrant Organization:Samba Team Registrant Street1:26 Carstensz St Registrant Street2: [...] > Anyway, emails that are on the list seem to trigger 3 different rules - > which adds up to +2 points - is that expected behaviour? > > Thanks > > Jason It looks like SpamAssassin is using DOB to check envelope From, received headers and message body domains. The three different uses of DOB all give different scores. Jeff C. > e.g. (actual spam to the Samba mailing-list) > > 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE > -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, > medium > trust > [66.70.73.150 listed in list.dnswl.org] > 0.3 DNS_FROM_DOB RBL: Sender from new domain (Day Old Bread) > 0.8 RCVD_IN_DOB RBL: Received via relay in new domain (Day > Old Bread) > 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > <http://www.spamcop.net/bl.shtml?88.232.135.123>] > 1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server > [88.232.135.123 listed in dnsbl.sorbs.net] > -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > -0.0 SPF_PASS SPF: sender matches SPF record > 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > [cf: 100] > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 100] > 0.9 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) > [URIs: samba.org] > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 >
