Multiple RBLs and dynamic IPs

Fri, 27 May 2016 11:16:36 -0700 

Hi all,

How many points do you add to an email that originated from a dynamic
IP that on a number of blacklists?

This 180.178.104.22 is an IP from a customer in Indonesia:

Received: from [180.178.104.22] (port=51022 helo=CapriciousDude)
        by vio1.naveca.biz with esmtpa (Exim 4.87)
        (envelope-from <i...@example.com>)
        id 1b6FMu-00087L-42; Fri, 27 May 2016 18:51:52 +0800

This IP is on virtually every blacklist, but it doesn't necessarily
mean it's the result of something this particular customer/user did. I
also can't just make them send from a static IP or pick a different
provider.

At the same time, it's difficult to just let this go without adding
some points to the email.

I'm using XBL, PSKY (which is probably not necessary), spamcop, and
mailspike "deep-header" rules. Maybe I'm using them wrong?

Ideas for how to handle this would be appreciated.

X-Spam-Report:
 * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
 *      trust
 *      [116.251.209.92 listed in list.dnswl.org]
 *  0.0 RCVD_IN_XBL_ALL RBL: Received via a relay in Spamhaus SBL-XBL
 *      [180.178.104.22 listed in mykey.zen.dq.spamhaus.net]
 *  0.4 RCVD_IN_PSKY_ALL3 RBL: Any header IP in Testing RBL bad.psky.me
 *      "reject"
 *      [180.178.104.22 listed in bad.psky.me]
 *  0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
 *      [180.178.104.22 listed in dnsbl.sorbs.net]
 *  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
 *      [Blocked - see <http://www.spamcop.net/bl.shtml?180.178.104.22>]
 *  0.4 RCVD_IN_BL_MSPIKE_ALL RBL: No description available.
 *      [180.178.104.22 listed in bl.mailspike.net]
 * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
 *  0.0 HTML_MESSAGE BODY: HTML included in message
 *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
 *      [score: 0.5000]
 *  0.2 RELAYCOUNTRY_MED Relayed by an improbable email source country
 *  1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
 *      anti-forgery methods
 *  1.5 LOC_MULTI_RBL Multiple RBLs including spamcop, psky, XBL and mspike
 *  0.0 T_DMARC_TESTS_FAIL No description available.

Reply via email to