Re: [Declude.JunkMail] Fwd: Verisign's New Change and Outdate RBL's

[Bill Landry]

Shouldn't find FPs in any of the examples you posed, since a query should only be done on a mail-from domain name, and VeriScam would only respond to a query with the 64.94.110.11 IP address if the domain name ends in .net or .com.   Bill ----- Original Message ----- From: Matthew Bramble To: [EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 12:14 PM Subject: Re: [Declude.JunkMail] Fwd: Verisign's New Change and Outdate RBL's This is a great find!  I'm just wondering where the potential FP's would come from so that I can determine the proper scoring.  Obviously people that misspell their from domain could be tagged, but what happens when someone uses <> or how about just "John Smith", would that score on this test?  I'm of course capturing to see what I get. Also, is this a total replacement for MAILFROM on .com and .net domains? Thanks, Matt Bill Landry wrote: Yep, that's correct, and probably not a good thing. I have been using an rhsbl test, and it appears to be doing what it should--that is, query DNS with the return address and if it comes back with 64.94.110.11, add weight to the message. Here is what I am using: VERISCAM rhsbl . 64.94.110.11 1 0 Yes, that's a period "." where you would normally list the rhsbl lookup domain. This has the effect of JunkMail doing an "A" record lookup against your own DNS for the return address listed in the message, and if it is an invalid domain, the DNS returns with 64.94.110.11, which causes the message to fail the VERISCAM test and weight gets added to the message. I've set the weight to 1 for testing, but so far messages that have gotten flagged by the VERISCAM test have been spam. Bill ----- Original Message ----- From: "Keith Anderson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 15, 2003 11:48 PM Subject: RE: [Declude.JunkMail] Fwd: Verisign's New Change and Outdate RBL's The result would always be the same: 64.94.110.11 so you would tag every message as spam. Right? -----Original Message----- From: Joshua Levitsky [mailto:[EMAIL PROTECTED]] Sent: Monday, September 15, 2003 10:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Fwd: Verisign's New Change and Outdate RBL's Interesting side effect of Verislime's move. Just setup a ip4r test that goes to a bogus domain and then all the bad addresses result in an answer of 64.94.110.11. Maybe this is how we can take advantage of this? If i made an ip4r test of aklsjlajkdjkhskljdkjldhsjdshkhklshdkjl.com then I'd probably be good no? -Josh