RE: [Declude.JunkMail] DYNAMIC - 09/17/2003 - A new filter to detect IP'd reverse DNS entries

[Todd Holt]

Joshua makes a great case for how to adjust the weighting system.  However, I think the initial test assumptions are flawed.   Case in point: As Joshua corrected noted, our RDNS is las-DSL224-cust088.mpowercom.net.  However, we are on a T-1 line from MPower.  Now I agree that MPower is to blame for incorrectly specifying (IMHO) the RDNS entry.  Nonetheless, I am powerless (as much as I have tried) to get MPower to change this policy/procedure.  The result is that your test is throwing points towards me for being a DSL connection and I’m not even connecting with DSL!   I wish, as much as everyone else, that the RDNS entries were more accurate, but they aren’t.  And they cannot be trusted to give the information your seeking from them.  This is the same discussion we had when AOL started filtering on DSL connections.  I think the test is likely to produce sporadic (hopefully very few), but important false positives.  I hope no one is deleting messages that contain points from this test.   Todd Holt Xidix Technologies, Inc Las Vegas, NV  USA www.xidix.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Levitsky Sent: Wednesday, September 17, 2003 5:02 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DYNAMIC - 09/17/2003 - A new filter to detect IP'd reverse DNS entries   On Sep 17, 2003, at 7:31 PM, Todd Holt wrote: 1. Can this filter distinguish between ADSL and SDSL? If not, is this acceptable? 2. Is the filter doing this? 3. Are there any unique instructions for doing this 88.224.57.208.in-addr.arpa. 604800 IN PTR las-DSL224-cust088.mpowercom.net In the case of your mail.xidix.com, you would not fail that test because they made your PTR have DSL224- rather than -224- where it would have failed. I don't know if this was on purpose in Matthew's filter or not. I do see benefit in giving some points to a PTR like yours just like I throw points at CHINA or BRAZIL when I actually do get legit mail from Brazil, but I find my legit Brazil email doesn't get enough points to be blocked, and sometimes throwing some points at Brazil can help to catch spam that would not be otherwise. By the same token I would not block DSL like yours, but I would give a couple of points simply to make the other tests more sensitive because then it would take less for you to hit my threshold. I have plenty of mail that has 5 or 6 points and is perfectly legit, and that's fine as long as legit mail doesn't get 50 or 60 points. -Josh