|
We just started something I've been thinking about
for a while: Negative weight tests to offset specific test failures for
well-known domains. For example, a large
number of false positives we see are from Earthlink, Mindspring, Sprint,
Verizon, etc.
Now you may be thinking, of course, these are large
providers with dial-up user bases, so you would expect a large percentage
of false positives to be from them...but hold on a minute. Many
of these large domains are being penalized in our system for routing or not
having abuse@ or postmaster@ addresses. Almost all of these would not have
ended up in the hold queue if they had not been so penalized...thus the idea to
figure out a manageable way to NOT penalize them for these technical RFC
violations.
So, what we've done is to start filters to
counteract the weights for major tests that a few of these domains fail.
By doing it specifically for a particular domain, we reduce false positives but
avoid losing the effectiveness of the test on other domains.
Anyway, attached zip are the filter
files. As I mentioned, they have just been started, so there are just a
few domains in them at present. At the top of the filter file are
suggested guidelines on how to use them. There are probably better ways to
handle this, so I welcome comments/feedback.
Darin. |
#
------------------------------------------------------------------------------------------------
# Filter Name: n_ROUTING
# Author: Darin Cox
# Date: 4/14/2005
# Description: Used to negate the weight of the ROUTING test for select domains
#
# Notes: Recommended config is to negative weight this test to
# exactly offset the ROUTING test. For example, if you have
#
# ROUTING spamrouting x
x 125 0
#
# Then this test is recommended to be added as
#
# n_ROUTING filter C:\{MAILSERVER}\Declude\n_ROUTING.txt
x -125 0
#
#
------------------------------------------------------------------------------------------------# Don't run the test unless the email failed the ROUTING test TESTSFAILED END NOTCONTAINS ROUTING MAILFROM END ENDSWITH mail.sprint.com
#
------------------------------------------------------------------------------------------------
# Filter Name: n_NOABUSE
# Author: Darin Cox
# Date: 4/14/2005
# Description: Used to negate the weight of the NOABUSE test for poorly
# administered domains from which we still need to accept mail
#
# Notes: Recommended config is to negative weight this test to
# exactly offset the NOABUSE test. For example, if you have
#
# NOABUSE rhsbl abuse.rfc-ignorant.org
127.0.0.4 20 0
#
# Then this test is recommended to be added as
#
# n_NOABUSE filter C:\{MAILSERVER}\Declude\n_NOABUSE.txt
x -20 0
#
#
------------------------------------------------------------------------------------------------
# Don't run the test unless the email failed the NOABUSE test
TESTSFAILED END NOTCONTAINS NOABUSE
MAILFROM END ENDSWITH earthlink.net
MAILFROM END ENDSWITH mail.sprint.com
MAILFROM END ENDSWITH mindspring.com
MAILFROM END ENDSWITH verizon.com
#
------------------------------------------------------------------------------------------------
# Filter Name: n_NOPOSTMASTER
# Author: Darin Cox
# Date: 4/14/2005
# Description: Used to negate the weight of the NOPOSTMASTER test for poorly
# administered domains from which we still need to accept mail
#
# Notes: Recommended config is to negative weight this test to
# exactly offset the NOPOSTMASTER test. For example, if you have
#
# NOPOSTMASTER rhsbl abuse.rfc-ignorant.org
127.0.0.3 25 0
#
# Then this test is recommended to be added as
#
# n_NOPOSTMASTER filter
C:\{MAILSERVER}\Declude\n_NOPOSTMASTER.txt x -25 0
#
#
------------------------------------------------------------------------------------------------
# Don't run the test unless the email failed the NOPOSTMASTER test
TESTSFAILED END NOTCONTAINS NOPOSTMASTER
MAILFROM END ENDSWITH verizon.com
