On Thu, 30 Oct 2003 19:50:49 -0800 Patrick Morris <[EMAIL PROTECTED]> wrote:
> Steven Manross wrote: > > >I'm seeing a few/lot of spam that has a reverse lookup name that is like the > >originating IP. > > > >i.e. If it were 192.168.52.45 that was the originating IP, the reverse > >lookup might be 192-168-52-45-clients.domain.com > > > > > This is a *very* common naming convention for ISPs that assign dynamic > IPs. You'll get a *lot* of false positives if you score based on that. Shouldn't users on dynamically-assigned IPs be sending their mail through their ISP's mail server? The big problem is when ISPs don't differentiate their static allocations from their dynamic allocations, either by rDNS or by network block. My tiny single-person domain has dropped 75 spam attempts from dynamic allocations this month. Compare this to 324 failed attempts to send mail vi open proxies (also note that I run my proxy rules before my dynamic rules, so it's likely that many of the open proxies are also in dynamic pools.) The bar is being raised for mail service operators. You need a static IP address, resolving forward and reverse DNS, and resolvable HELO to talk to directly to my mail system. If you can't configure your mail system properly, send mail through your ISP's server or smarthost via a trustworthy friend (not an open relay or proxy; those get dropped too.) Setting rDNS is the most difficult of the lot because it means you need your ISP's cooperation and if you're on a large or isolated provider, the time, irritation, and cost of getting them to change a few lines of text in a zone file may be prohibitive. -- Bob ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
