>> Those high scores are from the score set without Bayes or net rules >> where there's often not a lot to go on. >> >> The score for TO_NO_BRKTS_DYNIP is autogenerated, the two scores >> probably add up to exactly 5.000 for good reason. >> >> Maybe some special handling for amazonaws.com would be better. >> > -- > - Markus >
The rule does hit a good amount of spam, judging by my logs. I think the RDNS_DYNAMIC rule was really about spotting end-user IP blocks. Amazon happens to use the same kind of pattern for naming its half a billion servers, like ec2-54-225-189-51.compute-1.amazonaws.com for 54.225.189.51, since like end-user IPs they are interchangeable parts. I'd be inclined to exclude them from RDNS_DYNAMIC. Joseph Brennan / Columbia U PS-- They do have nice matching PTR and A records.
