On 02/20/2018 03:48 PM, David Jones wrote:
On 02/20/2018 12:57 PM, Kevin A. McGrail wrote:
On 2/20/2018 1:53 PM, David Jones wrote:
Over the years I have noticed junk/spam email coming from these
servers so I created this rule:
header ENA_RCVD_NOTRUST Received =~
/\.(secureserver\.net|web-hosting\.com|websitewelcome\.com|inmotionhosting\.com|unifiedlayer\.com|ezhostingserver\.com|siteprotect\.com|internetbilisim\.net|privateemail\.com|registrar-servers\.com|emailsrvr\.com|registeredsite\.com)
\[/
Well just spot checking, you've identified some of the largest ISPs on
the planet. Secure Server is Wild West/Godaddy WebsiteWelcome is
HostGator, etc.
I knew they were major ISPs but spam still comes out of their servers at
a higher rate than the occasional compromised account or bad customer of
a good ESP (Exact Target, Mail Chimp, EMMA, etc).
I don't think they are going to be indicative of spam or ham and I
would individually blacklist domains and contact their abuse.
I was doing that but always behind the whack-a-mole game. I wanted to
do the opposite and set a level playing field from a whitelist
perspective for those servers by offsetting the whitelist negative
scores to get them back to around zero and let Bayes plus other
content-based rules determine the allow or block.
It doesn't seem like a good idea for whitelists to list these senders
just because most of the email is ham. If a small percentage is spam,
then how do we report that back to Hostkarma and dnswl.org? I can
report it to SpamCop but that doesn't make it's way to the other
whitelists.
SPF record for websitewelcome.com that Hostgator recommends to their
customers:
v=spf1 include:spf.websitewelcome.com include:spf1.websitewelcome.com
include:_spf.google.com
That is ridiculous!!! It requires 8 DNS queries and shouldn't include
Google's servers.
--
David Jones
