Quin Parker wrote: > Hello > > I was wondering if somebody could answer a question I have about SA's use of > external blacklists which filter e-mail addresses. > > As I understand it (please correct me if I'm wrong), SA can be configured to > look up lists such as those held on rfc-ignorant.org, match the email address > and award points accordingly.
Generally speaking, SA doesn't do this based on email addresses. It does it based on server names and IPs. However, RFCI is a bit different, it uses the envelope from address. Currently in 3.1.0 there' are only 3 RBLS which use envelope from. RFCI, AHBL, and securitysage. > > If only a fragment of the address is listed on the blacklist, will SA still > add > points to the e-mail? eg. '.de' is marked on rfc-ignorant.org as having a duff > WHOIS listing. Will SA award points for any e-mail from Germany? No, it will never query the fragment ".de" against RFCI. SA queries the whole domain following the @ sign. (see EvalTests.pm, sub check_rbl_envfrom) It also requires at least 1 . in the "domain" part, and at least 1 non-whitespace character on each side of it. So SA will never query "localhost", but it would query "localhost.localdomain" if they appeared in an envelope from. So RFCI would have to return a positive hit for "domain.de" not ".de". > > If, theoretically, 'gov.uk' were listed on a blacklist, would it pickup > addresses such as [EMAIL PROTECTED] This is only possible for blacklists that work on email addresses (ie: RFCI). As above, SA does a query of the whole domain, not fragments.
