Loren Wilton wrote:
How about this one:
Client IP is 213.200.218.50 - reverse lookup returns mail.specogna.ch.
Lookup mail.specogna.ch returns 213.200.218.50. Looks good.
Lookup mail.specogna.ch.junkemailfilter.com - (what does this tell me,
regardless of what it returns?)
But let's assume mail.specogna.ch.junkemailfilter.com does return
127.0.0.1 - it means nothing wrt ham/spam. That mail-server is
occasionally being used by a spambot sat on an internal machine at that
company.
I think what Marc is saying is that he is creating a global whitelist.
Presumably that machine (being an occasional spammer) would not get
itself on a whitelist, or would get itself removed pretty quickly. So
presumably 127.0.0.1 is supposed to mean something relative to
ham/spam for a given host, and the only trick is to be sure that the
host id isn't forged.
Loren
If you do a lookup of the host name to verify it resolves back to the
same IP then spammers can't forge that. Then I have a list of big
companies that never send spam. If this works the we should increase the
list and polish the system.
