On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
Need a rule written to take advantage of this trick and this could
be a major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to get
the name.
2) Verify that the name that was looked up resolves to the same IP
address.
3) Look up the name in this dns list ===
example.com.hostdomain.junkemailfilter.com
4) if it returns 127.0.0.1 - it's ham
I'd like to suggest that where the domain publishes SPF, we use that;
where it doesn't, we use your algorithm.
I recently coded up a very similar approach; I posted about it on the
SPF and Karmasphere mailing lists. Here is the original message:
On Jul 12, 2007, at 6:53 PM, Meng Weng Wong wrote:
Cross-posted to the SPF and Karmasphere lists ...
On Jul 12, 2007, at 12:45 PM, Meng Weng Wong wrote:
Those of you who have been following the authentication movement
will remember that reputation was always part of the plan.
It is the job of SPF/DKIM/etc to provide authentication.
Karmasphere's job is to provide reputation.
I have had a huge grin on my face for the last half an hour.
Why?
This afternoon I finally got up to speed with SpamAssassin's meta-
rules.
and I just now got this report in my headers:
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 KS_REPUTABLE_DOMAIN_DNS RBL: Envelope sender in mengwong
whitelist feedset
* -123 AUTH_ACCOUNTABLE Envelope sender is both authenticated and
reputable
What does it mean? An SPF pass, on its own, means little; an RHSWL
match, on its own, means little; but together, they mean a lot.
To obtain that score of -123, the message has to pass SPF and the
envelope sender domain has to be whitelisted at the
"mengwong.manywl-v1.dnswl.karmasphere.com" RHSWL.
"mengwong.manywl-v1" is, in turn, a Karmasphere feedset that
contains multiple other whitelists, including the dnswl.org's
sources, ISIPP, Truste, and VeriSign's list of SSL certified domains.
More feeds are being added to that feedset as we discover new
sources of domain whitelists.
I am tremendously pleased. For me, this is the culmination of
several years of work: SPF offers authentication, and Karmasphere
offers reputation. Together, they fight spam!
Here's the snippet from my local.cf that does this:
# karmasphere domain-based whitelist
header KS_REPUTABLE_DOMAIN_DNS eval:check_rbl_envfrom
('mengwong.manywl-v1', 'mengwong.manywl-v1.dnswl.karmasphere.com.')
describe KS_REPUTABLE_DOMAIN_DNS Envelope sender in mengwong
whitelist feedset
tflags KS_REPUTABLE_DOMAIN_DNS net
score KS_REPUTABLE_DOMAIN_DNS -0.01
meta AUTH_ACCOUNTABLE ((SPF_PASS || DKIM_VERIFIED ||
DK_VERIFIED) && KS_REPUTABLE_DOMAIN_DNS)
describe AUTH_ACCOUNTABLE Envelope sender is both authenticated
and reputable
tflags AUTH_ACCOUNTABLE userconf nice noautolearn
score AUTH_ACCOUNTABLE -123
I'm very happy!
(At this time, while Karmasphere is in beta, querying that
whitelist requires IP registration; it will not work if you do not
have an account. After we're out of beta that requirement will be
dropped.)
Off to rummage through the fridge in search of champagne...
