Kai Schaetzl wrote: > Jo Rhett wrote: > > Yes, but this also means that it takes longer to fix false positive > > problems. How would one clear this out if the original problem was > > fixed and you wanted to receive the mail? > > By using some whitelist for legit low-ttl domains.
I think it is a bad idea to use low-TTL values as more than a minor spamsign. There is nothing overtly improper about it and there are often times when a low TTL dns record is just the right thing to do, such as when planning an IP move for a server. That should not cause mail to be tagged as spam in those cases. While it may be that there is some correlation to some spammers using low TTL servers it is also true that good spam filtering has always been about reducing false negatives. A false negative is much worse than a false positive. Using low TTL dns records, a perfectly valid configuration, as a strong spam indication will cause false negatives, which is creates a cascade failure which is much worse than the original problem. Trying to create workarounds such as maintaining whitelists for noted servers is going about this the wrong way. It is perfectly valid to do and so this would legitimately need to list all possible servers. In fact a small time operator who is setting up and planning moves would most likely to be using low TTL values and would be unlikely to be in random whitelists. Bob
