On Sat, 11 Aug 2007, Bob Proulx wrote: > I think it is a bad idea to use low-TTL values as more than a > minor spamsign. There is nothing overtly improper about it and > there are often times when a low TTL dns record is just the right > thing to do, such as when planning an IP move for a server. That > should not cause mail to be tagged as spam in those cases.
I think there was some consensus about using that in concert with an excessive number of A records as a spam sign. Check the thread history. I don't think anyone is suggesting by itself it's a useful indicator. > While it may be that there is some correlation to some spammers > using low TTL servers it is also true that good spam filtering has > always been about reducing false negatives. A false negative is > much worse than a false positive. Using low TTL dns records, a > perfectly valid configuration, as a strong spam indication will > cause false negatives, which is creates a cascade failure which is > much worse than the original problem. er... I think your logic is off 180 degrees there. Isn't a FP much worse than a FN? (not that it invalidates your point.) -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- To prevent conflict and violence from undermining development, effective disarmament programmes are vital... -- the UN, who "doesn't want to confiscate guns" ----------------------------------------------------------------------- 4 days until The 62nd anniversary of the end of World War II
