John D. Hardin wrote: > Bob Proulx wrote: > > I think it is a bad idea to use low-TTL values as more than a > > minor spamsign. There is nothing overtly improper about it and > > there are often times when a low TTL dns record is just the right > > thing to do, such as when planning an IP move for a server. That > > should not cause mail to be tagged as spam in those cases. > > I think there was some consensus about using that in concert with an > excessive number of A records as a spam sign. Check the thread > history. I don't think anyone is suggesting by itself it's a useful > indicator.
The thread has wandered around a bit and I admit to have been lost in the discussion. I was not paying it detailed attention because, well, because I think it is going to cause trouble. > > While it may be that there is some correlation to some spammers > > using low TTL servers it is also true that good spam filtering has > > always been about reducing false negatives. A false negative is > > much worse than a false positive. Using low TTL dns records, a > > perfectly valid configuration, as a strong spam indication will > > cause false negatives, which is creates a cascade failure which is > > much worse than the original problem. > > er... I think your logic is off 180 degrees there. Isn't a FP much > worse than a FN? (not that it invalidates your point.) You are right. I have my names reversed. Sorry about that. Glad you were able to figure out my meaning anyway. :-) Bob
