Thomas Raef wrote on Sun, 12 Aug 2007 06:19:43 -0500: > a dnsbl is the way to go.
On first look I disagree. We already have SURBL and URIBL. I don't see how this would add any benefit on top of that. We are talking about URI's in mail, not about hostnames of mailservers or email adresses. The only occasion where looking at the TTL (and whatever else in conjunction) is of benefit is when the URI *is not yet* on an RBL. In that case you can use those deviations from the norm as a spam indicator. Nothing more, nothing less. That also means that if the URI is found on SURBL/URIBL you don't have to do the TTL lookup which helps reducing the query load. > I believe that not checking for everyone of these will lead to erroneous > domains being blocked. Why should that be the case? SA is all about storing. So, even if you add a score of 1.0 to *each* low-TTL domain any "normal" ham will just bypass that. You do not ever *block* by this single criterion! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
