On Thu, 2008-07-03 at 06:32, Henrik K wrote: > On Wed, Jul 02, 2008 at 09:18:41PM -0700, John Hardin wrote: > > > > On Thu, 2008-07-03 at 05:59 +0300, Henrik K wrote: > > > On Wed, Jul 02, 2008 at 12:08:43PM -0700, John Hardin wrote: > > > > On Wed, 2 Jul 2008, Marc Perkel wrote: > > > > > > > >> Again - it's not to figure out where spam comes from. It's figuring > > > >> out > > > >> where non-spam comes from. I think there are registrars out there that > > > >> > > > >> don't have any spam domains registered. > > > > > > > > Right, but how do you guarantee a host with a whitelisted RDNS domain > > > > name doesn't get infected with a smapbot? > > > > > > What's that got to do with anything? If there's a 0.5% chance, who cares. > > > You should always scan for viruses, but it's trivial to skip SA for such > > > cases. Are you saying that we shouldn't take advantage of DNSWL data > > > either, > > > since it's possible that some spam may come? > > > > No, I was simply responding to Marc's apparent contention that a host > > with an RDNS domain name from a trustworthy registrar won't be a source > > of spam. > > I doubt you have any statistics about this, so why speculate? No one has to > _guarantee_ anything. If Marc is able to find some good correlation for > (almost) spamless sources, it will help everyone. > I really don't see how it will help. Here's my reason for saying that.
If there's even a small chance that somebody behind a corporate firewall got complacent and didn't keep the AV software up to date and/or got caught by an infected website, then we still have to scan mail from them regardless of who registered their domain. This makes checking the registrar an extra and needless task since, like white/black listing, its something we need to do for for every piece of mail we receive. I'd be happy to know I'm wrong about this, but so far none of the domain lookup advocates have produced hard evidence of its benefits. Also, nobody has explained how to automate the job apart from the possibly abusive use of whois lookups. A manually maintained list doesn't cut it for me: its far too easy for list maintenance to get out of date, which is why I won't use a personal white list until I can automate its maintenance. Martin
