yes, I can set a positive score for RCVD_IN_BSP_TRUSTED rules (I have!)
Without it, lots of spam would get through with the default -4.3 score.
but if the spammer sends to our generic web contact address (found by
harvesting our web pages), shouldn't the company who gets paid to 'bond'
them unlist them?
I looked on www.returnpath.net, but didn't see any place to officially
report violations (without subscribing)
I have also filed a bugzilla report with specific ip, and verified with
dns that it is still a 'bonded sender'
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5977
host 94.32.2.72.sa-trusted.bondedsender.org
94.32.2.72.sa-trusted.bondedsender.org has address 127.0.0.10
their web site says they have a 'sender score of 60'
http://www.returnpath.net/senderscore/receiver/
--
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* Everything Channel Hot Product of 2008
* Shaping Information Security Award 2008
* CRN Magazine Top 40 Emerging Security Vendors
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________