mouss a écrit : > Matthias Schmidt a écrit : >> Am/On Sat, 18 Oct 2008 05:20:03 -0700 schrieb/wrote cfgerty: >> >>> One sample of these mails: >>> >>> http://pastebin.com/m1e3d6b5d >>> >>> German Language Rulesets are applied. >>> >> this message doesn't come from a mail-server with a resolving reverse >> pointer. >> We don't accept such messages, so this message even wouldn't make it to >> spamassassin here. > > > which mail server do you mean? My understanding is that Chritoph gets > the mail via his ISP, and his ISP doesn't perfrom rDNS lookup. > Christoph: can you confirm this?
Brain corrupted:) It was Chris, not Christoph. > > Other than that, the server that pushed it has a "dynamic" rdns: > > $ host 88.215.95.153 > 153.95.215.88.in-addr.arpa domain name pointer > 88.215.95.153.dynamic.cablesurf.de. > $ host 88.215.95.153.dynamic.cablesurf.de > 88.215.95.153.dynamic.cablesurf.de has address 88.215.95.153 > > and if the ISP relay is trusted, then the mail is "direct to mx", which > could deserve few points. > > Also, that IP is listed in bb.barracudacentral.org (2.0 here. I am > considering increasing the score as I didn't see it FP). > > another note: The spam contains an obfuscated uri (geheime-webcam....) > which is listed on surbl and uribl (since 2008-10-05). > > >
