On 13-May-2009, at 03:43, RW wrote:
On Sun, 10 May 2009 16:04:47 -0400
Adam Katz <antis...@khopis.com> wrote:
That's why I've got my KHOP_RCVD_UNTRUST score ... spammers are going
out of their way to send from whitelisted servers these days, a
testament to how powerful DNSBLs are.
The other day I had a lottery scam spam sent via University
College London wemail, from a Nigerian IP address. It hit
RCVD_IN_DNSWL_MED and RCVD_IN_SBL, which have a combined score of
-2.4.
I had a similar problem with spam coming from Harvard last week.
I think it might be useful to redefine DNSWL rules as meta rules, so a
strong DNSBL hit turns them off.
I think it would be useful for the DNSWL lists to check the From and
From_ headers as well. If a mail comes from Harvard's servers but
CLAIMS to come from somewhere else, I don't think dnswl should come
into play.
--
There's a race of men that don't fit in, A race that can't stay
still So they break the hearts of kith and kin, And they roam
the world at will.
