On Fri, 18 Dec 2009, Christian Brel wrote:
On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default?
I see these from time to time. This is what gave rise to my intial inquiry about the frequency with which whitelited servers are hacked. Ideally, the whitelist should have a mechanism for temporarily suspending IP's that have been hacked. Perhaps running a check of their list against internet blacklists would help? If a spammer gets an IP blacklisted, at the least DNSWL and HABEAS should make note of this and remove the IP....
- C
