On 11/16/10 4:31 PM, Liam R. MacInnes wrote:
Hi All
I've been looking around and racking my brains to find a rule to key on a pattern we've
noticed. A lot of the recent spam that's making it through seems to be sent from domains
registered in the previous 48 hours with "valid" SPF records. I'm looking for a
way to increase the score for any message where the envelope-sender is an address at a
domain registered in the previous 5 days. of course URIBL's won't help as they act on the
body and a DNSBL won't work as it acts on the sending relay
there was/is a 'DOB' blacklist (day old bread). but I think the dns
servers may be overloaded. some people are complaining about timeouts.
Thanks for any help
Cheers,
Liam
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
