I'm starting to see a (new to me) pattern of spam, and only spam, with PTR records consisting of a single dot, such as:
Received: from ejru38.pindmosel.info (. [184.154.78.38] (may be forged))It doesn't appear that there is a stock rule yet to identify this particular case. RDNS_NONE matches, but I believe a more specific rule may be in order, or maybe even something at the MTA level if this pattern proves reliable. Has anyone else identified this pattern in their mail flow?
-- /Jason
smime.p7s
Description: S/MIME Cryptographic Signature
