On Sun, Oct 29, 2006 at 03:48:25PM +0100, B. Johannessen said:
> I've come to the conclusion that identifying likely sources of spam is
> not hard. What's hard is identifying legitimate traffic from likely
> spam-sources. Based on this conclusion I've started working on tests to
> help identify such traffic.
>
> Two of tests I'd like to try are:
>
> 1) Is the sending host an MX for the sender address domain?
>
> 2) Is the sending host in the same /24 as an MX for the sender address
> domain?
This is a bad test.
The MX records for yahoo.com are:
4.79.181.134
4.79.181.135
4.79.181.136
4.79.181.14
4.79.181.15
4.79.181.168
4.79.181.168
4.79.181.168
67.28.113.10
67.28.113.19
67.28.113.70
67.28.113.71
67.28.113.72
67.28.113.73
67.28.113.74
66.196.97.250
and yet I get legitimate email from yahoo that connects from
66.163.187.203. Back to the drawing board, I'd say. This has been
discussed here before, and it has been repeatedly shown that this is a
bad way to go.
--
--------------------------------------------------------------------------
| Stephen Gran | The difference between America and |
| steve@??? | England is that the English think 100 |
| http://www.lobefin.net/~steve | miles is a long distance and the |
| | Americans think 100 years is a long |
| | time. |
--------------------------------------------------------------------------
