Marc Perkel wrote:
>> 1) On what grounds, exactly, is a host added to this list?
>>
> I have a list of host names - some from my white list, some from my
> yellow list (yahoo, hotmail, etc.). I'm adding to the name based lists
> all the time. Then when I get email from these domains then I record the
> IP in the same color list. For example, wellsfargo.com never sends spam.
> It's all good. So they are whitelisted by name.
So, what would happen if _I_ sent you an email from
mart@???? Let's see:
rose:~# swaks --from mart@??? --to marc@??? --header
"Subject: An obviously faked email"
=== Trying a1.junkemailfilter.com:25...
=== Connected to a1.junkemailfilter.com.
<- 220 venus.ctyme.com ESMTP Exim 4.68 Thu, 17 Apr 2008 16:39:21 -0700
-> EHLO rose.clues.ltd.uk
<- 250-venus.ctyme.com Hello rose.clues.ltd.uk [87.127.213.26]
<- 250-SIZE 262144000
<- 250-PIPELINING
<- 250-AUTH PLAIN LOGIN
<- 250-STARTTLS
<- 250 HELP
-> MAIL FROM:<mart@???>
<- 250 OK
-> RCPT TO:<marc@???>
<- 250 Accepted
-> DATA
<- 354 Enter message, ending with "." on a line by itself
-> Date: Fri, 18 Apr 2008 00:39:20 +0100
-> To: marc@???
-> From: mart@???
-> Subject: An obviously faked email
-> X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks
->
-> This is a test mailing
->
-> .
<- 250 OK id=1JmdhN-0008RV-VQ
-> QUIT
<- 221 venus.ctyme.com closing connection
=== Connection closed with remote host.
> Any IP where the host
> ends in wellsfargo.com that send an email, I record the IP in my
> whitelist.
Cool, so I can now spam you for 10 days?
>> 5) In your documentation at the URL above you state "127.0.0.3 =
>> yellowlisted - mixed source - do not blacklist or whitelist". Yet
>> here you've said, of hosts that should never be blacklisted, "some
>> from my yellow list", which is correct?
>>
> I have a white list which means a pure ham domain, and blacklists which
> are pure spam domains. Yellow is a mixed domain, like Yahoo, which is
> neither white nor black.
>
> Read the wiki to understand it in more detail.
>
I was quoting from your wiki.
> The idea is that forward confirmed rDNS can't be faked
I don't understand what you mean by "forward confirmed rDNS ". Can you
elaborate?
--
Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus
Consultant | martin@??? | filtering. Inoculate
antibodymx.net | m: +447896578023 | your mail system.