You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by mouss <mo...@netoyen.net> on 2007/07/01 11:58:32 UTC

Re: DNS list service to detect the registrar barrier

Marc Perkel wrote:
> OK - tell me if this is useful. I created a DNS list that you can pass 
> a host name to and get information as to where the registrar barrier is.
>
> You can use it as follows:
>
> dig <host>.rb.junkemailfilter.com
>
> Example:
> dig perkel.com.rb.junkemailfilter.com - returns 127.0.0.1
> dig perkel.co.uk.rb.junkemailfilter.com - returns 127.0.0.2
>
> If it's a single level domain it will return 127.0.0.1
> Two level domains return 127.0.0.2
> Three level domains return 127.0.0.3
>

I'm waiting the day someone will confuse it with a "normal" DNSBL, and 
use it to reject mail ;-p

I personally don't like this "dns can do everything" hype.

> I'm using it for some statistical stuff but I'm wondering if anyone 
> else finds this useful. Thinking about using it to forward spam to 
> abuse@<domain> to report spam.

sorry?

Re: *****SPAM***** Re: DNS list service to detect the registrar barrier

Posted by jdow <jd...@earthlink.net>.
From: "arni" <ma...@arni.name>

> jdow schrieb:
>> You are if you're the only one dumb enough to run email from this list
>> through SpamAssassin then you might be.
>>
> I dont exactly know why you have to flame people on this mailinglist but 
> i'm gonna explain it to you:
> 
> This list offers a great way to learn bayes with spam related ham, which 
> is in my opinion on of the best hams around. It is spam related, so it 
> might contain tokens that are also found in spam and it a great way to 
> show bayes that these tokens are not only present in spam, but can also 
> be in ham.

I assure you that was not a flame. I do agree I did not frame it as
a suggestion. But the concept seems so obvious to me that it seems
silly someone does not determine unambiguously that the email came
from this list and then completely bypass SpamAssassin. With procmail
an "effective" but not bullet proof method exists that is fairly simple
to apply. (And if someone DOES spoof it the email ends up in my SA users
list folder where it becomes instant grist for the mill.)

You can also use whitelist_from_rcvd. But that's not as machine efficient.

{^_^}

Re: *****SPAM***** Re: DNS list service to detect the registrar barrier

Posted by arni <ma...@arni.name>.
jdow schrieb:
> You are if you're the only one dumb enough to run email from this list
> through SpamAssassin then you might be.
>
I dont exactly know why you have to flame people on this mailinglist but 
i'm gonna explain it to you:

This list offers a great way to learn bayes with spam related ham, which 
is in my opinion on of the best hams around. It is spam related, so it 
might contain tokens that are also found in spam and it a great way to 
show bayes that these tokens are not only present in spam, but can also 
be in ham.

arni

Re: *****SPAM***** Re: DNS list service to detect the registrar barrier

Posted by jdow <jd...@earthlink.net>.
You are if you're the only one dumb enough to run email from this list
through SpamAssassin then you might be.

{o.o}
----- Original Message ----- 
From: "arni" <ma...@arni.name>
To: "mouss" <mo...@netoyen.net>
Cc: <us...@spamassassin.apache.org>
Sent: Monday, 2007, July 02 13:06
Subject: Re: *****SPAM***** Re: DNS list service to detect the registrar 
barrier


> am i the only one getting a pretty solid false positive on the previous 
> post?
>
> X-Spam-Report: *  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: 
> policy says domain
> *       signs some mails
> *  2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
> *  2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
> *  2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
> *  2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
> * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> *      [score: 0.0000]
>

Re: *****SPAM***** Re: DNS list service to detect the registrar barrier

Posted by Lindsay Haisley <fm...@fmp.com>.
Nope, you're not.  

Marc's first example line quoted by Mouss hit 4 different spam rules for
the same error, for a total of 9.3 points.  Odd that the original post
by Marc did't get flagged.

The reference to perkel.com.rb ..... outht to flag 1 hit, not 4 for the
same line in the email!  If any one of these rules had not piled on,
BAYES_00 would have brought the score down to a non-spam level.

On Mon, 2007-07-02 at 22:06 +0200, arni wrote:
> am i the only one getting a pretty solid false positive on the previous 
> post?
> 
> X-Spam-Report: 
> 	*  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
> 	*       signs some mails
> 	*  2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
> 	*  2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
> 	*  2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
> 	*  2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
> 	* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> 	*      [score: 0.0000]
-- 
Lindsay Haisley       | "In an open world,    |     PGP public key
FMP Computer Services |    who needs Windows  |      available at
512-259-1190          |      or Gates"        | http://pubkeys.fmp.com
http://www.fmp.com    |                       |

Re: *****SPAM***** Re: DNS list service to detect the registrar barrier

Posted by arni <ma...@arni.name>.
am i the only one getting a pretty solid false positive on the previous 
post?

X-Spam-Report: 
	*  0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
	*       signs some mails
	*  2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
	*  2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
	*  2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
	*  2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
	* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
	*      [score: 0.0000]