RE: IPs in Header As Indicator Of Spam

[Rob McEwen <ro...@powerviewsystems.com>]

Everyone would agree that if the sending server's IP address is listed on a
respected RBL like SpamHaus, there is a very high percentage chance that
that message is spam. (not that other additional testing shouldn't be
done... but, looking at this alone, at least 99.9+% of the time, the message
is spam)

Everyone would also agree that if an IP address found in the header is
listed at SpamHaus, it ALSO has a very high probability of being spam....
but perhaps not quite as high a chance as it would if this ip address were
the actual sending mail server?

Therefore, what I'm wondering is:

(1) roughly, what is the dropoff in percentage chance of being spam if the
RBL-listed IP is in the header but not actually the sending server's IP.

(2) are there any particular pit-falls or suggestions about minimizing FPs
where messages are blocked based on IPs within the header but not the actual
sending mail server (of course, I know that additional testing, like rules
and SURBL are also good... I'm wondering if there are any other things to
prevent FPs when relying on this method...)

Rob McEwen