You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by snowcrash+spamassassin <sc...@gmail.com> on 2007/03/14 01:27:44 UTC

why is WHOIS_DMNBYPROXY scoring on _my_ domain?

in emails sent TO me (me@mydomain.com), i'm noting SA scores of,

	*  0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
	*      [URIs: mydomain.com]

now, "mydomain.com" *IS*, in fact, reg'd @ Domains by Proxy ...
legitimately.  but, why is it scoring on _MY_ domain ?

no doubt i've misconfigured something in local.cf :-/

suggestions?

thanks.

Re: why is WHOIS_DMNBYPROXY scoring on _my_ domain?

Posted by snowcrash+spamassassin <sc...@gmail.com>.

> you can use uridnsbl_skip_domain
> to cause your domain to not be checked against uri blacklists.

that's what i was looking for.

thanks.

Re: why is WHOIS_DMNBYPROXY scoring on _my_ domain?

Posted by Matt Kettler <mk...@verizon.net>.

snowcrash+spamassassin wrote:
> Perhaps I mistated my question.
>
> Why is this triggering/scoring on *MY* domain on *INBOUND* email.
>
> I can understand if it's triggering on the sender's DBP registration
> -- but it's triggering, again, on _mine_.
I understood you perfectly.

YOUR domain is listed in the blacklist. YOUR domain appears in some URL
in the body text of the message, therefore YOUR domain causes the rule fire.

Why shouldn't it?

That said, this is a uridnsbl test, so you can use uridnsbl_skip_domain 
to cause your domain to not be checked against uri blacklists.

Re: why is WHOIS_DMNBYPROXY scoring on _my_ domain?

Posted by snowcrash+spamassassin <sc...@gmail.com>.

Perhaps I mistated my question.

Why is this triggering/scoring on *MY* domain on *INBOUND* email.

I can understand if it's triggering on the sender's DBP registration
-- but it's triggering, again, on _mine_.

Re: why is WHOIS_DMNBYPROXY scoring on _my_ domain?

Posted by Matt Kettler <mk...@verizon.net>.

snowcrash+spamassassin wrote:
> in emails sent TO me (me@mydomain.com), i'm noting SA scores of,
>
>     *  0.5 WHOIS_DMNBYPROXY Contains URL registered to Domains by Proxy
>     *      [URIs: mydomain.com]
>
> now, "mydomain.com" *IS*, in fact, reg'd @ Domains by Proxy ...
> legitimately.  but, why is it scoring on _MY_ domain ?
Because it's registered at domains by proxy. Period.

There is no "legitimate vs illegitimately" here. Either you're
registered via domains by proxy or not.

You are, therefore you're in that blacklist, therefore the rule fires.

Bear in mind:

1) It's only 0.5 points. That's one tenth the tag threshold for SA.
There's a reason this isn't scoring higher, it is a spam sign, but it is
a weak one.

2) Domains by Proxy and other whois anonymizers are quickly becoming a
haven for those who abuse email. It's also a haven for shady web stores
that don't want anyone to know their address as to avoid being sued by
people they've defrauded.  Several people recognize this pattern and and
are creating blacklists based on it.

Don't want to be on that blacklist? ditch domains by proxy and put your
real address on your whois.

Want your domain registration to be anonymous? Go for it, but you're
going to end up on this weakly used blacklist.

I hate to say it, but this blacklist is purely fact based. There's no
accusation you're a spammer, merely that you're using domains by proxy.
Which you are.

> no doubt i've misconfigured something in local.cf :-/
Nope, only in your domain registration.