You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Dirk Bonengel <di...@bonengel.de> on 2005/08/13 13:29:19 UTC

FYI: ccTLD .de listed in RFC-ignorant.org

FYI:
rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.

http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492 
(net) or 0.296 (net+bayes).

Re: FYI: ccTLD .de listed in RFC-ignorant.org

Posted by Ralf Hildebrandt <Ra...@charite.de>.

* Dirk Bonengel <di...@bonengel.de>:
> FYI:
> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.

Yes, since Spet. 2004

-- 
Ralf Hildebrandt (i.A. des IT-Zentrums)         Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin            Tel.  +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin    Fax.  +49 (0)30-450 570-962
IT-Zentrum Standort CBF                 send no mail to spamtrap@charite.de

Re: FYI: ccTLD .de listed in RFC-ignorant.org

Posted by Dirk Bonengel <di...@bonengel.de>.

Thanks for the clarification.

Dirk

Rob Skedgell schrieb:

>On Saturday 13 Aug 2005 12:29, Dirk Bonengel wrote:
>  
>
>>FYI:
>>rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
>>
>>
>>    
>>
>http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
>  
>
>>In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492 
>>(net) or 0.296 (net+bayes). 
>>    
>>
>
>This shouldn't cause problems as RFCI whois returns 127.0.0.7 for entire 
>TLD based domains, and 127.0.0.5 for others and SA (at least 3.0.4) 
>only tests for 127.0.0.5. See the listing policy at 
><http://www.rfc-ignorant.org/policy-whois.php>.
>
>$ grep DNS_FROM_RFC_WHOIS /usr/share/spamassassin/*
>/usr/share/spamassassin/20_dnsbl_tests.cf:header DNS_FROM_RFC_WHOIS     
>eval:check_rbl_sub('rfci_envfrom', '127.0.0.5')
>/usr/share/spamassassin/20_dnsbl_tests.cf:describe DNS_FROM_RFC_WHOIS   
>Envelope sender in whois.rfc-ignorant.org
>/usr/share/spamassassin/20_dnsbl_tests.cf:tflags DNS_FROM_RFC_WHOIS     
>net
>/usr/share/spamassassin/30_text_de.cf:lang de describe 
>DNS_FROM_RFC_WHOIS Absender in whois-Liste von www.rfc-ignorant.org
>/usr/share/spamassassin/50_scores.cf:score DNS_FROM_RFC_WHOIS 0 0.492 0 
>0.296
>
>e.g.:
>
>$ host de.whois.rfc-ignorant.org
>de.whois.rfc-ignorant.org has address 127.0.0.7
>
>$ host wot-2.com.whois.rfc-ignorant.org
>wot-2.com.whois.rfc-ignorant.org has address 127.0.0.5
>
>  
>

Re: FYI: ccTLD .de listed in RFC-ignorant.org

Posted by Rob Skedgell <ro...@nephelococcygia.demon.co.uk>.

On Saturday 13 Aug 2005 12:29, Dirk Bonengel wrote:
> FYI:
> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
> 
> 
http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
> In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492 
> (net) or 0.296 (net+bayes). 

This shouldn't cause problems as RFCI whois returns 127.0.0.7 for entire 
TLD based domains, and 127.0.0.5 for others and SA (at least 3.0.4) 
only tests for 127.0.0.5. See the listing policy at 
<http://www.rfc-ignorant.org/policy-whois.php>.

$ grep DNS_FROM_RFC_WHOIS /usr/share/spamassassin/*
/usr/share/spamassassin/20_dnsbl_tests.cf:header DNS_FROM_RFC_WHOIS     
eval:check_rbl_sub('rfci_envfrom', '127.0.0.5')
/usr/share/spamassassin/20_dnsbl_tests.cf:describe DNS_FROM_RFC_WHOIS   
Envelope sender in whois.rfc-ignorant.org
/usr/share/spamassassin/20_dnsbl_tests.cf:tflags DNS_FROM_RFC_WHOIS     
net
/usr/share/spamassassin/30_text_de.cf:lang de describe 
DNS_FROM_RFC_WHOIS Absender in whois-Liste von www.rfc-ignorant.org
/usr/share/spamassassin/50_scores.cf:score DNS_FROM_RFC_WHOIS 0 0.492 0 
0.296

e.g.:

$ host de.whois.rfc-ignorant.org
de.whois.rfc-ignorant.org has address 127.0.0.7

$ host wot-2.com.whois.rfc-ignorant.org
wot-2.com.whois.rfc-ignorant.org has address 127.0.0.5

-- 
Rob Skedgell <ro...@nephelococcygia.demon.co.uk>

Re: FYI: ccTLD .de listed in RFC-ignorant.org

Posted by Matt Kettler <mk...@evi-inc.com>.

Dirk Bonengel wrote:
> FYI:
> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.

As others pointed out, it's listed 127.0.0.7 not .5.

> 
> http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
> 
> In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
> (net) or 0.296 (net+bayes).

However, all that said, 0.492 is a pretty small score for a rule. And that low
score is a reflection of RFCI's occasional FP problems and low general hit rate
on spam.

Even if the rule was hitting all of .de, it really isn't that significant of a
score. (Unless you're talking about nutjobs with spam thresholds set at 1.0).

With such a low score, I really wouldn't worry much even if it was hitting.
Unless you're dealing with nutjobs that have spam thresholds set at 1.0 it
really isn't very significant.

Now 3.1.0-pre1 has a higher score for it. (1.45 in set3). That I might worry a
bit if it was false hitting.