You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dirk Bonengel <di...@bonengel.de> on 2005/08/13 13:29:19 UTC
FYI: ccTLD .de listed in RFC-ignorant.org
FYI:
rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
(net) or 0.296 (net+bayes).
Re: FYI: ccTLD .de listed in RFC-ignorant.org
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Dirk Bonengel <di...@bonengel.de>:
> FYI:
> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
Yes, since Spet. 2004
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to spamtrap@charite.de
Re: FYI: ccTLD .de listed in RFC-ignorant.org
Posted by Dirk Bonengel <di...@bonengel.de>.
Thanks for the clarification.
Dirk
Rob Skedgell schrieb:
>On Saturday 13 Aug 2005 12:29, Dirk Bonengel wrote:
>
>
>>FYI:
>>rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
>>
>>
>>
>>
>http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
>
>
>>In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
>>(net) or 0.296 (net+bayes).
>>
>>
>
>This shouldn't cause problems as RFCI whois returns 127.0.0.7 for entire
>TLD based domains, and 127.0.0.5 for others and SA (at least 3.0.4)
>only tests for 127.0.0.5. See the listing policy at
><http://www.rfc-ignorant.org/policy-whois.php>.
>
>$ grep DNS_FROM_RFC_WHOIS /usr/share/spamassassin/*
>/usr/share/spamassassin/20_dnsbl_tests.cf:header DNS_FROM_RFC_WHOIS
>eval:check_rbl_sub('rfci_envfrom', '127.0.0.5')
>/usr/share/spamassassin/20_dnsbl_tests.cf:describe DNS_FROM_RFC_WHOIS
>Envelope sender in whois.rfc-ignorant.org
>/usr/share/spamassassin/20_dnsbl_tests.cf:tflags DNS_FROM_RFC_WHOIS
>net
>/usr/share/spamassassin/30_text_de.cf:lang de describe
>DNS_FROM_RFC_WHOIS Absender in whois-Liste von www.rfc-ignorant.org
>/usr/share/spamassassin/50_scores.cf:score DNS_FROM_RFC_WHOIS 0 0.492 0
>0.296
>
>e.g.:
>
>$ host de.whois.rfc-ignorant.org
>de.whois.rfc-ignorant.org has address 127.0.0.7
>
>$ host wot-2.com.whois.rfc-ignorant.org
>wot-2.com.whois.rfc-ignorant.org has address 127.0.0.5
>
>
>
Re: FYI: ccTLD .de listed in RFC-ignorant.org
Posted by Rob Skedgell <ro...@nephelococcygia.demon.co.uk>.
On Saturday 13 Aug 2005 12:29, Dirk Bonengel wrote:
> FYI:
> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
>
>
http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
> In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
> (net) or 0.296 (net+bayes).
This shouldn't cause problems as RFCI whois returns 127.0.0.7 for entire
TLD based domains, and 127.0.0.5 for others and SA (at least 3.0.4)
only tests for 127.0.0.5. See the listing policy at
<http://www.rfc-ignorant.org/policy-whois.php>.
$ grep DNS_FROM_RFC_WHOIS /usr/share/spamassassin/*
/usr/share/spamassassin/20_dnsbl_tests.cf:header DNS_FROM_RFC_WHOIS
eval:check_rbl_sub('rfci_envfrom', '127.0.0.5')
/usr/share/spamassassin/20_dnsbl_tests.cf:describe DNS_FROM_RFC_WHOIS
Envelope sender in whois.rfc-ignorant.org
/usr/share/spamassassin/20_dnsbl_tests.cf:tflags DNS_FROM_RFC_WHOIS
net
/usr/share/spamassassin/30_text_de.cf:lang de describe
DNS_FROM_RFC_WHOIS Absender in whois-Liste von www.rfc-ignorant.org
/usr/share/spamassassin/50_scores.cf:score DNS_FROM_RFC_WHOIS 0 0.492 0
0.296
e.g.:
$ host de.whois.rfc-ignorant.org
de.whois.rfc-ignorant.org has address 127.0.0.7
$ host wot-2.com.whois.rfc-ignorant.org
wot-2.com.whois.rfc-ignorant.org has address 127.0.0.5
--
Rob Skedgell <ro...@nephelococcygia.demon.co.uk>
Re: FYI: ccTLD .de listed in RFC-ignorant.org
Posted by Matt Kettler <mk...@evi-inc.com>.
Dirk Bonengel wrote:
> FYI:
> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
As others pointed out, it's listed 127.0.0.7 not .5.
>
> http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
>
> In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
> (net) or 0.296 (net+bayes).
However, all that said, 0.492 is a pretty small score for a rule. And that low
score is a reflection of RFCI's occasional FP problems and low general hit rate
on spam.
Even if the rule was hitting all of .de, it really isn't that significant of a
score. (Unless you're talking about nutjobs with spam thresholds set at 1.0).
With such a low score, I really wouldn't worry much even if it was hitting.
Unless you're dealing with nutjobs that have spam thresholds set at 1.0 it
really isn't very significant.
Now 3.1.0-pre1 has a higher score for it. (1.45 in set3). That I might worry a
bit if it was false hitting.