From: /dev/rob0 (rob0gmx.co.uk)
Date: Thu Oct 13 2005 - 12:24:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 2005-October-13 12:01, Jorey Bump wrote:
> >>servers? Don't automatically assume this is a problem. It appears
> >> to be local.
> >
> > I disagree. I think he's right. I've seen sites which do this sort
> > of blocking based on Received: headers. They're using a filtering
> > approach which might be appropriate for a MUA, but it's wrong for a
> > MTA.
>
> Wrong is an understatement. How would such a site expect to accept
> much mail at all? Unless I misunderstand you, all mail originating
> from residential IP addresses would be filtered, even if they were
> properly relayed through the appropriate ISP's mail server. It would
> make no sense to apply weight to arbitrary Received: headers using a
> DUL list.

Wrong is common in email services, in fact it's nearly the standard. :)
I can relate a similar story about a commercial RBL service ... no need
to protect the guilty: http://maildeflector.com/

A colleague of mine was once affiliated with them, and I took the
opportunity to look around in their customers' area. They ask customers
to set up spamtrap addresses to forward to the MailDeflector spam
collector, which, I suppose, parses the Received headers.

They had lists of all IP addresses in their database, browsable by IP
quad ... for example, if they had a listing for camomile.cloud9.net
(168.100.1.3, one of our listserver's outbound relays), it would be at
"168/100/1/3.html".

And what do you guess I saw in their database? That's right. Bogons
galore. RFC 1918's. To their credit I don't recall seeing quads > 255,
though. :)

I started switching our sites from MailDeflector to Spamhaus. That
change alone reduced the spam and all but eliminated the false
positives.
--
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]