[Mimedefang] OT: DNS sanity check
Jeff Rife
mimedefang at nabs.net
Wed Jul 4 21:49:08 EDT 2007
On 4 Jul 2007 at 18:30, John Rudd wrote:
> > Unless the lack of DNS (or lack of correct DNS) is a show-stopper in
> > your processing, I'd say that not rejecting e-mail based on a DNS
> > inconsistency is absolutely the most reasonable thing to do.
>
> Given that the vast majority of those senders are generating spam
> and/viruses, I think accepting all of them is far more than just
> "being liberal".
I never said anything about accepting the e-mail. I just said that
rejecting based solely on the DNS mismatch is not reasonable. I
suspect that there are many other ways to filter out the bad e-mail
from these machines, and that many of them can also occur before the
DATA phase.
For me, the reason I don't even check DNS "errors" is because the false
positive rate is very high, and about 90% of the false positives are
things that the sysadmin often can do nothing about: ISP won't create
correct reverse DNS, multiple name/address machines that cause
mismatches, etc.
> However, I don't reject them on that basis alone. I mark them as spam
> on that basis alone (5 points in SA). I only reject when the SA score
> is 10+
That's not too bad, then, but I suspect that the number of messages you
reject solely because of that extra 5 points is a lot smaller than you
think it is, and if you take that into consideration, the false
positive rate is quite a bit higher than you suspect.
--
Jeff Rife | "One minute we were spanking each other with
| meat, and the next minute it got weird."
|
| -- Joe Hackett, "Wings"
More information about the MIMEDefang
mailing list