[unisog] .edu's who use SpamCop?

Mike Meredith mike.meredith at port.ac.uk
Thu Dec 18 09:03:23 GMT 2003


On Wed, 17 Dec 2003 16:25:30 -0500, Valdis.Kletnieks at vt.edu wrote:
> On Tue, 16 Dec 2003 17:15:57 EST, Sylvain Robitaille
> <syl at alcor.concordia.ca>  said:
> > easily the second most effective spam-detection mechanism we have,
> > and I can't think of a single case which would cause a
> > false-positive on this rule.

I always prefer to think of such rules as enforcing mail standards that
happen to block a lot of spam ... that way you get no false positives.

> So you'd see an inbound 'HELO turing-police.cc.vt.edu' from my office,
> or from the modem pool, or from one of the several lab and office

>From RFC2821: "The argument field contains the fully-qualified domain
name of the SMTP client if one is available."

In other words 'turing-police.cc.vt.edu' is flat wrong unless you're
connecting from a machine whose FQDN is that.

> So there *are* cases where it would false-positive....

No if you redefine the defang rule as enforcing standards.

-- 
Mike Meredith, Senior Informatics Officer
University of Portsmouth: Hostmaster, Postmaster and Security 
 "Why are we hiding from the police, daddy?"
 "Because we use vi, son, and they use emacs."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031218/ba02acfa/attachment-0003.bin


More information about the unisog mailing list