[unisog] .edu's who use SpamCop?
mike.meredith at port.ac.uk
Thu Dec 18 09:03:23 GMT 2003
On Wed, 17 Dec 2003 16:25:30 -0500, Valdis.Kletnieks at vt.edu wrote:
> On Tue, 16 Dec 2003 17:15:57 EST, Sylvain Robitaille
> <syl at alcor.concordia.ca> said:
> > easily the second most effective spam-detection mechanism we have,
> > and I can't think of a single case which would cause a
> > false-positive on this rule.
I always prefer to think of such rules as enforcing mail standards that
happen to block a lot of spam ... that way you get no false positives.
> So you'd see an inbound 'HELO turing-police.cc.vt.edu' from my office,
> or from the modem pool, or from one of the several lab and office
>From RFC2821: "The argument field contains the fully-qualified domain
name of the SMTP client if one is available."
In other words 'turing-police.cc.vt.edu' is flat wrong unless you're
connecting from a machine whose FQDN is that.
> So there *are* cases where it would false-positive....
No if you redefine the defang rule as enforcing standards.
Mike Meredith, Senior Informatics Officer
University of Portsmouth: Hostmaster, Postmaster and Security
"Why are we hiding from the police, daddy?"
"Because we use vi, son, and they use emacs."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 185 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031218/ba02acfa/attachment-0003.bin
More information about the unisog