Hello Paul,
Saturday, June 11, 2005, 5:31:41 PM, you wrote:
RM> ... more whitelist entries ...
whitelist_from_rcvd no.reply@1and1.com kundenserver.de # 1and1 Hosting & ISP http://survey.1and1.com
LMU> I'm not so sure that 1&1 is immune from forgery, but if you LMU> list it, you should also list the four domains oneandone.{com,net} LMU> and 1und1.{com,net}. They are all the same company and forward LMU> responses to abuse@ and to postmaster@ queries through the same LMU> server (the problem is that *some* customer email also seems to go LMU> through that server occasionally, and they have had abusive customers LMU> in the past - so a forgery seems possible, even if unlikely).
Agreed -- given they are a large ISP, with plenty of valid web pages at those domains (and, yes, some spammers), they need to be in the surbl whitelist.
As for forgery, just a reminder that my source here is the SARE whitelist.cf file I'm maintaining, which uses SpamAssassin's "whitelist_from_rcvd" directive, which whitelists email in this case only if it comes From no.reply@1and1.com, AND the first email server outside the recipient's network is confirmed to be kundenserver.de
There's never an absolute guarantee, but a forger would need to send his forgery /through/ kundenserver.de to be successful here.
Bob Menschel