Since you're checking out Bonded Sender, can you request a zone transfer or rsync from these guys too so we can check their data?
Note that the Bonded Sender status of a sender (are they or aren't they) is incorporated into the IADB data. The same for Habeas status, and whether they publish SPF records, among many other things (the complete list of information one can glean from an IADB lookup is available here: http://www.isipp.com/iadbcodes.php)
As Jeff notes, you can sign up to query here: http://iadb.isipp.com/iadb_query_sign_up.php
If you have any questions, or suggestions, please feel free to contact me personally.
Anne
Anne P. Mitchell, Esq. President/CEO Institute for Spam and Internet Public Policy Professor of Law, Lincoln Law School of SJ Committee Member, Asilomar Microcomputer Workshop
Anne P. Mitchell, Esq. wrote:
If you have any questions, or suggestions
One question / suggestion: You have links to spamcop.net and pobox.com on your pages. There's apparently no documented test entry for *.IDDB.isipp.com (RHS-DB), therefore I tried...
2.0.0.127.iddb.isipp.com (just in case) example.tld.iddb.isipp.com (RFCI convention) spamcop.net.iddb.isipp.com (no result) pobox.com.iddb.isipp.com (no result)
...so how is iddb.isipp.com supposed to work ? SURBL is a kind of a RHSBL, and if IDDB is essentially a RHSWhiteList, this might be interesting for the whitelisting folks here.
For my own purposes (rxwhois) I've yet only adopted WADB, because I don't want to mix black and white list queries.
Bye, Frank
On Thursday, September 9, 2004, 1:15:27 PM, Frank Ellermann wrote:
Anne P. Mitchell, Esq. wrote:
If you have any questions, or suggestions
One question / suggestion: You have links to spamcop.net and pobox.com on your pages. There's apparently no documented test entry for *.IDDB.isipp.com (RHS-DB), therefore I tried...
2.0.0.127.iddb.isipp.com (just in case) example.tld.iddb.isipp.com (RFCI convention) spamcop.net.iddb.isipp.com (no result) pobox.com.iddb.isipp.com (no result)
...so how is iddb.isipp.com supposed to work ? SURBL is a kind of a RHSBL, and if IDDB is essentially a RHSWhiteList, this might be interesting for the whitelisting folks here.
For my own purposes (rxwhois) I've yet only adopted WADB, because I don't want to mix black and white list queries.
Bye, Frank
I asked a similar question and Anne mentioned that their own domains are not in the database yet, but will be added.
I hope she won't mind my sharing her test suggestion in the interest of clearing up some confusion:
anntaylor.outbound.ed10.com
What it will return is the IP address to which the domain/subdomain is bound (which IP address is in turn listed in IADB, so that you can get all the good on it).
Jeff C.
I hope she won't mind my sharing her test suggestion in the interest of clearing up some confusion:
anntaylor.outbound.ed10.com
What it will return is the IP address to which the domain/subdomain is bound (which IP address is in turn listed in IADB, so that you can get all the good on it).
Right..IDDB is in essence an authentication database, allowing senders to declare IP responsibility for subdomains.
We have toyed with adding the IADB response codes for the responsible IP address directly to IDDB, and would do so if we were told it would be useful.
For WL purposes, many find IADB2 useful. I'm sorry I don't have the url handy...am on the road right now.
Anne
Sent from my Tmobile Sidekick HipTop
Jeff Chan wrote:
their own domains are not in the database yet, but will be added.
Okay, So a IADB whitelist test for...
anntaylor.outbound.ed10.com
...would work along the lines:
| anntaylor.outbound.ed10.com.iddb.isipp.com = 64.14.86.219 | 219.86.14.64.iadb2.isipp.com = 127.0.0.40
Where 40 means 10 "listed" + 3 * 10 "other reasons" resp. 10 "listed" + 20 "important reason" + 10 "other reason".
It's probably better to use the detailed codes offered by iadb.isipp.com, but I check this stuff with GetHostByAddr(), and then the single iadb2 code is good enough.
In theory you could use this method to catch some dubious submissions. It's not exactly a whitelist, a spammer is free to buy an IADB entry ($ 500 + a monthly fee) as long as he follows the IADB definition of "legit". I'm certain that it's neither your nor my definition... <gd&r>
Bye, Fank
In theory you could use this method to catch some dubious submissions. It's not exactly a whitelist, a spammer is free to buy an IADB entry ($ 500 + a monthly fee) as long as he follows the IADB definition of "legit". I'm certain that it's neither your nor my definition... <gd&r>
Heh...the thing is, it's not a whitelist at all, and *you* (the receiver querying) gets to define what "legit" means. That's the beauty of the system.
Note that we even offer codes for "scrapes addressess". Oddly, no sender has signed up to be listed in that category. <grin>
Anne
Anne P. Mitchell, Esq. President/CEO Institute for Spam and Internet Public Policy Professor of Law, Lincoln Law School of SJ Committee Member, Asilomar Microcomputer Workshop
On Thursday, September 9, 2004, 3:57:58 PM, Frank Ellermann wrote:
Jeff Chan wrote:
their own domains are not in the database yet, but will be added.
Okay, So a IADB whitelist test for...
anntaylor.outbound.ed10.com
...would work along the lines:
| anntaylor.outbound.ed10.com.iddb.isipp.com = 64.14.86.219 | 219.86.14.64.iadb2.isipp.com = 127.0.0.40
Where 40 means 10 "listed" + 3 * 10 "other reasons" resp. 10 "listed" + 20 "important reason" + 10 "other reason".
It's probably better to use the detailed codes offered by iadb.isipp.com, but I check this stuff with GetHostByAddr(), and then the single iadb2 code is good enough.
Yes:
anntaylor.outbound.ed10.com.iddb.isipp.com. 1H IN A 64.14.86.219
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.100.7 219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.1 219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.2 219.86.14.64.iadb.isipp.com. 1H IN A 127.0.2.2
Still a bit too sender-centric for my likes, but perhaps workable.
In theory you could use this method to catch some dubious submissions. It's not exactly a whitelist, a spammer is free to buy an IADB entry ($ 500 + a monthly fee) as long as he follows the IADB definition of "legit". I'm certain that it's neither your nor my definition... <gd&r>
We could use it as a flag to check new records for FPs as opposed to am outright whitelist.
Jeff C.
anntaylor.outbound.ed10.com.iddb.isipp.com. 1H IN A 64.14.86.219
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.100.7 219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.1 219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.2 219.86.14.64.iadb.isipp.com. 1H IN A 127.0.2.2
Or, alternatively, a lookup to IADB2 yields:
219.86.14.64.iadb2.isipp.com. 1H IN A 127.0.0.40
This means that they have accumulated 40 points in our IADB2 point scoring system - this is the aggregate scoring offered as an alternative to the individual data-point scoring you've quoted above.
The IADB2 scores are as follows:
Listed in IADB
*Default score
10
Vouched listing *They are known to ISIPP as good senders 10
Participate in EDDB *They have certain required policies and are immediately contactable 10
Is a member of EPIA *They participate in a cross-industry sender/receiver forum 10
Publishes SPF or Microsoft Caller I.D. *They take responsibility for domain authentication 10
Participates in Habeas or Bonded Sender *They are contractually obligated to send only wanted email 20
All mailing list mail is opt-in 10
All mailing list mail is confirmed (double) opt-in 20
------
This is taken from: http://www.isipp.com/iadb2codes.php
As someone else noted, that means that in order to get a score of, say, 40 (127.0.0.40), one has to have 4 'hits', or be listed with Habeas or Bonded Sender or have all mail be confirmed opt-in plus 2 other 'hits.
40 seems to be a good cut-off for deciding to whitelist something (40 or above) or not.
Anne
Jeff Chan wrote:
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.100.7
Undocumented
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.1
Listed (=> + 10 in IADB2)
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.2
Undocumented
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.2.2
EPIA member (whatever that is, +10 in IADB2)
The SPF record isn't listed (127.2.255.1), that would explain ten more points in IADB2. No idea what the reason for the last 10 IADB2 points is.
We could use it as a flag to check new records for FPs as opposed to am outright whitelist.
Yes, and in that case checking IADB2 would be good enough.
Bye, Frank
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.100.7
Undocumented
I just went and slapped someone (not really!), and had that fixed - it *should* have read 127.3.100.7, and means that their mailing policy is "opt-in" (ahem - NOT confirmed opt-in, which has a code of 127.3.100.10).
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.0.2
Undocumented
It's simply an alternative to 127.0.0.1, as we have had a couple of queriers say that was what they could use, and only what they could use - and it's now documented on the codes page. Thank you for bringing these to our attention!
219.86.14.64.iadb.isipp.com. 1H IN A 127.0.2.2
EPIA member (whatever that is, +10 in IADB2)
EPIA is the Email Processing Industry Alliance. It's a cross-industry alliance of ISPs, Spam Filtering companies, Email Service Providers, and online marketers.
From the site at http://www.epialliance.org:
"We meet on a regular basis for the purpose of both working together, and making industry recommendations, to help ensure that we only deliver email which users want, and not email which users don't want. In other words, only wanted mail, and not spam. Each and every of our members is dedicated to this goal, and subscribes and adheres to the highest standards of email processing management. Our members work together to help each other and the industry to achieve the twin goals of maximum email deliverability, and minimum spam."
I happen to be involved with it, because it came out of the original Email Deliverability Summits which I organized.
The SPF record isn't listed (127.2.255.1), that would explain ten more points in IADB2. No idea what the reason for the last 10 IADB2 points is.
You missed:
127.0.1.255, which means "vouched", and is good for 10 points. "Vouched" means that they are personally known to ISIPP through industry dealings, and known to be senders genuinely striving to do the right thing.
Anne
Anne P. Mitchell, Esq. wrote:
I just went and slapped someone (not really!), and had that fixed - it *should* have read 127.3.100.7
Tnx, the logic behind these IP codes isn't obvious, and so I wasn't sure if that was only a typo.
[127.0.0.2]
It's simply an alternative to 127.0.0.1, as we have had a couple of queriers say that was what they could use
Yes, I tried hard to convince Jeff that abusing 127.0.0.1 is a big NoNo for multi.surbl.org, even if it means to lose one of eight bits.
EPIA is the Email Processing Industry Alliance. It's a cross-industry alliance of ISPs, Spam Filtering companies, Email Service Providers, and online marketers.
Tnx for info, the member list appears to be okay, and that I'm no big fan of RR is probably only a personal thing ;-) Better than the ESPC member list mentioning "doubleclick.net", they occupy several permanent entries in my /etc/hosts file.
Bye, Frank
-
Anne P. Mitchell -
Anne P. Mitchell, Esq.
-
Frank Ellermann -
Jeff Chan