Hi,
when experimenting with rhsbl.ahbl.org sender blacklists on MTA level, I noticed: reject_warning: RCPT from mta121.cheetahmail.com[66.165.100.122]: 571 Service unavailable; Sender address [bo-byytbuda6faq70bcxwgsmb73r6zqxc@b.apc.chtah.com] blocked using rhsbl.ahbl.org; Domain used in spam. Access is not allowed.;
To me, the email seemed to be a valid product hotfix notification from http://www.apc.com to registered recipients.
What are your experiences with or views about cheetah.com? They appear to be mass mailers, but also engaged in anti-spam measures / sender verification acitivities, and what are your experiences with rhsbl.ahbl.org?
I would like to make up my mind - whether to whitelist cheetah.com mailservers from being blocked on MTA level in order to avoid FPs when using ahbl - whether to use rhsbl.ahbl.org to reject mails at the MTA level.
Cheers,
wolfgang
Sorry, I typed cheetah.com instead of cheetahmail.com below. It's getting late here ... pardon the confusion.
In an older episode (Wednesday, 31. August 2005 02:11), wolfgang wrote:
What are your experiences with or views about cheetah.com? They appear to be mass mailers, but also engaged in anti-spam measures / sender verification acitivities, and what are your experiences with rhsbl.ahbl.org?
I would like to make up my mind
- whether to whitelist cheetah.com mailservers from being blocked on MTA
level
in order to avoid FPs when using ahbl
- whether to use rhsbl.ahbl.org to reject mails at the MTA level.
Cheers,
wolfgang
Hi!
Sorry, I typed cheetah.com instead of cheetahmail.com below. It's getting late here ... pardon the confusion.
What are your experiences with or views about cheetah.com? They appear to be mass mailers, but also engaged in anti-spam measures / sender verification acitivities, and what are your experiences with rhsbl.ahbl.org?
You also ment to post this on the ahbl list right? :) Please limit the postings somehow to surbl.
To give a short answer, no, i would not even think about using that list to reject mail at mta stage. Only if it would be a weight in some spamassassin alike solution it would be ok. There is really very few lists that i would block with. DSBL is one of the few doing ok there. Even spamhaus or spamcop i would not use for direct blocking. Just my 2 cents. It just gives too many fp's.
Bye, Raymond.
Hi,
first i want to thank all of you who replied - on and off list. Your input is highly appreciated and has helped me making my decision to not use ahbl.org at MTA level (i have been using it in local SA rules with low score and in meta-rules already, just like spews).
In an older episode (Wednesday, 31. August 2005 02:27), Raymond Dijkxhoorn wrote:
You also ment to post this on the ahbl list right? :) Please limit the postings somehow to surbl.
Raymond: nope, not another mailing list besides SA, surbl, uribl, postfix and a few more. I have found this list a pool of highly knowledgeable anti-spam activists, and I wanted exactly the kind of knowledgeable feedback and background information out of this pool that y'all have given me here on that subject. And I still think the subject is close enuf to surbl not to be totally off topic here.
In an older episode (Wednesday, 31. August 2005 03:32), Jeff Chan wrote:
Wolfgang, An obvious question is: are you seeing cheetah.com in spams or hams?
Nope. Cheetah.com simply was a typo. All my questions were related to cheetahmail.com and ahbl.org.
cheers and thanks again,
wolfgang
On Tuesday, August 30, 2005, 5:19:07 PM, wolfgang wolfgang wrote:
Sorry, I typed cheetah.com instead of cheetahmail.com below. It's getting late here ... pardon the confusion.
Don't know anything about them, but the two domains seem to be owned by completely different parties: __
CHEETAH SOFTWARE SYSTEMS INC 200 N WESTLAKE BLVD. #200 WESTLAKE VILLAGE, CA 91362 US
Domain Name: CHEETAH.COM
Administrative Contact: Roseman, Hal HAL@CHEETAH.COM CHEETAH SOFTWARE SYSTEMS, INC 200 N WESTLAKE BLVD. #200 WESTLAKE VILLAGE, CA 91362 US (805) 373-7111 fax: 999 999 9999
Technical Contact: Internet Specialties West dom-admin@ISWEST.NET Internet Specialties West 29219 Canwood Street Suite 110 Agoura Hills, CA 91301 US 818-735-3000 fax: 818-735-3004
Record expires on 21-May-2008. Record created on 20-May-1994. Database last updated on 30-Aug-2005 21:00:10 EDT.
Domain servers in listed order:
NS1.ISWEST.NET 207.178.128.20 NS2.ISWEST.NET 207.178.128.21 __
CheetahMail 29 Broadway, 21st floor New York, NY 10006 US
Domain Name: CHEETAHMAIL.COM
Administrative Contact, Technical Contact: Villeger, David hostmaster-cheetahmail@CHEETAHMAIL.COM CheetahMail 29 Broadway, 21st floor New York, NY 10006 US (212) 809-0825 fax: (212) 809-6378
Record expires on 04-Jun-2006. Record created on 05-Jun-1998. Database last updated on 30-Aug-2005 21:00:22 EDT.
Domain servers in listed order:
C.NS.CHEETAHMAIL.COM 216.15.189.57 D.NS.CHEETAHMAIL.COM 216.15.189.58 E.NS.CHEETAHMAIL.COM 207.251.96.133 F.NS.CHEETAHMAIL.COM 207.251.96.134
Jeff C. -- Don't harm innocent bystanders.
On Tuesday, August 30, 2005, 6:15:48 PM, Jeff Chan wrote:
On Tuesday, August 30, 2005, 5:19:07 PM, wolfgang wolfgang wrote:
Sorry, I typed cheetah.com instead of cheetahmail.com below. It's getting late here ... pardon the confusion.
Don't know anything about them, but the two domains seem to be owned by completely different parties: __
CHEETAH SOFTWARE SYSTEMS INC 200 N WESTLAKE BLVD. #200 WESTLAKE VILLAGE, CA 91362 US
Domain Name: CHEETAH.COM
Administrative Contact: Roseman, Hal HAL@CHEETAH.COM CHEETAH SOFTWARE SYSTEMS, INC 200 N WESTLAKE BLVD. #200 WESTLAKE VILLAGE, CA 91362 US (805) 373-7111 fax: 999 999 9999
Technical Contact: Internet Specialties West dom-admin@ISWEST.NET Internet Specialties West 29219 Canwood Street Suite 110 Agoura Hills, CA 91301 US 818-735-3000 fax: 818-735-3004
Record expires on 21-May-2008. Record created on 20-May-1994. Database last updated on 30-Aug-2005 21:00:10 EDT.
Domain servers in listed order:
NS1.ISWEST.NET 207.178.128.20 NS2.ISWEST.NET 207.178.128.21 __
CheetahMail 29 Broadway, 21st floor New York, NY 10006 US
Domain Name: CHEETAHMAIL.COM
Administrative Contact, Technical Contact: Villeger, David hostmaster-cheetahmail@CHEETAHMAIL.COM CheetahMail 29 Broadway, 21st floor New York, NY 10006 US (212) 809-0825 fax: (212) 809-6378
Record expires on 04-Jun-2006. Record created on 05-Jun-1998. Database last updated on 30-Aug-2005 21:00:22 EDT.
Domain servers in listed order:
C.NS.CHEETAHMAIL.COM 216.15.189.57 D.NS.CHEETAHMAIL.COM 216.15.189.58 E.NS.CHEETAHMAIL.COM 207.251.96.133 F.NS.CHEETAHMAIL.COM 207.251.96.134
Wolfgang, An obvious question is: are you seeing cheetah.com in spams or hams?
Jeff C. -- Don't harm innocent bystanders.
On Tuesday, August 30, 2005, 5:11:23 PM, wolfgang wolfgang wrote:
Hi,
when experimenting with rhsbl.ahbl.org sender blacklists on MTA level, I noticed: reject_warning: RCPT from mta121.cheetahmail.com[66.165.100.122]: 571 Service unavailable; Sender address [bo-byytbuda6faq70bcxwgsmb73r6zqxc@b.apc.chtah.com] blocked using rhsbl.ahbl.org; Domain used in spam. Access is not allowed.;
To me, the email seemed to be a valid product hotfix notification from http://www.apc.com to registered recipients.
What are your experiences with or views about cheetah.com? They appear to be mass mailers, but also engaged in anti-spam measures / sender verification acitivities, and what are your experiences with rhsbl.ahbl.org?
I would like to make up my mind
- whether to whitelist cheetah.com mailservers from being blocked on MTA level
in order to avoid FPs when using ahbl
- whether to use rhsbl.ahbl.org to reject mails at the MTA level.
Cheers,
wolfgang
We whitelisted cheetahmail.com in SURBLs, presumably because we saw false positives on it, as you suggest.
I personally don't use ahbl for blocking at any level. sbl-xbl.spamhaus.org, list.dsbl.org and combined.njabl.org are the ones I usually recommend at the MTA level, but they may be too strict or not strict enough for some situations.
Jeff C. -- Don't harm innocent bystanders.
I would like to make up my mind
- whether to whitelist cheetah.com mailservers from being blocked on MTA level in order to avoid FPs when using ahbl
- whether to use rhsbl.ahbl.org to reject mails at the MTA level.
As ESPs go, CheetahMail is better than many. I'd say they're not whitehat, but light grey. I certainly would expect that email from them is usually not spam.
The AHBL lists are aggressive. If a bulk email sender isn't completely COI, that sender is likely to get listed by them. I use the AHBL on my local systems as part of SpamBouncer scoring, but I'd never reject email at the MTA level based on an AHBL blocklist hit. There is just too great a chance of a false positive.
-
ariel@spambouncer.org -
Jeff Chan -
Raymond Dijkxhoorn -
wolfgang