At 05:23 PM 9/9/2004, Chris Santerre wrote:
OOOOOOHHHHH yeah! I didn't know that! Are we sure this is actually what it means and not just a miss-syntaxed paragraph? It actually resolves the IP against the RBL lookup?
If so....well then...problem solved, and devs get a cookie :)
Actually, upon closer read it checks the IP of the NS record.. So it's essentially blacklisting the IP's of the DNS servers that spammers are using.
So, for http://www.merchantsoverseas.com, it would look at your NS records:
MerchantsOverseas.com. 18185 IN NS auth20.ns.wcom.com. MerchantsOverseas.com. 18185 IN NS auth10.ns.wcom.com.
And would check the IPs 198.6.100.37 (auth20.ns.wcom.com) and 198.6.100.21 (auth10.ns.wcom.com)
On Thursday, September 9, 2004, 2:52:53 PM, Matt Kettler wrote:
At 05:23 PM 9/9/2004, Chris Santerre wrote:
OOOOOOHHHHH yeah! I didn't know that! Are we sure this is actually what it means and not just a miss-syntaxed paragraph? It actually resolves the IP against the RBL lookup?
If so....well then...problem solved, and devs get a cookie :)
Actually, upon closer read it checks the IP of the NS record.. So it's essentially blacklisting the IP's of the DNS servers that spammers are using.
So, for http://www.merchantsoverseas.com, it would look at your NS records:
MerchantsOverseas.com. 18185 IN NS auth20.ns.wcom.com. MerchantsOverseas.com. 18185 IN NS auth10.ns.wcom.com.
And would check the IPs 198.6.100.37 (auth20.ns.wcom.com) and 198.6.100.21 (auth10.ns.wcom.com)
Yes, which is why it's good as an SA rule, which can get a lower score to avoid collateral damage from FPs. In other words it's used as a booster of spam scoring and not an outright block criteria.
Jeff C.
-
Jeff Chan -
Matt Kettler