...
RM> ... more whitelist entries ...
...
whitelist_from_rcvd no.reply@1and1.com kundenserver.de # 1and1 Hosting & ISP http://survey.1and1.com
...
I'm not so sure that 1&1 is immune from forgery, but if you list it, you should also list the four domains oneandone.{com,net} and 1und1.{com,net}. They are all the same company and forward responses to abuse@ and to postmaster@ queries through the same server (the problem is that *some* customer email also seems to go through that server occasionally, and they have had abusive customers in the past - so a forgery seems possible, even if unlikely).
Paul Shupak track@plectere.com
On Saturday, June 11, 2005, 5:31:41 PM, List User wrote:
...
RM> ... more whitelist entries ...
...
whitelist_from_rcvd no.reply@1and1.com kundenserver.de # 1and1 Hosting & ISP http://survey.1and1.com
...
I'm not so sure that 1&1 is immune from forgery, but if you
list it, you should also list the four domains oneandone.{com,net} and 1und1.{com,net}. They are all the same company and forward responses to abuse@ and to postmaster@ queries through the same server (the problem is that *some* customer email also seems to go through that server occasionally, and they have had abusive customers in the past - so a forgery seems possible, even if unlikely).
Hi Paul, What is their hat color please?
Jeff C. -- Don't harm innocent bystanders.
Hello Paul,
Saturday, June 11, 2005, 5:31:41 PM, you wrote:
RM> ... more whitelist entries ...
whitelist_from_rcvd no.reply@1and1.com kundenserver.de # 1and1 Hosting & ISP http://survey.1and1.com
LMU> I'm not so sure that 1&1 is immune from forgery, but if you LMU> list it, you should also list the four domains oneandone.{com,net} LMU> and 1und1.{com,net}. They are all the same company and forward LMU> responses to abuse@ and to postmaster@ queries through the same LMU> server (the problem is that *some* customer email also seems to go LMU> through that server occasionally, and they have had abusive customers LMU> in the past - so a forgery seems possible, even if unlikely).
Agreed -- given they are a large ISP, with plenty of valid web pages at those domains (and, yes, some spammers), they need to be in the surbl whitelist.
As for forgery, just a reminder that my source here is the SARE whitelist.cf file I'm maintaining, which uses SpamAssassin's "whitelist_from_rcvd" directive, which whitelists email in this case only if it comes From no.reply@1and1.com, AND the first email server outside the recipient's network is confirmed to be kundenserver.de
There's never an absolute guarantee, but a forger would need to send his forgery /through/ kundenserver.de to be successful here.
Bob Menschel