[SURBL-Discuss] Re[2]: More whitelist.cf
Robert Menschel
Robert at menschel.net
Sun Jun 12 03:46:05 CEST 2005
Hello Paul,
Saturday, June 11, 2005, 5:31:41 PM, you wrote:
>>RM> ... more whitelist entries ...
>>
>>whitelist_from_rcvd no.reply at 1and1.com
>> kundenserver.de # 1and1 Hosting & ISP
>>http://survey.1and1.com
LMU> I'm not so sure that 1&1 is immune from forgery, but if you
LMU> list it, you should also list the four domains oneandone.{com,net}
LMU> and 1und1.{com,net}. They are all the same company and forward
LMU> responses to abuse@ and to postmaster@ queries through the same
LMU> server (the problem is that *some* customer email also seems to go
LMU> through that server occasionally, and they have had abusive customers
LMU> in the past - so a forgery seems possible, even if unlikely).
Agreed -- given they are a large ISP, with plenty of valid web pages
at those domains (and, yes, some spammers), they need to be in the
surbl whitelist.
As for forgery, just a reminder that my source here is the SARE
whitelist.cf file I'm maintaining, which uses SpamAssassin's
"whitelist_from_rcvd" directive, which whitelists email in this case
only if it comes From no.reply at 1and1.com, AND the first email server
outside the recipient's network is confirmed to be kundenserver.de
There's never an absolute guarantee, but a forger would need to send
his forgery /through/ kundenserver.de to be successful here.
Bob Menschel
More information about the Discuss
mailing list