On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:

> Need a rule written to take advantage of this trick and this could
> be a major breakthrough in white listing.
>
> Here's what it needs to do:
>
> 1) Take the IP of the connecting host and do an RDNS lookup to get
> the name.
> 2) Verify that the name that was looked up resolves to the same IP
> address.
> 3) Look up the name in this dns list ===
> example.com.hostdomain.junkemailfilter.com
> 4) if it returns 127.0.0.1 - it's ham


I'd like to suggest that where the domain publishes SPF, we use that;
where it doesn't, we use your algorithm.

I recently coded up a very similar approach; I posted about it on the
SPF and Karmasphere mailing lists. Here is the original message:





On Jul 12, 2007, at 6:53 PM, Meng Weng Wong wrote:
> Cross-posted to the SPF and Karmasphere lists ...
>
> On Jul 12, 2007, at 12:45 PM, Meng Weng Wong wrote:
>>
>> Those of you who have been following the authentication movement
>> will remember that reputation was always part of the plan.
>>
>> It is the job of SPF/DKIM/etc to provide authentication.
>>
>> Karmasphere's job is to provide reputation.
>>

>
> I have had a huge grin on my face for the last half an hour.
>
> Why?
>
> This afternoon I finally got up to speed with SpamAssassin's meta-
> rules.
>
> and I just now got this report in my headers:
>
> * -0.0 SPF_PASS SPF: sender matches SPF record
> * -0.0 KS_REPUTABLE_DOMAIN_DNS RBL: Envelope sender in mengwong
> whitelist feedset
> * -123 AUTH_ACCOUNTABLE Envelope sender is both authenticated and
> reputable
>
> What does it mean? An SPF pass, on its own, means little; an RHSWL
> match, on its own, means little; but together, they mean a lot.
>
> To obtain that score of -123, the message has to pass SPF and the
> envelope sender domain has to be whitelisted at the
> "mengwong.manywl-v1.dnswl.karmasphere.com" RHSWL.
>
> "mengwong.manywl-v1" is, in turn, a Karmasphere feedset that
> contains multiple other whitelists, including the dnswl.org's
> sources, ISIPP, Truste, and VeriSign's list of SSL certified domains.
>
> More feeds are being added to that feedset as we discover new
> sources of domain whitelists.
>
> I am tremendously pleased. For me, this is the culmination of
> several years of work: SPF offers authentication, and Karmasphere
> offers reputation. Together, they fight spam!
>
> Here's the snippet from my local.cf that does this:
>
> # karmasphere domain-based whitelist
> header KS_REPUTABLE_DOMAIN_DNS eval:check_rbl_envfrom
> ('mengwong.manywl-v1', 'mengwong.manywl-v1.dnswl.karmasphere.com.')
> describe KS_REPUTABLE_DOMAIN_DNS Envelope sender in mengwong
> whitelist feedset
> tflags KS_REPUTABLE_DOMAIN_DNS net
>
> score KS_REPUTABLE_DOMAIN_DNS -0.01
>
> meta AUTH_ACCOUNTABLE ((SPF_PASS || DKIM_VERIFIED ||
> DK_VERIFIED) && KS_REPUTABLE_DOMAIN_DNS)
> describe AUTH_ACCOUNTABLE Envelope sender is both authenticated
> and reputable
> tflags AUTH_ACCOUNTABLE userconf nice noautolearn
>
> score AUTH_ACCOUNTABLE -123
>
> I'm very happy!
>
> (At this time, while Karmasphere is in beta, querying that
> whitelist requires IP registration; it will not work if you do not
> have an account. After we're out of beta that requirement will be
> dropped.)
>
> Off to rummage through the fridge in search of champagne...