This is a discussion on Re: Need a rule written - Can whitelisting be this easy? - SpamAssassin ; On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote: > Need a rule written to take advantage of this trick and this could > be a major breakthrough in white listing. > > Here's what it needs to do: ...
On Jul 12, 2007, at 9:15 AM, Marc Perkel wrote:
> Need a rule written to take advantage of this trick and this could
> be a major breakthrough in white listing.
> Here's what it needs to do:
> 1) Take the IP of the connecting host and do an RDNS lookup to get
> the name.
> 2) Verify that the name that was looked up resolves to the same IP
> 3) Look up the name in this dns list ===
> 4) if it returns 127.0.0.1 - it's ham
I'd like to suggest that where the domain publishes SPF, we use that;
where it doesn't, we use your algorithm.
I recently coded up a very similar approach; I posted about it on the
SPF and Karmasphere mailing lists. Here is the original message:
On Jul 12, 2007, at 6:53 PM, Meng Weng Wong wrote:
> Cross-posted to the SPF and Karmasphere lists ...
> On Jul 12, 2007, at 12:45 PM, Meng Weng Wong wrote:
>> Those of you who have been following the authentication movement
>> will remember that reputation was always part of the plan.
>> It is the job of SPF/DKIM/etc to provide authentication.
>> Karmasphere's job is to provide reputation.
> I have had a huge grin on my face for the last half an hour.
> This afternoon I finally got up to speed with SpamAssassin's meta-
> and I just now got this report in my headers:
> * -0.0 SPF_PASS SPF: sender matches SPF record
> * -0.0 KS_REPUTABLE_DOMAIN_DNS RBL: Envelope sender in mengwong
> whitelist feedset
> * -123 AUTH_ACCOUNTABLE Envelope sender is both authenticated and
> What does it mean? An SPF pass, on its own, means little; an RHSWL
> match, on its own, means little; but together, they mean a lot.
> To obtain that score of -123, the message has to pass SPF and the
> envelope sender domain has to be whitelisted at the
> "mengwong.manywl-v1.dnswl.karmasphere.com" RHSWL.
> "mengwong.manywl-v1" is, in turn, a Karmasphere feedset that
> contains multiple other whitelists, including the dnswl.org's
> sources, ISIPP, Truste, and VeriSign's list of SSL certified domains.
> More feeds are being added to that feedset as we discover new
> sources of domain whitelists.
> I am tremendously pleased. For me, this is the culmination of
> several years of work: SPF offers authentication, and Karmasphere
> offers reputation. Together, they fight spam!
> Here's the snippet from my local.cf that does this:
> # karmasphere domain-based whitelist
> header KS_REPUTABLE_DOMAIN_DNS eval:check_rbl_envfrom
> ('mengwong.manywl-v1', 'mengwong.manywl-v1.dnswl.karmasphere.com.')
> describe KS_REPUTABLE_DOMAIN_DNS Envelope sender in mengwong
> whitelist feedset
> tflags KS_REPUTABLE_DOMAIN_DNS net
> score KS_REPUTABLE_DOMAIN_DNS -0.01
> meta AUTH_ACCOUNTABLE ((SPF_PASS || DKIM_VERIFIED ||
> DK_VERIFIED) && KS_REPUTABLE_DOMAIN_DNS)
> describe AUTH_ACCOUNTABLE Envelope sender is both authenticated
> and reputable
> tflags AUTH_ACCOUNTABLE userconf nice noautolearn
> score AUTH_ACCOUNTABLE -123
> I'm very happy!
> (At this time, while Karmasphere is in beta, querying that
> whitelist requires IP registration; it will not work if you do not
> have an account. After we're out of beta that requirement will be
> Off to rummage through the fridge in search of champagne...