spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: FPs on RCVD_ILLEGAL_IP
Date Tue, 21 Apr 2015 20:07:43 GMT

Am 21.04.2015 um 21:23 schrieb shanew@shanew.net:
> On Tue, 21 Apr 2015, Dianne Skoll wrote:
>
>> On Tue, 21 Apr 2015 16:56:48 +0200
>> Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>>
>>> what if Microsoft starts using other IP range tested by
>>> RCVD_ILLEGAL_IP?
>>
>> Then it deserves what it gets.  Market forces are intended to penalize
>> companies that do stupid things and if we interfere in those market
>> forces, it will only encourage more stupid things.
>>
>> Or you could look at it this way: RCVD_ILLEGAL_IP was a really good
>> spam indicator until Microsoft messed up, so by using those IPs Microsoft
>> is helping spammers by forcing spam-fighters to reduce or abandon a
>> pretty good rule.  Should that sort of behavior be rewarded?
>
> I presume detecting forged Received headers was the point of this rule
> all along, so if we all toss this rule out the window (or adjust to
> exclude this edge case), aren't we potentially encouraging spammers to
> "hide" their true networks in the same way?

frankly i don't care for *internal hops* but for the IP delivering mail 
which can not be forged

> It occurs to me that if MS are the only people who are doing this, a
> meta-rule could counteract the score in that specific case.  If it
> gets used much beyond that by legitimate actors though, that's a whole
> other story

looks like you are new on this list otherwise you would know that not so 
long ago Yahoo did hit the same rule

my "problem" with that rule is that it hits practically no spam but only 
ham and so it goes in the wrong direction entirely and the same happened 
in the *ther direction* with "RP_MATCHES_RCVD" which is now 
"T_RP_MATCHES_RCVD" and so no longer has impact for people not aware

both are rules doing nothing good


Mime
View raw message