I have generally been a fan of the HOSTKARMA DNSBL over the long term.
Fuzzy memeory is that the operator was responsive and reaasonable.
Long ago (2014) I complained somewhat generally about spamassassin's
DNSBL inclusion policy, and was (quite reasonably) asked for specifics.
This report is technically off base, because it's about
RCVD_IN_HOSTKARMA_W which is in KAM but not the standard rules. But I
think whether HOSTKARMA_W is ok is of broad interest to SA users.
I got spam with a received line:
Received: from mx31.a.outbound.createsend.com (mx31.a.outbound.createsend.com [203.55.21.31])
which is indeed on Hostkarma white. The mail has the the flavor of
pretending to be legit, but it's an ad for a book from someone who
writes Dear Friend, and I don't know them.
I found
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
but I cannot find a way to report IP addresses that are incorrectly
whitelisted.
In the meantime I've set the score to -1. While there is likely a very
large fraction of ham coming from the listed addresses, I'm not
comfortable with -2.5 points for lists that contain spamming IP
addresses.
It looks like the KAM ruleset already has the notion of undoing the
HOSTKARMA_W score if the address is also in a blocklist -- which makes
me think that my problem is not wicked unusual.
Looking up this IP address:
http://multirbl.valli.org/lookup/203.55.21.31.html
I see 14 blocks, and only hostkarma and abusix are positive.
So I'm curious:
Is there any documented/discoverable way to report that spam was
received from an address in HOSTKARMA_W?
Opinions on recommendations to rescore it to some value less negative
than the KAM-default -2.5?
Am I missing something?
Thanks,
Greg
Fuzzy memeory is that the operator was responsive and reaasonable.
Long ago (2014) I complained somewhat generally about spamassassin's
DNSBL inclusion policy, and was (quite reasonably) asked for specifics.
This report is technically off base, because it's about
RCVD_IN_HOSTKARMA_W which is in KAM but not the standard rules. But I
think whether HOSTKARMA_W is ok is of broad interest to SA users.
I got spam with a received line:
Received: from mx31.a.outbound.createsend.com (mx31.a.outbound.createsend.com [203.55.21.31])
which is indeed on Hostkarma white. The mail has the the flavor of
pretending to be legit, but it's an ad for a book from someone who
writes Dear Friend, and I don't know them.
I found
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
but I cannot find a way to report IP addresses that are incorrectly
whitelisted.
In the meantime I've set the score to -1. While there is likely a very
large fraction of ham coming from the listed addresses, I'm not
comfortable with -2.5 points for lists that contain spamming IP
addresses.
It looks like the KAM ruleset already has the notion of undoing the
HOSTKARMA_W score if the address is also in a blocklist -- which makes
me think that my problem is not wicked unusual.
Looking up this IP address:
http://multirbl.valli.org/lookup/203.55.21.31.html
I see 14 blocks, and only hostkarma and abusix are positive.
So I'm curious:
Is there any documented/discoverable way to report that spam was
received from an address in HOSTKARMA_W?
Opinions on recommendations to rescore it to some value less negative
than the KAM-default -2.5?
Am I missing something?
Thanks,
Greg