ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] test for port 25 of sending MTA - for spam detection

2013-08-23 11:31:34
On Fri, 23 Aug 2013, keld wrote:
> Thi idea was to use it as a check in addition to DNSBL etc.
>
> The advantage over DNSBL is that for DNSBL you first need to register
> the offending site with DNSBL.

Not necessarily. See for instance http://www.spamhaus.org/pbl/

FWIW, I just checked the sending IP addresses a bunch of spam emails that
weren't listed at Spamhaus ZEN at time of delivery. A significant minority
of them (~ 40%) was listening on port 25.

At the same time, several IP addresses that were sending legitimate email
weren't.

This is actually very common, and the larger the provider the more likely it's
going to be. Large providers use different systems for inbound versus outbound
versus submission versus AS/AV. Separation of function makes all sorts of sense
when you're talking about deployments with hundreds or even thousands of
individual systems.

Perhaps, if you do it very carefully, adding a tiny score for emails
delivered from an IP address that wasn't listening on port 25 will improve
your filter's performance by 0.03%.

Or perhaps it won't.

A wash if you're lucky.

                                Ned
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp