Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

RCVD_IN_DNSWL_MED

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


cgregory at hwcn

Oct 30, 2009, 8:39 AM

Post #1 of 3 (171 views)
Permalink
RCVD_IN_DNSWL_MED
Once again, I'm finding a piece of spam getting through
because of RCVD_IN_DNSWL_MED=-4 .....

Is this just the 'occasional' FP that we have to live with?
Or should I rethink scoring that DNSWL?

According to the headers, it looks like an end user of a web mail account
had their password hacked (probably they were stupid and answered one of
those 'send us your password' phishing mails). So I think the ISP has
a rep worthy of the WL. But are we jsut opening the door to allowing
spam as spammers target whitelisted systems to break into? Is there such a
thing as too much whitelisting?

- Charles


me at junc

Oct 30, 2009, 12:46 PM

Post #2 of 3 (148 views)
Permalink
Re: RCVD_IN_DNSWL_MED [In reply to]
On fre 30 okt 2009 16:39:04 CET, Charles Gregory wrote
> Once again, I'm finding a piece of spam getting through
> because of RCVD_IN_DNSWL_MED=-4 .....

what is the ip ?

http://www.dnswl.org/ make a request for change

dont change problem in sa

--
xpoint


cgregory at hwcn

Oct 30, 2009, 1:51 PM

Post #3 of 3 (148 views)
Permalink
Re: [sa] Re: RCVD_IN_DNSWL_MED [In reply to]
On Fri, 30 Oct 2009, Benny Pedersen wrote:
> On fre 30 okt 2009 16:39:04 CET, Charles Gregory wrote
>> Once again, I'm finding a piece of spam getting through
>> because of RCVD_IN_DNSWL_MED=-4 .....
> what is the ip ?

Don't think it really matters. As I stated in my OP, it looks like
a reputable ISP to which I need merely report the hacked account
and I'm sure they will fix things in a hurry.

The issue I am opening for discussion is whether this is the tip of a
spammer 'iceberg'. The phishing mails are obviosu signs that they consider
it a line of attack to obtain webmail passwords, but does this
represent a signficant impact on the trustworthiness of DNSWL?

- C

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.