Versions Compared

Old Version 7

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 8

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When looking at lists from a black/white/yellow perspective there is an order to the list processing. First the yellow lists are tested. If the message is yellow listed then checking black and white lists isn't necessary. The the white lists are checked. If the message is white listed it can be passed without having to run it through SA or SA can short circuit the tests and declare the message ham. Then the black lists are checked and if it is in a trusted blacklist or several less trusted blacklists the message can be rejected.

Reducing Lookups by using multiple return codes to indicate the result

Many DNS lists return and code to indicate yes and nothing to indicate no. This was fine for only black list lookups but if you are looking up multiple states you would have to make a separate DNS call for each one.

No Format

 yellowlist.junkemailfilter.com
 whitelist.junkemailfilter.com
 blacklist.junkemailfilter.com

But why do three lookups when you can do one? That's the way the HostKarma list works. It returns a different value to indicate black/white/yellow.

No Format

 127.0.0.1 white
 127.0.0.2 black
 127.0.0.3 yellow

Forward Confirmed rDNS (FCrDNS)

...

Host Name based Lists based on FCrDNS host names

Wiki Markup
In addition to IP based black/white/yellow lists the \[http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists HostKarma lists\] also contain host names that are also listed. A host name lookup would look like this:

No Format

 dig mydomain.com.hostkarma.junkemailfilter.com

The FCrDNS of the sending host name (which can't be spoofed) is looked up in the same database that is used for IP based lookups. The Junk Email Filter HostKarma DNS list supports name based lookups as well as IP based lookups. If the lookup succeeds the IP base tests need not be done. The name based test are actually more powerful than IP based tests for white and yellow listed servers where IP based lookups are better for black listed hosts.

For example, if the FCrDNS of the sending host resolves to yahoo.com then no other DNS tests need to be done. Yahoo is neither a certified spam or ham domain and once the name returns yellow no other lookups need be done. The message then can go to content testing to figure out if it is spam or ham. If you get a message from your bank, like Wells Fargo Bank, and you see that the sending host is mail.wellsfargo.com, then it will look up as white listed and the message can be declared ham without any other testing.

Using name base lookups to build IP based lookup lists