Re: Reverse DNS RFCs and Recommendations

[Scott Howard <scott () doc net au>]

163.com (as well as 126.com which you don't have listed) is a bit of a
special case.

It's a Chinese site that offers free email address as well as a very
popular portal site - think of it as the Chinese equivalent to Yahoo or
Hotmail.

Whilst it's certainly true that a lot of spam originates from there, simply
classifying it as a spam site isn't (necessarily) correct, in the same way
that classifying yahoo or hotmail as spam isn't correct. The company behind
163.com is actually listed on the NASDAQ...

You did mention heuristics, so I'm guessing you're not actually just
outright blacklisting it, just wanted to point out that all number-only
domains aren't necessarily spam-only.

  Scott



On Thu, Oct 31, 2013 at 3:49 PM, Tony Hain <alh-ietf () tndh net> wrote:

> John Levine wrote:
> > Right.  Spam filtering depends on heuristics.  Mail from hosts without
> > matching forward/reverse DNS is overwhelmingly bot spam, so checking for
> > it is a very effective heuristic.
>
> Leading digit is clearly in widespread use beyond 3com & 1and1. One of the
> most effective heuristics in my acl list is:
> \N^.*@\d{3,}\.(cn|com|net|org|us|asia)
>
> In the last few hours it has picked off multiple messages from each of
> these:
> Carol28 () 8447 com
> Jeff17 () 3550 com
> Ronald79 () 0785 com
> Kevin57 () 2691 com
> Deborah76 () 3585 com
> Kimberly34 () 5864 com
> Sarah94 () 0858 com
> zavfdv () 131 com
> qgmklyysyn () 163 com
> pjpeng () 163 com
> fahuyrw () 163 com
> Daniel57 () 4704 com
> Helen95 () 2620 com