Domain knows how to beat spam filters in SM16x
Question asked by Roger Everton - July 19, 2017 at 8:33 AM
Unanswered
The Domain is "lstn.net" -- That domain has thousands of servers that have a way to mask everything.
 
Here is what is happening:
 Their Domains is listed like this: 23-201-63-74.static.reverse.lstn.net
Naturally that is one of thousands as a Reverse Static?
 
Cyren Premium Anti-spam - Enabled
Blacklist - I blacklist one block 74.63.201.0/24 and they find another block to choose from.
SMTP Block -- EHLO Domain *.lstn.net" < Does Not Work
Enable rDNS -- and Mail from them also come in "UnknownHost [74.63.201.19])" This is done by labeling itself one domain and being a part of "lstn.net"
Weight Spam Block is set to 30 -- Theirs comes in at a wright of 50+
Content Filter Set to anywhere in Header: "*..lstn.net"
 
NOT ONE eMAIL EVER GOTTEN FROM THAT OUTFIT HAS BE WANTED OR SUBSCRIBED TO.
 
How do I beat this Nemesis!
 
Thank You,
Roger

2 Replies

Reply to Thread
1
echoDreamz Replied
This is exactly why we custom built a declude reverse DNS check as well as have been begging SmarterTools to FIX the RDNS lookup check or at least add an option to verify the forward of the reverse.
 
When 74.63.201.23 connects and SM does it's RDNS check, it passes. It should not pass. 74.63.201.23 resolves to 23-201-63-74.static.reverse.lstn.net however a forward check 23-201-63-74.static.reverse.lstn.net resolves to nothing. So that SHOULD fail the RDNS check, but does not.
 
Since we use Declude we wrote a simple .net application that does the reverse and forward lookups resolve and match. I hate doing this at the content level, but since SmarterMail's RDNS check is only halfway, this is our only choice.

Christopher

0
echoDreamz Replied
Note that this IP is also listed in Spamhaus Zen, so you could also add their RBL check to your spam checks. We've found them to be extremely effective.

Christopher

Reply to Thread