Domain knows how to beat spam filters in SM16x

The Domain is "lstn.net" -- That domain has thousands of servers that have a way to mask everything.

Here is what is happening:

Their Domains is listed like this: 23-201-63-74.static.reverse.lstn.net

Naturally that is one of thousands as a Reverse Static?

Cyren Premium Anti-spam - Enabled

Blacklist - I blacklist one block 74.63.201.0/24 and they find another block to choose from.

SMTP Block -- EHLO Domain *.lstn.net" < Does Not Work

Enable rDNS -- and Mail from them also come in "UnknownHost [74.63.201.19])" This is done by labeling itself one domain and being a part of "lstn.net"

Weight Spam Block is set to 30 -- Theirs comes in at a wright of 50+

Content Filter Set to anywhere in Header: "*..lstn.net"

NOT ONE eMAIL EVER GOTTEN FROM THAT OUTFIT HAS BE WANTED OR SUBSCRIBED TO.

How do I beat this Nemesis!

Thank You,

Roger

echoDreamz Replied

7/19/2017 at 10:42 AM

This is exactly why we custom built a declude reverse DNS check as well as have been begging SmarterTools to FIX the RDNS lookup check or at least add an option to verify the forward of the reverse.

When 74.63.201.23 connects and SM does it's RDNS check, it passes. It should not pass. 74.63.201.23 resolves to 23-201-63-74.static.reverse.lstn.net however a forward check 23-201-63-74.static.reverse.lstn.net resolves to nothing. So that SHOULD fail the RDNS check, but does not.

Since we use Declude we wrote a simple .net application that does the reverse and forward lookups resolve and match. I hate doing this at the content level, but since SmarterMail's RDNS check is only halfway, this is our only choice.

echoDreamz Replied

7/19/2017 at 10:43 AM

Note that this IP is also listed in Spamhaus Zen, so you could also add their RBL check to your spam checks. We've found them to be extremely effective.

2 Replies

Reply to Thread

Related Knowledge Base Articles

2 Replies

Reply to Thread

Tags

Related Knowledge Base Articles