IP address reputation, BorderWare
Chris Yuzik
itdept at fractalweb.com
Thu Mar 22 23:39:05 CET 2007
Kevin Miller wrote:
>
> You don't say what milter you're using, but I went to the test site
> mentioned and came up neutral. They didn't have any info on me at all.
> I'm running sendmail and smf-sav. Maybe your milter version is doing
> something other than mine?
>
Using SMF-SAV with Sendmail, same as you.
> I think something is askew however. If you're dropping 87% of inbound
> mail and borderware is aware of virtually all of it, that implies that
> pretty much everybody that sends you mail is using a borderware
> applience, or virtually all the spoofed addresses are to borderware
> protected networks, and that virtually all the drops are due to invalid
> senders. I have a hard time believing that. An awful lot of my
> connections are dropped based on invalid forged from, but an awful lot
> of them are also based on valid forged froms, and directed to invalid
> recipients in my domain.
>
Here's how I *think* the BorderWare product works. When an email comes
in for a valid recipient, it reports the server's IP and gives it 1
point in the "good" column and sends this back to the mothership, and
vice versa. I don't think for a second that they know about all of my
server's lookups, but that they know the % of lookups that are done.
> That said, if this is what Borderware is doing, we can only hope they
> don't start autoreporting to the RBLs...
>
Yes, certainly a concern of mine as well.
Chris
More information about the MailScanner
mailing list