Reverse DNS RFCs and Recommendations

Thu Oct 31 23:17:22 UTC 2013

163.com (as well as 126.com which you don't have listed) is a bit of a
special case.

It's a Chinese site that offers free email address as well as a very
popular portal site - think of it as the Chinese equivalent to Yahoo or
Hotmail.

Whilst it's certainly true that a lot of spam originates from there, simply
classifying it as a spam site isn't (necessarily) correct, in the same way
that classifying yahoo or hotmail as spam isn't correct. The company behind
163.com is actually listed on the NASDAQ...

You did mention heuristics, so I'm guessing you're not actually just
outright blacklisting it, just wanted to point out that all number-only
domains aren't necessarily spam-only.

  Scott

On Thu, Oct 31, 2013 at 3:49 PM, Tony Hain <alh-ietf at tndh.net> wrote:

> John Levine wrote:
> > Right.  Spam filtering depends on heuristics.  Mail from hosts without
> > matching forward/reverse DNS is overwhelmingly bot spam, so checking for
> > it is a very effective heuristic.
>
> Leading digit is clearly in widespread use beyond 3com & 1and1. One of the
> most effective heuristics in my acl list is:
> \N^.*@\d{3,}\.(cn|com|net|org|us|asia)
>
> In the last few hours it has picked off multiple messages from each of
> these:
> Carol28 at 8447.com
> Jeff17 at 3550.com
> Ronald79 at 0785.com
> Kevin57 at 2691.com
> Deborah76 at 3585.com
> Kimberly34 at 5864.com
> Sarah94 at 0858.com
> zavfdv at 131.com
> qgmklyysyn at 163.com
> pjpeng at 163.com
> fahuyrw at 163.com
> Daniel57 at 4704.com
> Helen95 at 2620.com
>
>
>
>