pro2.abac.com == 66.226.64.3 == cooklikeyourgrandmother.com

Post #313,378 by folkert 9/1/09 6:49:39 PM Reply	pro2.abac.com == 66.226.64.3 == cooklikeyourgrandmother.com http://www.robtex.co...ro2.abac.com.html http://www.robtex.co.../66.226.64.3.html http://www.robtex.co...ndmother.com.html Its not complete, but it gives you an idea. Someone on that list probably has an site on that IP and has it blocked. Now "blog.cooklikeyourgrandmother.com" is very doubtful to be problematic as its the all mighty google. ;; QUESTION SECTION: ;blog.cooklikeyourgrandmother.com. IN A ;; ANSWER SECTION: blog.cooklikeyourgrandmother.com. 3600 IN CNAME ghs.google.com. ghs.google.com. 136973 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN A 74.125.93.121 http://www.robtex.co...s.google.com.html http://www.robtex.co...4.125.93.121.html http://www.robtex.co...ndmother.com.html Not terribly different, but given that google is the reverse for "blog." It is conceivable someone HATES Google. hint hint... Yahoo and AT&T/SBC have an ISP agreement going. Yahoo and Microsoft have a Search thing going. Microsoft has a lot of sway in AOL. Microsoft has a lot of sway in Comcast. DNS Hi-Jacking isn't unheard of even in those big names.
Post #313,379 by folkert 9/1/09 7:05:18 PM Reply	one more, you've got NO SPF/DKIM/SenderIP records... That typically spells bad news period. `greg@maxime:~ [0] $ dig -ttxt cooklikeyourgrandmother.com ;; QUESTION SECTION: ;cooklikeyourgrandmother.com. IN TXT ;; AUTHORITY SECTION: cooklikeyourgrandmother.com. 3600 IN SOA ns1.aplus.net. hostmaster.aplus.net. 2009081023 7200 3600 3600000 3600` Nothing. It is really easy to make one, look at mine. `greg@maxime:~ [0] $ dig -ttxt gregfolkert.net ;; QUESTION SECTION: ;gregfolkert.net. IN TXT ;; ANSWER SECTION: gregfolkert.net. 10800 IN TXT "v=spf1 ip4:208.64.37.170 a mx a:uno.gregfolkert.net mx:uno.gregfolkert.net mx:mail.gregfolkert.net -all"` You can make you own easily at http://www.openspf.org/ SPF is enough right now. I'd use something for your domain like: For Bind: "v=spf1 mx -all" If you use other hosts to send mail, then you will have to add those. Like if you have your "publisher" send out e-mail from info@cooklikeyourgrandmother.com but from a machine called "cooklikeyourgrandmother.thispubservice.com" you'll more than likely have to add the specific IP address they use for it. Making it something like: For Bind: "v=spf1 mx ip4:12.34.56.78 -all" CIDR segments can be specified (12.34.56.78/27 etc.)
Post #313,384 by boxley 9/1/09 7:38:42 PM Reply	I dont have DKIM senderid spf and Im not blocked :-) per rfc dkim an unsigned mail is no different than a signed mail. No reputation is accrued because you sign with dkim successfully. 1/2 of the spam we receive is successfully dkim signed.
Post #313,386 by folkert 9/1/09 7:55:37 PM Reply	Yes, I understand that Bill. But NO SPF record adds 2-3 points to your spam score (taking only a "5" to qualify) is seriously not worth NOT having one (being the default neutral). Having a "-all" and mail coming from your domain that IS NOT from allowed addresses (being a negative return) adds 3-5 points to spam scores (but not plus the 2-3 for no record). This mean you can reduce mail spam scores from your real mail servers by 2-3 points, plus add 3-5 points to fakers. DKIM and SenderID are not ideal solution anyway. DKIM is easy to implement and publish the public keys so... spammer use it AND SPF. Also using the "-all" at the end of your SPF record says ONLY THESE IP/HOSTs are authorized to send mail for your domain. Most places use SPF as another tick mark against depending on the outcome (neutral or negative/not-authorized). Having an SPF record proper gives YOUR mail a much better chance of getting through. Now the Spammers that are properly signing and publishing stuff... you have a real target to go after then. They can and are seriously blacklisted, no amounts of SPF or DKIM will truly overcome the SPAM additives in the scoring engines.
Post #313,388 by boxley 9/1/09 8:27:33 PM Reply	Re: Yes, I understand that Bill. you must be talking about corporate antispam rules. An ISP has to be much more lenient as the customer has decided that ISP delivers mail to them so unless it is a phish pharm or balatant spam is should be delivered to the in box on the off chance the customer wants it. If you dont think that is true put 10 geeks in a room and let them discuss mail from the edge and you will sure see a lot of disparate interests. SPF is implemeted broken in so many places it is almost useless to derive much reputation from that. Now you have legitimate hosters like hotmail business services that use large data centers world wide natted behind a few IP addresses that compound the problem. Corporate antispam is easy peasey. For a large ISP not so much as the false positive rate has to be kept low while still offering protection to its customers
Post #313,389 by drook 9/1/09 8:41:39 PM Reply	Bleurgh ... gotta do some reading You and Box are speaking a dialect I'm only passing acquainted with. Need to read up and see what to do, and how to get my host to do it. All one-off mail goes through their webmail interface, but my autoresponder is sending from the webserver. Don't know how I'll have to set things up so that both of them show up as being from the same place. Maybe I'll just check their knowledgebase, see if they have any pointers. Oh, and thanks for the info. I can't use it yet, but I know it's got everything in there I need to figure it out. -- Drew
Post #313,390 by Another Scott 9/1/09 8:52:35 PM 9/1/09 8:57:25 PM Reply	I find all this stuff rather scary, myself. I was browsing around Google Apps - http://www.google.co.../group/index.html - and noticed that they will register a domain name (or, actually, have someone else do it) for $10 a year. Not bad. Lots of stuff is included with Google Docs, but... Of course, Google scans everything to enable ads, that's understood. (I dunno if they have a paid version where one can encrypt one's stuff by default, or something.) And one can't put one's pr0n there. ;-) But what about all of this other stuff that you're fighting with? Or spam on a Wiki one sets up, or ... I'm beginning to think that I've waited too long to start thinking about setting up a more permanent presence on the Internet. Who has time for all of this minutia? :-( Good luck! [edit:] Apps, not Docs. Cheers, Scott. Edited by Another Scott Sept. 1, 2009, 08:57:25 PM EDT Expand All History
Post #313,394 by static 9/1/09 9:04:49 PM Reply	I guess it's a noble effort. I'm tempted to say 'this is why I have a permanent IP address and my own server', but I set it up years and years ago, long before Google Apps was around. Or even thought of. At least I can put anything I want up on my server. The only thing prohibitied by my ISP is spamming or internet attacks. And I think the latter may only really be prohibited just against other customers of my ISP. Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #313,399 by folkert 9/1/09 10:50:45 PM Reply	I've been thinking about going the OTHER way. taking my $50/month and using other resources, Google Apps (the pay for it version) for mail and calendar, etc... using Google Sites for my website... among other options. Personally I don't care if Google scans my trash, they can get it anyway if they try hard. I can probably pay less than $50/month and get more services (by a factor of 10). Google for Blogs, Apps, Mail, etc. DNSMADEEASY for DNS hosting. Plus I can have a ton of account (for me anyway) on Google for stuff.
Post #313,407 by drook 9/2/09 12:46:47 AM Reply	That's the direction I've been going Like the saying goes, "Never write any software except what you're selling." If someone else makes it, use that one. For me, I've extended that to hosting and configuring. Use the pushbutton Wordpress installation and accept the defaults. (And write a custom theme, of course.) Use the default email options. Follow the host's recommendations for DNS configuration. If setting this stuff up were my job, I'd want to understand it. It's not, so I don't. -- Drew
Post #313,398 by boxley 9/1/09 10:44:13 PM Reply	here ya go http://bbiw.net/spec...mail-arch-11.html dave is very knowledgeable and has been known to have a sense of hupor :-)
Post #313,406 by drook 9/2/09 12:38:31 AM Reply	Are you serious? I'm really not sure here. Are you saying I need to understand everything in there to set this stuff up correctly? If so, it ain't happening. If you're saying everything I need to know is in there somewhere ... well, that's a smaller pile to search through, but I still think I'm better off trying to get help from my site host first. -- Drew
Post #313,417 by boxley 9/2/09 8:05:31 AM Reply	stuff like that interests me, but I understand it doesnt interest everyone. I like to watch sausage being made not everyones cup of tea
Post #313,421 by folkert 9/2/09 8:34:25 AM Reply	Speaking of sausage, You see the recent... Brouhaha about the Male Chicks in an Egg Hatchery for the Egg Producing Industry? They are making chicken sausage. At least it only takes an instant for them to be killed, versus being eaten alive by predators in a few minutes.

Welcome to IWETHEY!