[SC-Help] Re: Spam "from" reserved netblocks

[Geoff Lane]

Graeme Leith <glnews030922 at highspot.net> wrote in
news:dalpc1$du1$1 at news.spamcop.net: 

>> I have a suspicion that anything apparently from a reserved netblock
>> is probably forged, and thus probably spam. If so, I can use such
>> netblock information to supplement my spam filters - but are my
>> suspicions true? 
> 
> If you haven't gone through the mailhosts setup on the SpamCop web
> pages, the parser is almost certainly following valid, but untrusted,
> headers and getting the wrong source.

Although I reported this particular spam (ID = 1463337860), I got the IP
address myself direct from the headers. I submitted the report to
Cyveilance purely to help get the offending IP added to the SBL. 

My interest here is whether mail from a reserved netblock is likely to
be a legitimate message, and so whether I can legitimately filter on
reserved netblocks. I don't need to parse anything through Spamcop for
that because my filters already have the ability to blacklist netblocks.
If I add 96.0.0.0-123.255.255.255 to the blacklist, anything that
purports to be from or routed via the RESERVED-8 netblock will get
dumped into my spam bin - and it would be similar for any other reserved
netblock that I would add to my blacklist when I discovered spammy using
it. 

BTW, I can't quite get my head around mailhosts configuration. I have
potentially an unlimited number of e-mail accounts with a catch-all
mailbox for each of several domains. AFAICT, you have to configure every
email address - and that's something I can't do because there are far
too many fo them. Also, I have intermediate servers between my MUA and
my ISP's servers, which you can see from the report referenced above. 

-- 
Geoff Lane
Cornwall, UK