We’ve added two new SpamAssassin tests using on our spamtrap data.
RCVD_IN_ROLLERNET_TRAP – This test means that an IP address matched one that was seen in the headers of a message submitted to a spamtrap. Since this includes all headers it’s possible for a faked IP to end up on this list, but at the same time that faked IP is being used as part of a spam run. Useful for scoring but possibly not outright blocking due to all headers being considered. Default score is 1.5
CLIENT_ROLLERNET_TRAP – This test means that the client IP address has submitted to a spamtrap. This should generally be safe for blocking and scoring since the IP is the actual connecting client address when it submitted something to a spamtrap. Default score is 3.
The spamtrap will exclude an IP address if it’s listed on DNSWL.org, but we do not check any further to see who the IP address belongs to. For example: if Gmail started spewing spam into the trap their IP addresses would be listed (unless it’s on DNSWL), so if gmail.com is critical to you and you want to use the spamtrap data you would want to add your own whitelist entry for gmail.com.