L2.APEWS.ORG False Positive #8

This one refers back to L2.APEWS.ORG False Positive #4, if you recall the MTV newsletter was found by our user in his spam folder. Having published that here and checking the IP address a day or two later, it was found to be delisted, so then why is another MTV newsletter again in the spam folder? Well, the MTV newsletter didn't come from the same IP address which means that Apews.org had more than one IP address listed in the previous listing. Here is the false positive;

Thu 2011-12-08 08:10:27: [1112:6566] Accepting SMTP connection from [129.228.5.20]
Thu 2011-12-08 08:10:27: [1112:6566] --> 220 xxx.xxx.xxx ESMTP MDaemon 6.7.9; Thu, 08 Dec 2011 08:10:27 -0500
Thu 2011-12-08 08:10:27: [1112:6566] <-- EHLO mtv-newsletter1.mms.mtv.com
Thu 2011-12-08 08:10:27: [1112:6566] --> 250-xxx.xxx.xxx Hello mtv-newsletter1.mms.mtv.com, pleased to meet you
Thu 2011-12-08 08:10:27: [1112:6566] --> 250-ETRN
Thu 2011-12-08 08:10:27: [1112:6566] --> 250-AUTH=LOGIN
Thu 2011-12-08 08:10:27: [1112:6566] --> 250-AUTH LOGIN CRAM-MD5
Thu 2011-12-08 08:10:27: [1112:6566] --> 250-8BITMIME
Thu 2011-12-08 08:10:27: [1112:6566] --> 250 SIZE 0
Thu 2011-12-08 08:10:27: [1112:6566] <-- MAIL FROM:
Thu 2011-12-08 08:10:27: [1112:6566] Spam Blocker A-record resolution of [20.5.228.129.l2.apews.org] in progress (DNS Server: 192.168.1.2)...
Thu 2011-12-08 08:10:27: [1112:6566] Spam Blocker D=20.5.228.129.l2.apews.org TTL=(35) A=[127.0.0.2]
Thu 2011-12-08 08:10:27: [1112:6566] APEWS listed, 99.7% certain it is spam
Thu 2011-12-08 08:10:27: [1112:6566] Message will be accepted and X-RBL-Warning: header will be inserted.
Thu 2011-12-08 08:10:27: [1112:6566] --> 250 , Sender ok
Thu 2011-12-08 08:10:27: [1112:6566] <-- RCPT TO:
Thu 2011-12-08 08:10:27: [1112:6566] --> 250 , Recipient ok
Thu 2011-12-08 08:10:27: [1112:6566] <-- DATA
Thu 2011-12-08 08:10:27: [1112:6566] --> 354 Enter mail, end with .
Thu 2011-12-08 08:10:28: [1112:6566] --> 250 Ok, message saved
Thu 2011-12-08 08:10:28: [1112:6566] <-- QUIT
Thu 2011-12-08 08:10:28: [1112:6566] --> 221 See ya in cyberspace
Thu 2011-12-08 08:10:28: [1112:6566] SMTP session successful, 20649 bytes transferred.
Thu 2011-12-08 08:10:28: [1112:6566] Shuffling message(s) into proper queue(s)
Thu 2011-12-08 08:10:28: [1112:6566] Message received from mtv-newsletter1.mms.mtv.com [129.228.5.20] with SMTP for [Size 20634] {j:\localq\md00000.msg}

After some further checking, it turns out that MTV have 4 consecutive IP addresses in Viacom address space, namely 129.228.5.20-129.228.5.23 so you might want to whitelist those. We have never had any problem with the MTV servers, check e.g. whitelist DNSWL.org for other trustworthy IP addresses in the same neighborhood as those.

At the time of writing this, none of those 4 IP addresses are showing as listed so it seems that Apews.org have corrected the MTV newsletter issue.