This module tries to figure out wheter the sender domain is somewhat related to the sending server.

There are three methods to determine wheter this is the case:

1. direct IP hit

The sender IP name is equal to the A or AAAA of the domain or the resolved (CNAME, MX) record.

Example 1: sender ip is and the first MX record of the sender domain sender.tld is points to mail.sender.tld which has the IP

Example 2: sender ip is and the A record of sender.tld is

2. domain hit

Tries to identify the association via the domain name.

Example: sender domain is something.sender.tld and the reverse hostname of the sender IP is mail.domain.tld -> both under sender.tld.

3. IP range hit

Tries to identify the relation via ip ranges.

Example: ip of the sender is and ip of the A record of the sender domain is which is within a /31 subnet

The bigger the subnet, the lower the positive weight (can be adjusted).

If no relation could be determined, the session will be scored negatively.

Keep in mind: the association of the sender ip to the sender domain does not imply at all that the mail is not spam. Only the opposite gives a hint, that the mail might be forged - or one of those webservers not associated to the domain sending a (maybe even valid) mail.


    disable: 0
    weight_direct_hit: 20
    weight_domain_hit: 15
        31: 20
        30: 20
        29: 10
        28: 10
        27: 10
        26: 5
        25: 5
        24: 5
    weight_no_hit: -20


resolver : Net::DNS::Resolver

Will be created automatically.

rx_tlds* : RegexpRef

Pre-compiled regex containing tlds.

weight_direct_hit : Int

The sender domain is directly associated to the client address

weight_range_hit : HashRef[Int]

The sender domain is associated via an ip range to the client address ..

weight_domain_hit : Int

The sender domain is via a shared domain name to the client address. Eg the client address resolves to smtp.somedomain.tld and the sender is somedomain.tld or the sender's mx is mx.somedomain.tld whereas they at least somedomain.tld


Negative score. No match found.



Checks weight_range_hit for correctness, reads config


Never handle anything from localhost. Handle results are cached. First checks for exact match, then domain hit, then range hit.


Write to cache, add spam score.


Retreive records for a hostname (A, CNAME, MX) / ip (PTR)


Ulrich Kautz <>


Copyright (c) 2010 the "AUTHOR" as listed above


This library is free software and may be distributed under the same terms as perl itself.