Scott/All, - I've found HELOBOGUS is often counterproductive, even with a low weight, since legit sites, even (especially?) "big guns" (Fortune 500, whatever) often give their servers fully-qualified, RFC-legal--yet publicly nonexistent--hostnames. What would help a lot, I think, is the ability to let theoretically publishABLE FQHNs go, but still catch unqualified hostnames, illegitimate characters, and IP addresses.
- I would never, ever, ever block someone who had non-matching HELO and PTR. Repeat, I would never hold this against someone, and it really peeves me when clients (one of our military sites, for example) suggest it. But I WOULD use a negative test in the style of IPNOTINMX, "rewarding" a site slightly for having the ability, experience, and control to match the two and hopefully combatting some FPs. In particular, this separates people using consumer DSL providers (who pre-assign a non-matching PTR reflecting the PPPoE or static IP address) from companies with a tighter hold on their IT, and--although we provide hosting services ourselves!--would also give a boost to those that don't use shared servers. Of course, the more people learn about this counterweight, the less useful it would be, and there are some spammers who already would benefit from it. Yet it would definitely assist when (untreatable) SPAMHEADERS/BADHEADERS/HELOBOGUS blasts come from legitimate sources. Kind of a toss-up, but I'd like to discuss it. Please post your thoughts. -Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] ------------------------------------ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
