-  I've  found  HELOBOGUS  is often counterproductive, even with a low
weight, since legit sites, even (especially?) "big guns" (Fortune 500,
whatever)  often  give  their  servers fully-qualified, RFC-legal--yet
publicly  nonexistent--hostnames.  What  would help a lot, I think, is
the ability to let theoretically publishABLE FQHNs go, but still catch
unqualified hostnames, illegitimate characters, and IP addresses.
It's also important to realize the purpose of the HELOBOGUS test. It isn't designed primarily to catch spammers. It's designed to help detect poorly administered mailservers -- ones that are likely to be abused by spammers. And those Fortune 500 companies that have their mailserver advertise itself with a name other than what it really is, well, they are running mailservers that are poorly administered.

It's a catch-22: If you penalize a mailserver for bending the rules too far, you risk losing some legitimate mail. But if you don't penalize them, they will definitely continue bending the rules too far, which helps increase spam.

As spam gets worse (increasing over 400% last year), legitimate mailers can either complain that some of their mail gets caught as spam, or they can get their acts together and fix their problems.

That doesn't mean that we won't consider it (I dislike the LOOSENSPAMHEADERS option, for example, but it was added because others liked it).

-  I  would  never, ever, ever block someone who had non-matching HELO
and  PTR.  Repeat,  I  would  never  hold this against someone, and it
really peeves me when clients (one of our military sites, for example)
suggest it.
Good -- because it would catch mail from this list.  :)

But I WOULD use a negative test in the style of IPNOTINMX,
"rewarding"  a  site  slightly for having the ability, experience, and
control  to  match  the  two  and  hopefully  combatting  some FPs.
Aha -- like the IPNOTINMX test. That's a good idea.

The tricky part is figuring out exactly what makes a match -- it's easy if the HELO is "example.com" and the PTR is "mail.example.com". But, it gets a bit more confusing if the HELO is "host.example.co.uk" and the PTR is "host2.example.co.uk". Perhaps two separate tests, so that if they match exactly, you could subtract X points from the weight, and if they match partially (such as the host/host scenario), you could subtract Y points.
-Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.

Reply via email to