It's also important to realize the purpose of the HELOBOGUS test. It isn't designed primarily to catch spammers. It's designed to help detect poorly administered mailservers -- ones that are likely to be abused by spammers. And those Fortune 500 companies that have their mailserver advertise itself with a name other than what it really is, well, they are running mailservers that are poorly administered.- I've found HELOBOGUS is often counterproductive, even with a low weight, since legit sites, even (especially?) "big guns" (Fortune 500, whatever) often give their servers fully-qualified, RFC-legal--yet publicly nonexistent--hostnames. What would help a lot, I think, is the ability to let theoretically publishABLE FQHNs go, but still catch unqualified hostnames, illegitimate characters, and IP addresses.
It's a catch-22: If you penalize a mailserver for bending the rules too far, you risk losing some legitimate mail. But if you don't penalize them, they will definitely continue bending the rules too far, which helps increase spam.
As spam gets worse (increasing over 400% last year), legitimate mailers can either complain that some of their mail gets caught as spam, or they can get their acts together and fix their problems.
That doesn't mean that we won't consider it (I dislike the LOOSENSPAMHEADERS option, for example, but it was added because others liked it).
- I would never, ever, ever block someone who had non-matching HELO and PTR. Repeat, I would never hold this against someone, and it really peeves me when clients (one of our military sites, for example) suggest it.
Good -- because it would catch mail from this list. :)
Aha -- like the IPNOTINMX test. That's a good idea.But I WOULD use a negative test in the style of IPNOTINMX, "rewarding" a site slightly for having the ability, experience, and control to match the two and hopefully combatting some FPs.
The tricky part is figuring out exactly what makes a match -- it's easy if the HELO is "example.com" and the PTR is "mail.example.com". But, it gets a bit more confusing if the HELO is "host.example.co.uk" and the PTR is "host2.example.co.uk". Perhaps two separate tests, so that if they match exactly, you could subtract X points from the weight, and if they match partially (such as the host/host scenario), you could subtract Y points.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
