Re: [Declude.JunkMail] Random Helo strings

[Matt]

Bill, Please remember the old thing about YYMV, and also that different people have different standards. Your suggestion to block invalid HELO's would create big issues for my system, in fact I only weight HELOBOGUS at about 25% of my hold weight.  For instance, have you ever seen a message that came from somedomain.local?  I sure have, and many other variations as well. I believe this to be bad advice to suggest blocking on.  The key work here is also "believe", because all we are doing is exchanging opinions.  Please don't step on the discussion because you find it to not be of value to you.  As far as your own standards go, this apparently makes plenty of sense for you, but this isn't necessarily universal in application.  That's just fine, but for the rest of us YYMV, as well as your interests. Peace out, Matt Bill Landry wrote: ----- Original Message ----- From: "Darin Cox" <[EMAIL PROTECTED]> Hmmm...I think we all care. Knowing what the spammers are doing helps us block it. It's one thing to have a test that identifies it. It's another to know what the spammers are doing and use that info wisely. I think the point is to watch your incoming for the possibility of increasing the weighting of the HELOBOGUS and HELOISIP tests. Okay, then I can understand that you will need to watch for these very closely. I already catch these 100% of the time and will not even accept their delivery, so no need to spam check or virus scan them. I just checked, and even IMail can handle these: "Verify HELO/EHLO domain" >From the IMail help file: ===== HELO/EHLO Domain Verification The domain passed during the HELO/EHLO is used to perform a DNS query to verify that the domain specified has an "A" record or an "MX" record. If this test fails, an X-Header is inserted into the message. ===== In this section you can also specify "Delete messages after ??? matches". Set this to "1" and forget it. Obviously the hostname is non-RFC-compliant, and therefore will fail both the "A" and "MX" lookups, so why even bother processing the message any further? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================