> Consider this. Suppose a host send email and their helo matches the > host > RDNS, and I store that. Then later a different host uses the same helo, > but they have no RDNS or that are on a dynamic IP. Wouldn't that be a > strong indicator of spam?
Consider a mail host provider that provides email to many different hosts/clients, which is set to HELO with the hostname of the client it's sending email out as (sure, you may argue it's not proper, but people may do it). You would end up thinking this server (or cluster of servers) is sending spam. Consider a cluster of mail servers behind a load balancer that balances outbound as well as inbound on one IP. Technically each server should HELO under their actual names (could be local - I don't believe RFCs state it must be a valid public hostname), but they would send email out under one common IP. You'd block this as well. I've recently started using a new domain name for email and I have not changed my Exim config in about a year dealing with spam filtering. I hardly receive any (actually, I can't really remember the last time I had spam in my inbox come to think of it) spam these days. I used to receive tons of spam on my old domain name, and no filtering techniques changed since then, so the amount of spam I get must be due to something with the domain name... Perhaps you should tell your clients to a) stop using their email address everywhere that has a "enter your email address!" (or use temporary accounts for those reasons), b) if the registrar supports it, hide registrar info and kill the contact address. I give you this tiny story because I'm surprised that you, still, have to try and think up new ways to block potential spam. I'm certain you've thought of everything and are probably grabbing air in hopes to come up with something new. Perhaps it's just up to your clients now to utilize their email with caution instead of assuming your servers will shield them from the ugly side of the Internet. Eli. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/