On 23 January 2018 at 16:55, Noel Jones <[email protected]> wrote: > On 1/23/2018 1:06 AM, Dominic Raferd wrote: >> On 23 January 2018 at 04:20, Noel Jones <[email protected] >> <mailto:[email protected]>> wrote: >> >> Strong spam indicators for the HELO are >> (note: this is for mail coming from the internet. Authenticated >> submission mail or legit mail from devices on your network might >> break any of these) >> - a dynamic hostname (eg. 89-73-46-234.dynamic.chello.pl >> <http://89-73-46-234.dynamic.chello.pl>, which >> resolves just fine) >> ... >> >> >> Is there a method (regex?) for reliably identifying dynamic ip >> addresses? Take for instance 199-127-103-235.static.avestadns.com >> <http://199-127-103-235.static.avestadns.com> - it looks dynamic to >> me but it says it is static. Is it best/safest to rely on >> '\.dynamic\.' occurring in the name? > > > There is no simple regexp, but there is the fqrdns.pcre project. The > project is a large hand-maintained list of dynamic hostnames with a > goal of zero false positives. It's not perfect, but it's useful and > safe for general use. > > https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
Thanks Noel I have added that to my recipe (but modified the plus and max formulae to hold rather than reject mails).
