> Here are the kind of HELO Signatures my favorite Spambot produces:
> (always lower case, always one period, never a .tld)
>
> ljxr.pzt
> mclbfk.wdui
> zsgnwd.zctjrq
Hum. Weren't there some rulesets predating SARE that checked for odd letter
combinations of various kinds in the mail body? Tripl
> BTW, Notice that the HELO signatures have an identifying characteristic:
> randomness
http://policyd.sf.net/ find # HELO Randomization Prevention (HRP) in the readme
> Could we use the HELO randomness to identify the source as a Spambot?
postfix can reject it with out any patches to it
In some other work that I was doing, I ran across this information:
BTW, Notice that the HELO signatures have an identifying characteristic:
randomness
Could we use the HELO randomness to identify the source as a Spambot?
Here are the kind of HELO Signatures my favorite Spambot produces:
(always