Hello Bill Cole. At 17:12 -0500 30.01.2004, you wrote:
It is more reliable to reject specific HELO arguments (like your own name, your own IP address, and 'oemcomputer')
Could you explain why the expression 'oemcomputer' should be more suspicious tha others? It is nothing else than a placeholder for the computer name which most Windows users don't care to change (or do not know how to change).
Exactly.
When you see that from a client machine (i.e. one in your client list or authenticated) it is nothing to be concerned about for most sites. When it comes from an unknown place, it is certain sign that the person responsible for that machine is unconscious of how it is dealing with email, and in nearly all cases that means it is hijacked in some fashion.
Personally, I would reject any connection coming from any machine calling itself 'oemcomputer' because that is an indication of Windows linked with obliviousness, a combination which is in the process of destroying email. At the risk of making some of you believe me insane, I admit that I truly believe that the past year has proven the inadequacy of Windows for direct connection to the Internet, and that it is wise for anyone connected to the Internet to treat Windows machines which make their identity obvious as intrinsically suspect and dangerous.
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
