Søren Therkelsen wrote on Fri, 16 Dec 2005 11:30:10 +0100: > Received: from [218.65.120.230] (helo=uwo.ca) > ------------------------------Why should a Canadian university have there > mail server in China?
Why not? The answer may be obvious in this case, but if you try to generalize that this method fails. There is nothing that forces a mail server to use a domain suffix for heloing that matches the GeoIP lookup. Actually, that may be quite uncommon for various reasons. There are *much* better methods to get rid of this spam. 1. that IP is on a lot of RBLs since it is dynamic IP space. 2. if one uses some helo verification the above helo will fail because it has only one dot. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com