On Sun, 16 Mar 2003 21:30:02 PST, "Ronald F. Guilmette"
<rfg(_at_)monkeys(_dot_)com> said:
In a nutshell, if some SMTP client says to you `HELO foo.bar.com' then
6 times out of 10 a forward lookup on `foo.bar.com' will get you the
IP address of that same SMTP client and another 3 times out of 10,
looking up the MX records for `bar.com' will get you the IP address
of that same SMTP client. So 9 times out of 10 you can accurately
associate a domain name with a given SMTP client, even in the total
absence of rDNS.
Probably true of well-behaved SMTP transactions. I've noticed an annoying
tendency of late for spammers to say 'HELO your.host.here', to the point
where I'm THIS close to telling RFC2821, section 4.1.4 to stuff it:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
If the EHLO has one of my names on it, but not one of my IP addresses,
they can take a flying leap as far as I'm concerned.
pgpK89l7I5KrY.pgp
Description: PGP signature