[Top] [All Lists]

Re: Site policy vs. HELO

2005-03-08 15:00:50

On 3/8/2005 11:36 AM, Hector Santos wrote:

Over the pass year and a half, we have proved that by increasing the
level of SMTP compliancy required by senders, you can address an
extremely high rejection rate with a very low to non-existence false
positives.   100% based on SMTP compliancy.

I'm seeing just the opposite. I've been doing some expirementation with
some strict SMTP rules in SpamAssassin (looking for things like literal
HELO, mismatched rDNS, etc), and am getting reports of extremely high
error rates from testers. [1]

Note that I implemented these tests in SA so that I could encourage people
to STOP doing hard-rejects tests at the MTA level, due to very high
false-positive rates. I thought that by assigning a probability (as
opposed to a simple pass-fail test) that these tests would be more
effective, but from what I've seen so far, there are just too many
mis-managed mail servers out there to even establish a probability rate
that's acceptable.

There are, of course, some very useful pass-fail MTA tests (including
things like non-existent domain names), but not nearly as many as I
suspected going into this.


Eric A. Hall                              
Internet Core Protocols

<Prev in Thread] Current Thread [Next in Thread>