[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-27 12:36:44

Paul Smith wrote:
The HELO/EHLO parameter means nothing.

Almost agreed.

You can't possibly do an SPF check on the EHLO parameter, and expect it to mean anything.

The HELO check was introduced for the case that the MAIL FROM is null. However, some people thinks the HELO check is better, as it allows naive forwarding.

All you can do is check to see if the EHLO parameter resolves to the IP address of the sending host, and that tells you nothing except the sender has set it up correctly... Spammers can set up domains & mailing software correctly more easily than the majority of legitimate users can.

Hm... some spamware can obviously do a reverse lookup and use that as a helo name. However, it cannot easily fake MX or SPF records to make a zombie address valid. Spammers are welcome to use their own domains: that puts the spam problem at the relevant ISPs.

<Prev in Thread] Current Thread [Next in Thread>