Paul Smith wrote:
The HELO/EHLO parameter means nothing.
Almost agreed.
You can't possibly do an SPF check on the EHLO parameter, and
expect it to mean anything.
The HELO check was introduced for the case that the MAIL FROM is null.
However, some people thinks the HELO check is better, as it allows
naive forwarding.
All you can do is check to see if the EHLO parameter resolves to
the IP address of the sending host, and that tells you nothing
except the sender has set it up correctly... Spammers can set up
domains & mailing software correctly more easily than the majority
of legitimate users can.
Hm... some spamware can obviously do a reverse lookup and use that as
a helo name. However, it cannot easily fake MX or SPF records to make
a zombie address valid. Spammers are welcome to use their own domains:
that puts the spam problem at the relevant ISPs.