Alessandro Vesely wrote:
All you can do is check to see if the EHLO parameter resolves to the
IP address of the sending host, and that tells you nothing except the
sender has set it up correctly... Spammers can set up domains &
mailing software correctly more easily than the majority of
legitimate users can.
Hm... some spamware can obviously do a reverse lookup and use that as
a helo name. However, it cannot easily fake MX or SPF records to make
a zombie address valid. Spammers are welcome to use their own domains:
that puts the spam problem at the relevant ISPs.
Not sure I understand that.
It is totally valid to do:
The EHLO name bears no resemblance to the sender's email address. Doing
an SPF on the EHLO name is pointless, as all that tells you is that the
sending host is 'mail.spammer.com'. You have to do the SPF check on the
MAIL FROM address, and test it against the IP address of the sending host.
ISPs do this all the time (legitimately).
VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows