Alessandro Vesely wrote:
Paul Smith wrote:
Spammers are welcome to use their own domains: that puts the spam
problem at the relevant ISPs.
Not sure I understand that.
It is totally valid to do:
EHLO mail.spammer.com
I assume that the EHLO parameter corresponds to the IP address of
the sending host.
Yes
MAIL FROM:<me(_at_)mycompany(_dot_)com>
The EHLO name bears no resemblance to the sender's email address.
Doing an SPF on the EHLO name is pointless, as all that tells you is
that the sending host is 'mail.spammer.com'.
Yes, and spammer.com is where recipients should complain or claim any
damage that the transmission might have caused. More likely, the IP of
that transmitter will be blacklisted soon. I guess that's why spammers
use zombies or bots.
A bot could use:
EHLO fgbdfhbeng.spammer.com
where fgbdfhbeng.spammer.com resolves to the IP address of the bot. The
spammer can trivially set up a virtual DNS zone with all valid IP
addresses in it, and the bot just chooses the appropriate one.
Complaining to spammer.com won't do any good, and they'll create new
'spammer.com' domains faster than you can block them.
How does it help?
You have to do the SPF check on the MAIL FROM address, and test it
against the IP address of the sending host.
If the MAIL FROM is given and mycompany took care of setting SPF
properly, the receiver can reject the message. More often, the MAIL
FROM address consists of an invalid user at a valid domain without SPF
records.
Exactly, so how does having a 'correct' EHLO parameter help?
I can see that having an incorrect one can be used to block mail, IF
(and this is a big 'if') you can be sure that legitimate senders set up
things correctly. However, if this becomes a standard check, then it is
trivial for a spammer to get around it. And, all that has achieved is
another useless check, which makes life harder for the good guys.
--
Paul Smith
VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows