Hi !!
And not that it matters but perhaps couple of you can do practical test
and set exists for HELO as way to track down how much real use is there
really right now for HELO SPF checking. Would I be wrong to assume that
for every one HELO SPF test there are 10,000 MAIL-FROM SPF tests?
The major isp in spain is publishing spf records but it's using an
invalid helo (a hostname with a non existant tld), maybe this could
illustrate how people worry about helo.
There is also no great urgency on fixing hello spoofing problem as it
does not cause bad bounces to you if your name is spoofed, nor is it
ever seriously seen by end-users as being source of email.
we reject about one million emails per day, about 45% of the rejections
are based on helo checks and about 52% are based on a local blacklist
updated with the ip addresses of the helo rejections of the previous
day. For us helo checks are very useful, as most of them even do not
require any dns lookup. Most of them are from viruses and it's obvioulsy
that this kind of checks are by far less expensive than using antivirus
scanners. Looks like virus programmers have never read any RFC as they
try to construct valid helo's using just domain names (which is not
rfc compliant) when they could just use ip literals. HELO forgery is
something that happens now and could be used to easely detect forgeries,
tomorrow viruses will likely use ip literals for the helo and there will
be no way to check it.
--
Best regards ...
It's a fine line between fishing & standing still
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------