--
Suresh Ramasubramanian (linux@???) said, in message
<3F0144F0.8000705@???>:
>
> Alun wrote:
[...]
> > HELO data might be a diagnostic pointer to possible spam, but that's about
> > all I think anyone running a medium to big site would dare to use it for in
> > the real world.
>
[...]
>
> If you take the trouble to research those HELO patterns, and block them
> at SMTP time, you have got one helluva spam filter in your hands.
Yes, and that's what I think I meant! Using it intelligently as a pointer to
spam is great. Slavishly demanding standards compliance on this as seems to
have been the point of the argument so far would probably not be sustainable
at your site, yes?
The reason I started logging yesterday was to see how what proportion of
invalid HELOs were determined as spam by our other filters. The answer is
81% (of single-component HELOs). So I've put invalid HELO in as a spam test,
but only on a similar basis to yours (i.e. very specific forms of forged
HELO). I wouldn't dare risk the sort of stringent testing that other people
are advocating.
Cheers,
Alun.
--
Alun Jones auj@???
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth
--
[ Content of type application/pgp-signature deleted ]
--