On Tue, 1 Jul 2003, Suresh Ramasubramanian wrote:
> We use fake EHLO as one of our most effective filters.
>
> Mail from a non yahoo IP (say a taiwanese DSL line) saying HELO
> yahoo.com? Or better still, HELOing to us with the name of one of our
> own hosts or IPs? Cast iron spamsign.
But you'd surely agree that there's a major difference between
spotting certain patterns of abuse on the one hand, and simply
blocking on every possible irregularity on the other hand?
> If you take the trouble to research those HELO patterns, and block them
> at SMTP time, you have got one helluva spam filter in your hands.
But if one didn't take the trouble to research the patterns, and
merely blocked on anything that didn't fit the exact spec, I reckon
one would be blocking quite a proportion of mail from bona-fide -
albeit misguided - senders.
While it would be good for a few major players to enforce a
tightening-up of the rules, this isn't something that a few individual
sites (such as our own) can successfully impose unilaterally. As I
found out just recently when trying to complain to them about a false
accusation of virus transmission which they had sent to us,
*.treas.gov doesn't play by the RFCs either, see e.g
http://www.rfc-ignorant.org/tools/lookup.php?domain=treas.gov
cheers
