* Alan J. Flavell <a.flavell@???> [2003-11-12 15:25]:
> On the other hand, something like "HELO 11.22.33.44" would slip past
> the above recipe unchallenged. But if they present our own IP address
> (a rather common spammer trick, though I'm not sure what they hope to
> gain by it), we reject it in a separate recipe.
Spammers like to fool not so well-skilled end-users into thinking
the spam originated at your system. And looking at the anti-spam
newsgroups they often succeed. ;-(
> Hmmm: I suppose we
> could really reject anything that looks like nothing more than a
> dotted IP address, as not conforming to the requirements of the RFC -
> what does the team think?
Personally, I'd only reject, if they present my own IP address
(and my own hostname/local_domains) as this is a clear sign for
spam. Anything else could well be a legitimate but misconfigured
sender.
