[ On Thursday, June 10, 2004 at 11:59:00 (+0100), Alan J. Flavell wrote: ]
> Subject: Re: [Exim] AOL - SPF - and EXIM
>
> The effect would be short-term anyway. If substantial amounts of spam
> were being rejected on the grounds of bad HELO domain - then the
> spammers would simply stop doing it.
I don't believe that any more. I did about six years ago or more
(whenever it was first suggested that this seemed to be a common trait
of spammers and spamware), but I began to have doubts somewhere around
three years ago, and by now I think the proof is in the pudding because
while sites rejecting due to bogus/broken HELO/EHLO parameters are still
the minority, the spammers and virus/worm writers know full well that
they could avoid even a small number of rejects if they simply used a
valid hostname and yet they still insist on using totally bogus and
obviously forged names.
Most self-aware and semi-intelligent people, and especially most
Internet postmasters, know that you can't just pick a random hostname
out of thin air and expect it to work and be valid on the public
Internet. However spammers (and some virus and worm authors) seem to
get some perverse joy or ego-bloat from choosing to make an obviously
bogus forgery, or even having the gall to greet you with your own
hostname (never mind that this is exactly the thing the HELO command was
actually intended to prevent!).
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
