On Thu, 16 Dec 2004, Tony Finch wrote:
> People have tried to use technical competence as an anti-spam
> technique, but it doesn't work because legitimate email senders are
> generally less clueful than the spammers.
I understand your point; but spammers aren't all formed from the same
mould. Or do you suppose they -deliberately- present our own IP
address in their HELO (to take one frequent example) in order to help
us to volunteer not to receive their offerings?
> A double dot in a HELO name (which Exim's built-in syntax check
> doesn't detect)
Sounds like something worth adding here too, thanks
> or a very long HELO name
Oh, you've spotted that? The addition of a recipe with
condition = ${if >{${strlen:$sender_helo_name}}{xx} {1}{0}}
for some suitable value of xx is relatively recent here, but it's
keeping out a modest amount of junk that wasn't caught by other means.
Many of those had double-dots in them, by the way.
> This kind of signature might be technical incompetence (double dot)
> or it might just be abuse (excessive length) but the point of the
> check is that it's spammer-only behaviour,
But why do they do it? It's clearly no accident.
> and doesn't overlap with the fumblings of idiots.
Well, we don't do -any- checks on the HELO presented by our
authenticated senders, so that deals with those. But when offered a
transaction by some untrusted (and un-whitelisted) MTA, we have to
treat it on its own merits (if it has any ;-).
thanks
