----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]>
> There is great value in knowing these patterns, and simply having a > bogus HELO is not enough to consider something as being spam. In this case I think it is good enough to consider it spam. It is not an RFC compliant helo hostname, and only a spammer is going to include something like brackets "[]" and greater-than/less-than "<>" symbols in their hostname. That's good enough for me to reject delivery on. To me it's no different that a spammer trying to send me mail and using my server's hostname or IP address as their own helo hostname - I reject these outright. > When spammers randomize header elements, they actually create patterns > that can be tracked. This is ever evolving. Clearly we know about the > use of the MX's IP as the HELO, and also the use of the reverse DNS > entry as the HELO, and now it appears that there might be a different > pattern of some sort in use by at least one spammer. My feeling is why bother. Why expend the resources to process something that you know is spam? Anyway, I respect all of your opinions, this one just happens to be mine, and I'm sticking by it... ;-) Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.