This is almost completely a zombie spammer thing. Just like they need to create a valid Mail From, they also need to create a HELO, and hopefully one that is valid, though of course not many ISP's will enter both A records and reverse DNS entries for this type of address. The predominance with zombie spammers is to use one of three things:
- The reverse DNS entry of the hijacked computer - The domain name of the recipient - the IP address
There are unfortunately some pieces of software that will generate the HELO dynamically, and a fair number of Windows computers with similar computer naming conventions which might be relaying E-mail from Web sites and other software. These same computers are also highly likely to also fail HELOBOGUS when they false positive.
Matt
Andy Schmidt wrote:
I'm trying to figure out WHY spammers would bother to include "dial-up" reverse DNS as "HELO" string?
And if so, why not just check the reverse DNS? And, how much does this test overlap with existing dynamic host/dial up blacklists?
Best Regards Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
