----- Original Message ----- From: "Kevin Bilbee" <[EMAIL PROTECTED]>
> It looks like spammers are starting to randomize their helo strings I just > received this as a helo > > > <rnddg[2]>.<rnddg[2]>.<rnddg[2]>.<rnddg[2]> > > Looks like it is trying to create a random ipaddress for the helo. DNSBLs use client IP address. RHSBLs use envelope/mailfrom domain (depending on spam tool used). SURBLs use URI domain. SFP uses A/PTR/MX records. RDNS checks for a reverse DNS entry. SpamDomains uses envelope sender domain. Etc, etc, etc. Most people do not base much on helo info, except to block on if it's clearly bogus, as this one is. This is not a valid helo hostname and would be blocked by my gateways. And didn't helobogus flag this one? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
