Darin got it correct I was pointing this out becuse some on this list suggested the blocking an email that has an ip for its hello is not a good way to block spam. I personally think it is.
Using HELOISIP or CONTAINSIP is a valid blocking method. If the ip is well formed [x.x.x.x] I check it against the ip of the connecting servers ip address if they match I let it through, do not get many spams this way. Yesterday 346 messages where ip addresses as the helo that is 9% of our total volume. And posting the methods the spammers are using to try to get past spam blocking is definitly an interest to us all. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry > Sent: Wednesday, October 20, 2004 4:55 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Random Helo strings > > > ----- Original Message ----- > From: "Darin Cox" <[EMAIL PROTECTED]> > > > I think the point was not what to do with this broken one, but that > spammers > > are using random digits for their HELO. One of the HELOISIP plugins > should > > handle those nicely, though...with appropriate weighting. > > Precisely my point, who cares? The helo hostname is so easily forged that > no one uses it for anything except as an additional way to block > spam. And > this one is so very clearly a bogus helo hostname that is just makes our > jobs that much easier, as this one is a no-brainer to block on. > > Bill > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
