Alessandro Vesely wrote: > >> All you can do is check to see if the EHLO parameter resolves to the >> IP address of the sending host, and that tells you nothing except the >> sender has set it up correctly... Spammers can set up domains & >> mailing software correctly more easily than the majority of >> legitimate users can. > > Hm... some spamware can obviously do a reverse lookup and use that as > a helo name. However, it cannot easily fake MX or SPF records to make > a zombie address valid. Spammers are welcome to use their own domains: > that puts the spam problem at the relevant ISPs. Not sure I understand that.
It is totally valid to do: EHLO mail.spammer.com MAIL FROM:<[email protected]> The EHLO name bears no resemblance to the sender's email address. Doing an SPF on the EHLO name is pointless, as all that tells you is that the sending host is 'mail.spammer.com'. You have to do the SPF check on the MAIL FROM address, and test it against the IP address of the sending host. ISPs do this all the time (legitimately). -- Paul Smith VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows
