Alessandro Vesely wrote: > > Paul Smith wrote: >>> Spammers are welcome to use their own domains: that puts the spam >>> problem at the relevant ISPs. >> Not sure I understand that. >> >> It is totally valid to do: >> >> EHLO mail.spammer.com > > I assume that the EHLO parameter corresponds to the IP address of > the sending host. Yes
>> MAIL FROM:<[email protected]> >> >> The EHLO name bears no resemblance to the sender's email address. >> Doing an SPF on the EHLO name is pointless, as all that tells you is >> that the sending host is 'mail.spammer.com'. > > Yes, and spammer.com is where recipients should complain or claim any > damage that the transmission might have caused. More likely, the IP of > that transmitter will be blacklisted soon. I guess that's why spammers > use zombies or bots. A bot could use: EHLO fgbdfhbeng.spammer.com where fgbdfhbeng.spammer.com resolves to the IP address of the bot. The spammer can trivially set up a virtual DNS zone with all valid IP addresses in it, and the bot just chooses the appropriate one. Complaining to spammer.com won't do any good, and they'll create new 'spammer.com' domains faster than you can block them. How does it help? > >> You have to do the SPF check on the MAIL FROM address, and test it >> against the IP address of the sending host. > > If the MAIL FROM is given and mycompany took care of setting SPF > properly, the receiver can reject the message. More often, the MAIL > FROM address consists of an invalid user at a valid domain without SPF > records. Exactly, so how does having a 'correct' EHLO parameter help? I can see that having an incorrect one can be used to block mail, IF (and this is a big 'if') you can be sure that legitimate senders set up things correctly. However, if this becomes a standard check, then it is trivial for a spammer to get around it. And, all that has achieved is another useless check, which makes life harder for the good guys. -- Paul Smith VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows
