Received: from h000347ec7062.ne.client2.attbi.com
... which we block (after tons of spew from that PTR domain) at the PTR hostname level with
/(.*client2.attbi.com)/ /(.*client.attbi.com)/
... because of crap like:
(envelope-from [EMAIL PROTECTED])
.... as the MAIL FROM:.
The other item in the 4tuple (MTA, envelope sender/recipient, helo hostname) is the helo hostname, which, coming from attbi.com nets (or ANY subscriber net), is extremely frequently:
yahoo.com
netscape.com
mindspring.(com|net)
msn.com
microsoft.com
rr.com and any other network operator
hotmail.com
aol.com
earthlink.net
etc, for all the commonly forged domains.
and not forgetting:
an IP address
a single word (not a fully qualified domain name)
and the ever-lovable:
ccTLDs
For details of this crap, I reference my post a couple days ago of the long list of rejects from Scott's network provider, charter, whose subscriber nets are spam factories.
The point is that the spew from subscriber networks is so overwhelmingly, egregiously crap in both the mail from: and helo, it's not worth handling anything from those networks until those network operators stop the abuse.
Len
_____________________________________________________________________ http://MenAndMice.com/DNS-training: San Jose; Wash DC; Dallas; Atlanta IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
