Hello!
Thursday, August 15, 2002, 1:00:04 PM Thorvald Neumann <[EMAIL PROTECTED]> wrote: TN> Hejsan! TN> When TN> X-Authentication-Warning: xyz.yourdomain.de: Host TN> acc19-ppp235.mel.dialup.connect.net.au [210.10.138.235] claimed to TN> be yahoo.com TN> is found in the header of an email, does this mean, I can use TN> X-Authentication-Warning for filtering SPAM? No. This header indicates that HELO string issued by the host trying to send mail through some mail server isn't equal to the RDNS name of this host. HELO string is the part of the SMTP protocol. HELOes should be presented as FQDN (fully-qualified domain name), not a hostname or domain name only. In your particular example server xyz.yourdomain.de reports that host acc19-ppp235.mel.dialup.connect.net.au (real RDNS hostname) tried to name itself as yahoo.com. It can be an attempt to fool the receiving MTA and in this case the acc19-ppp235.mel.dialup.connect.net.au host should be considered as spamhost. But there are many MUAs in the market that HELOes only the domain part of their FQDNs. So the X-Authentication-Warning header should be considered as _informational only_. -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.msk.ru/ ________________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
