[Mimedefang] HELO + PTR countr-code TLD matching

Mark admin at asarian-host.net
Wed Feb 4 11:26:04 EST 2004


----- Original Message ----- 
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Wednesday, February 04, 2004 4:58 PM
Subject: Re: [Mimedefang] HELO + PTR countr-code TLD matching


> On Wed, 4 Feb 2004, Mark wrote:
>
> > I am actually rather pleased with the result. :) It seems quite an
> > effective early-out mechanism to weed out spam at the SMTP stage.
> > And it feels pretty benign too; it requires no PTR; but if one is
> > present, with a country-code TLD not matching a present HELO
> > country-code, then, and only then, I cry spam.
>
> If you restrict it to country codes, it might be pretty safe. However,
> I can easily see a host identifying itself as "foobar.net" resolving
> to "foobar.com" on the reverse lookup.

Exactly. The "foobar.net/com" (or "mail.foobar.net", etc) is precisely why
standard matching HELO to PTR is very dangerous; and perhaps too tricky
even. But matching country codes seems like a safe bet. I keep closely
monitoring my logs, of course. But, so far, it is still going strong with no
mismatch. ;)

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx



More information about the MIMEDefang mailing list