[Mimedefang] HELO + PTR countr-code TLD matching
Chris Myers
chris at by-design.net
Thu Feb 5 08:35:08 EST 2004
----- Original Message -----
From: "Mark" <admin at asarian-host.net>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Wednesday, February 04, 2004 9:13 AM
Subject: [Mimedefang] HELO + PTR countr-code TLD matching
> This may not be, in the strictest sense, a MIMEDefang matter per se; but
> this afternoon I thought up a nice HELO test, that I think may be of use
to
> others here too.
>
> When I have a valid HELO name and a valid PTR, I check to see whether both
> end in a valid country-code TLD; and, if so, whether they match. If not, I
> reject the message. Like so:
> [...]
> I am actually rather pleased with the result. :) It seems quite an
effective
> early-out mechanism to weed out spam at the SMTP stage. And it feels
pretty
> benign too; it requires no PTR; but if one is present, with a country-code
> TLD not matching a present HELO country-code, then, and only then, I cry
> spam.
>
> I'd be curious what other people think.
I went over the logs for last month's messages and came up with the
following statistics:
4477334 total messages
13791 had country-code TLD mismatches
7689 were greylisted
6034 had a SpamAssassin score > 7.5 (median score 23.86)
13 had a SpamAssassin score between 5 and 7.5 (all were spam)
1 had a SpamAssassin score < 5, and it was spam too
15 had malformed addresses (spaces, control characters, routing characters)
38 had viruses (only File::Scan was used).
ZERO false positives.
Good test!
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list