[Mimedefang] Revisit: Filtering on HELO
Damrose, Mark
mdamrose at elgin.edu
Fri Mar 16 10:44:42 EDT 2007
> -----Original Message-----
> From: Joseph Brennan
> Names that cannot possibly be FQDN, like names with no dot,
> correlate well to spam. Even so, some are legitimate systems
> run by small organizations that probably don't have an email
> or network specialist to tell them what to do.
I test for no dot, but do it only for messages that passed
SpamAssassin, and only if they user is not in the whitelist.
This gives me a way to pass the "legitimate" sites that don't
do helo correctly, but catches quite a bit else. I see a
correlation between no dot and otherwise low scoring image
stock spam.
More information about the MIMEDefang
mailing list