[Mimedefang] Revisit: Filtering on HELO

Damrose, Mark mdamrose at elgin.edu
Fri Mar 16 10:44:42 EDT 2007

> -----Original Message-----
> From: Joseph Brennan

> Names that cannot possibly be FQDN, like names with no dot, 
> correlate well to spam.  Even so, some are legitimate systems 
> run by small organizations that probably don't have an email 
> or network specialist to tell them what to do.  

I test for no dot, but do it only for messages that passed
SpamAssassin, and only if they user is not in the whitelist.

This gives me a way to pass the "legitimate" sites that don't
do helo correctly, but catches quite a bit else.  I see a 
correlation between no dot and otherwise low scoring image 
stock spam.

More information about the MIMEDefang mailing list