[Mimedefang] Impersonated domains
kd6lvw at yahoo.com
kd6lvw at yahoo.com
Fri Jun 1 15:53:36 EDT 2012
--- On Fri, 6/1/12, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
> I've noticed that the following hosts are impersonated (in HELO
> greetings) significantly more often than any others:
>
> smtp.comunitel.net
> smtp.orange.es
> smtp.jazztel.es
>
> Anyone know why? And these are all in Spain, in particular.
> Do Spaniards lack imagination or what? A distant fourth would be:
>
> mail.sanmail.ru
No idea here. However, as long as the "HELO" hostname is valid (and not your host's name or "localhost" unless the connection is actually from you), it is acceptable under the RFCs/standards. Multi-homed hosts can have mismatches because the name given is supposed to be the "primary" name while DNS will return the interface name (which need NOT match).
Random thought: Both the SPF and MTX solutions to validate sending servers could be applied to the HELO name in some way, but I suggest scoring only -- no outright rejections at this time. See if a further trend develops.
More information about the MIMEDefang
mailing list