Subject: spam detection algorithms
To: None <tech-userlevel@netbsd.org>
From: David Laight <david@l8s.co.uk>
List: tech-userlevel
Date: 11/17/2002 20:29:41
One of my recent emails got bounced by the recipient MTA with
the message:
... while talking to sparkle-4.rodents.montreal.qc.ca.:
>>> HELO snowdrop.l8s.co.uk
<<< 501 HELO argument must be a valid domain name.
This was a reply to one of the netbsd lists, and I usually
remove the originator in order to avoid error messages and
the originator having to read/delete the mail twice...
In this case I'm actually wondering about the validity
of the check being used.
Even with all the masquerade options enabled, sendmail
still puts the system name in the HELO= message. This
cannot be resolved by either a host or MX lookup.
The domain (in this case l8s.co.uk) does have an MX
record (pointing somewhere else of course).
I could also (probably) persuade the HELO= line to have
the hostname that DNS would return if asked to do
a reverse lookup of the IP address of the interface the
mail is being sent from. However this would be the
rather uninformative host62-6-97-249.in-addr.btopenworld.com
(or some similar address).
In fact that string could be set to anything at all - so
assuming that an address that cannot be looked up implies
that the email is spam is only really requesting that the
spammers modify their MTA.
Of course the mail would have been bounced by the 'your
system is probably an open relay' check anyway.
I don't relay mail through my ISPs mail server because
is it has been blacklisted several times anyway, and I
don't necessarily always use thesame ISP.
David
--
David Laight: david@l8s.co.uk