SpamAssassin Rule: HELO_DYNAMIC_DHCP

Standard description: Relay HELO'd using suspicious hostname (DHCP)

Explanation

An untrusted relay used a hostname (FQDN) as a HELO argument during a SMTP transaction that appears to suggest a dynamically allocated hostname. For example "dhcp192-0-2-32.example.com".

This style of hostname is commonly found in the reverse DNS records for dynamically allocated addresses. It's possible that a spam-engine on a hijacked PC will use a reverse DNS lookup of its own address to formulate a valid HELO argument.

Further Info

The default scores for this rule can be found in the online list of tests.

See also Rules/HELO_DYNAMIC_IPADDR

The IETF's dnsop working group has a draft memo regarding a suggested naming scheme for reverse DNS.


CategoryRule

Rules/HELO_DYNAMIC_DHCP (last edited 2009-09-20 23:16:29 by localhost)