SpamAssassin Rule: HELO_DYNAMIC_DHCP
Standard description: Relay HELO'd using suspicious hostname (DHCP)
An untrusted relay used a hostname (FQDN) as a HELO argument during a SMTP transaction that appears to suggest a dynamically allocated hostname. For example "dhcp192-0-2-32.example.com".
This style of hostname is commonly found in the reverse DNS records for dynamically allocated addresses. It's possible that a spam-engine on a hijacked PC will use a reverse DNS lookup of its own address to formulate a valid HELO argument.
The default scores for this rule can be found in the online list of tests.
See also Rules/HELO_DYNAMIC_IPADDR