SpamAssassin Rule: HELO_DYNAMIC_DHCP

Standard description: Relay HELO'd using suspicious hostname (DHCP)


An untrusted relay used a hostname (FQDN) as a HELO argument during a SMTP transaction that appears to suggest a dynamically allocated hostname. For example "".

This style of hostname is commonly found in the reverse DNS records for dynamically allocated addresses. It's possible that a spam-engine on a hijacked PC will use a reverse DNS lookup of its own address to formulate a valid HELO argument.

Further Info

The default scores for this rule can be found in the online list of tests.


The IETF's dnsop working group has a draft memo regarding a suggested naming scheme for reverse DNS.


Rules/HELO_DYNAMIC_DHCP (last edited 2009-09-20 23:16:29 by localhost)