SpamAssassin Rule: SPF_HELO_FAIL
Standard description: SPF: HELO does not match SPF record (fail)
SPF (Sender Policy Framework) is an open standard specifying a technical method to prevent sender address forgery. The domain in the HELO command is matched against a list of allowed mail relays for that domain. This states, for example, that mail from firstname.lastname@example.org should have come via mail.example.com and not mail.badguys.info.
In a normal mail client, the HELO command uses the internet name of the computer sending the mail, so that someone might use their computer 1-2-3-dyn.bigisp.com to send mail through bigisp.com's mail relay, which has an SPF record indicating that that's allowed.
A "Fail" result is an explicit statement that the client is not authorized to use the domain in the given identity. The checking software can choose to mark the mail based on this or to reject the mail outright.
If the checking software chooses to reject the mail during the SMTP transaction, then it SHOULD use an SMTP reply code of 550 (see RFC 2821) and, if supported, the 5.7.1 Delivery Status Notification (DSN) code (see RFC 3464), in addition to an appropriate reply text. The check_host() function may return either a default explanation string or one from the domain that published the SPF records (see Section 6.2). If the information does not originate with the checking software, it should be made clear that the text is provided by the sender's domain. For example:
From RFC 4408
The default scores for this rule can be found in the online list of tests.