Skip to main content
moby
moby
New Member
September 13, 2004
Question

Spam - helo dns & return email dns check

  • September 13, 2004
  • 5 replies
  • 5427 views
Hi, I am trying to understand the differnces between the helo dns check which does a reverse dns lookup and the return email check which looks for a and mx records. Dont these two checks do pretty much the same thing? or is there a reason for using both? Cheers.

    5 replies

    A
    Anonymous_User
    Contributor
    September 14, 2004
    Hi, i don' t really understand the difference, me too. But, above all, i have experienced (how you can read in the other trhead) that this two functions cause some problem..
    UkWizard
    UkWizard
    New Member
    September 14, 2004
    I think (although i am not 100% sure) that the differences are; HELO DNS: checks that the domain name of the connecting IP is the same as the domain name of the senders email address domain. RETURN EMAIL CHECK: this checks that the IP of the connecting server is the same IP of what is specified in the MX records of the senders domain. Large organisations and financial companies often require the latter, otherwise they will not accept connections (as it cant be spoofed).
    moby
    mobyAuthor
    New Member
    September 14, 2004
    Ok, so looking at the other thread it looks like there are problems with using these two anyhow - anyone else using them? But in brief then the HELO DNS check is checking out that the senders mail address is valid (same domain as connecting IP) and the return DNS check is checking that the sending server IP is valid (in A or MX records for the domain). Does that sound about right??????????????????????????????????????????????????? Thanks.
    UkWizard
    UkWizard
    New Member
    September 14, 2004
    Actually, i made a mistake in that post. The helo dns check i think checks the senders server domain name (as when a machine first connects, its first says who it is using the HELO command) NOT the senders email domain name. Sorry.
    moby
    mobyAuthor
    New Member
    September 14, 2004
    I must admit - I am all spammed out now!! been surfing the net for info this morning and this is what I have come up with: Helo Lookup: After receiving the HELO command (which contains the domain name) from the SMTP client, the FortiGate unit does a reverse lookup of the domain name against the IP address of the sender. Helo is supposed to be from the hostname of the computer That has connected to your mailserver (the sending computer Is identified) So the sending computer’s IP address is used in a reverse DNS Lookup to see if the domain matches the domain listed in the HELO Command. This checks if the spammer has spoofed the domain In the HELO command. Return Email DNS Check: The FortiGate unit checks that the return email domain name has an MX or A record in the DNS server. Spammers often change the return email address: for example somerandomcrap@somevaliddomain.com So a return email dns check would check that the domain somevaliddmain.com had a valid A or MX record. However spammers can overcome this by using a valid domain in the return address. The return Email DNS check could block ligit email though if people have not configured Their A and MX records correctly. (if you wish to unsubsribe please send me a mail with nospam in the subject line) bye
    A
    Anonymous_User
    Contributor
    September 16, 2004
    Mind that Hello Lookup might be a problem. Many companies (like mine) use an ISP' s SMTP mail server to " relay" their e-mails as they do not have a mail server of their own (inhouse). This is usual in small business (many in my country). In that case Hallo Lookup will fail an it will mark the mail as spam when it is not, (called false positive). Return email DNS is much better (does not have this problem). I do not recoment to use Hallo Lookup.
    Terms & ConditionsAccessibility statement