- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Spam - helo dns & return email dns check
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Spam - helo dns & return email dns check
Hi,
I am trying to understand the differnces between the helo dns check which does a reverse dns lookup and the return email check which looks for a and mx records. Dont these two checks do pretty much the same thing? or is there a reason for using both?
Cheers.
6 REPLIES 6
Not applicable
Created on 09-14-2004 12:18 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
i don' t really understand the difference, me too. But, above all, i have experienced (how you can read in the other trhead) that this two functions cause some problem..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think (although i am not 100% sure) that the differences are;
HELO DNS:
checks that the domain name of the connecting IP is the same as the domain name of the senders email address domain.
RETURN EMAIL CHECK:
this checks that the IP of the connecting server is the same IP of what is specified in the MX records of the senders domain.
Large organisations and financial companies often require the latter, otherwise they will not accept connections (as it cant be spoofed).
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, so looking at the other thread it looks like there are problems with using these two anyhow - anyone else using them?
But in brief then the HELO DNS check is checking out that the senders mail address is valid (same domain as connecting IP) and the return DNS check is checking that the sending server IP is valid (in A or MX records for the domain).
Does that sound about right???????????????????????????????????????????????????
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, i made a mistake in that post.
The helo dns check i think checks the senders server domain name (as when a machine first connects, its first says who it is using the HELO command) NOT the senders email domain name.
Sorry.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I must admit - I am all spammed out now!! been surfing the net for info this morning and this is what I have come up with:
Helo Lookup:
After receiving the HELO command (which contains the
domain name) from the SMTP client, the FortiGate unit
does a reverse lookup of the domain name against the
IP address of the sender.
Helo is supposed to be from the hostname of the computer
That has connected to your mailserver (the sending computer
Is identified)
So the sending computer’s IP address is used in a reverse DNS
Lookup to see if the domain matches the domain listed in the HELO
Command. This checks if the spammer has spoofed the domain
In the HELO command.
Return Email DNS Check:
The FortiGate unit checks that the return email domain
name has an MX or A record in the DNS server.
Spammers often change the return email address: for example somerandomcrap@somevaliddomain.com
So a return email dns check would check that the domain somevaliddmain.com had a valid
A or MX record. However spammers can overcome this by using a valid domain in the return address.
The return Email DNS check could block ligit email though if people have not configured
Their A and MX records correctly.
(if you wish to unsubsribe please send me a mail with nospam in the subject line)
bye
Not applicable
Created on 09-16-2004 12:14 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mind that Hello Lookup might be a problem.
Many companies (like mine) use an ISP' s SMTP mail server to " relay" their e-mails as they do not have a mail server of their own (inhouse). This is usual in small business (many in my country). In that case Hallo Lookup will fail an it will mark the mail as spam when it is not, (called false positive).
Return email DNS is much better (does not have this problem).
I do not recoment to use Hallo Lookup. 
Related Posts
- Sandbox API Login: return values? 154 Views
- Automatically Ban Malicious Inbound IPs using... 293 Views
- Recipient Verification 241 Views
- Separate authentication and authorization 226 Views
- FortiNAC 9.4 False positive events 168 Views
Labels
-
FortiGate
6,598 -
FortiClient
1,315 -
5.2
801 -
5.4
639 -
FortiManager
570 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
338 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
248 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
73 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
26 -
Firewall policy
25 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
High Availability
21 -
FortiConverter
21 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Application control
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.