So, what I am looking for is a test that looks up the HELO address in
DNS and compares it to the IP that it was sourced from.
I have some spam with the following received characteristics which would
have been a great demo for this possible test:
Received: from cpe-76-190-23-240.woh.res.rr.com (HELO earthlink.net)
(76.190.23.240)
by 0 with SMTP; Fri, 22 Dec 2006 14:48:14 -0800
From: "Kristi B Valladares" <[EMAIL PROTECTED]>
What I want to do is lookup the HELO data in DNS (in this case
earthlink.net) and confirm that the IP it was received from (in this
case 76.190.23.240) is not the IP address (or even in the same subnet)
that the HELO resolves to.
Is there a test that already does this?
Thanks,
John
