5.4.1 ORF Online Help
Select your ORF version:

Table of Contents

HELO Domain Blacklist


This help section describes the HELO domain blacklist test and the related settings available under the BlacklistsHELO Blacklist page in the left navigation pane.

General Information

The first step of the SMTP email transmission is sender introduction. The sending server introduces itself by saying "HELO" or "EHLO" and telling its own domain name to the receiving server. This feature allows filtering emails based on this HELO/EHLO argument domain.

Well-behaving servers can tell their domain name, but poorly written spammer software sometimes introduces itself with a malformed domain name and viruses often tell the name of the receiving domain or a fixed domain name and this can be used to identify malicious content.

Enabling or Disabling the HELO Blacklist

Enable or disable the HELO Blacklist test by clicking the ON / OFF button on top of the BlacklistsHELO Blacklist page, or on the FilteringTests page.

Using the HELO Blacklist

The "Blacklist if the HELO/EHLO domain... is malformed" option

Set this checkbox to blacklist emails with malformed HELO/EHLO domains, which were not caught by the SMTP Service itself. Legitimate email server may not send a malformed HELO domain.

The "Blacklist if the HELO/EHLO domain... is the same as the recipient domain" option

This is typical Internet worm behavior, some worms get the HELO/EHLO domain from the recipient email address.

The "Blacklist if the HELO/EHLO domain... is not an FQDN" option

Blacklists the email if the domain is not a Fully Qualified Domain Name (FQDN).

Email transmission standards require the HELO/EHLO domain to be an FQDN, but many servers, mostly Exchange servers, violate this requirement. Use this option as a policy enforcement tool only.

User-Defined HELO domain blacklist

Add your own blacklist expressions to this list. This may come handy if a new virus with a fixed HELO domain name shows up or if you want to blacklist specific domains or expressions (like IP addresses). See the Domain Lists help section regarding the configuration.

Copyright © Vamsoft Ltd. 2024. All rights reserved. Document ID adm-heloblacklist, version 1.