DELIVTERMS: HELO/EHLO


DELIVTERMS:
The weekly series here on Spam Resource that defines deliverability terminology. Today, I'm going to talk about HELO/EHLO.

When you send me an email from your account on Outlook.com to my account at Gmail.com, Outlook builds the email message based on your content, then its outbound mail server connects to and transmits that message to an inbound mail server at Gmail. Those servers communicate with each other using a protocol called Simple Mail Transfer Protocol (SMTP).

When one server connects to another, the receiving server offers up a bit of text upon connect, called an SMTP banner. The sending server responds with a HELO (Hello) or EHLO (Extended Hello) command, basically saying “Hi, I am a mail server and my name is XYZ.”

I don’t want to go too far into the weeds and turn this post into a whole breakdown of how SMTP works. Instead, let me focus on where the HELO/EHLO comes up in deliverability monitoring and alerting.

Various online deliverability test tools and spam filters (including Spam Assassin) will occasionally flag messages with a warning that the “host name specified in HELO does not match IP address.” Or maybe you saw SpamAssassin triggering one or more rules like NO_RDNS_DOTCOM_HELO, RCVD_FAKE_HELO_DOTCOM, or HELO_LOCALHOST. What does this mean?

If I send you a weekly Spam Resource email newsletter, my sending server is named, in DNS, “s1.xnnd.com.” When it connects to the inbound email servers for Gmail, or Outlook.com, or Yahoo, it says HELO s1.xnnd.com after it connects – meaning “Hi, I am s1.xnnd.com.” That server’s IP address is 206.125.175.2, and that maps, via DNS, to s1.xnnd.com. Because that IP address maps to s1.xnnd.com, and the HELO maps to s1.xnnd.com, everything matches in DNS and server communication, and thus, emails from my server would never generate that specific alert.

But if you, your ISP or ESP, or VPS provider, somebody typo’d DNS settings, or typo’d the HELO setting in your mail server settings (that HELO setting being something that somebody typed into a mail server configuration file at some point), you could end up seeing that warning when doing deliverability or spam filter testing. If my server was saying “HELO, I’m bob.microsoft.com!” and by DNS was still s1.xnnd.com, that’d be a concern that perhaps my server wasn’t being truthful about its identity. This mismatch can be a spam sign. A small one, but still. It’s not likely to immediately get you blocked at any large ISP, but it can increase the chance that somebody, somewhere will consider mail from that server more likely to be spam. So, if you ever see a “HELO/EHLO doesn’t match!” error, it’s a good thing to try to fix.

You may have also picked up on the fact that your reverse DNS hostname for your server's IP address needs to match here, as well. That is true, and good thinking! Even though these are all backend bits of how mail works, and the results typically only show up in hidden email headers, you always want to make sure that both your HELO name and DNS for your IP address exist, and properly reflect you or your sending platform.

No comments

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.

Powered by Blogger.