Sent: Thursday, December 14, 2006 11:38 AM
To: Jason Jonelis
Subject: Update [Incident ID: 1411852] - Unblock request

Our support staff has responded to your request, details of which are described below:

Discussion Notes
Support Staff Response
Dear Sir or Madam,

Thank you for contacting online support. ( is blocked. It was detected sending spam to our users on 2006/12/11 12:29:14 (MST).

It also provided invalid identifying information when connecting to our servers. This usually indicates a virus infection. The system will need to be cleaned of viruses and worms, and properly configured and secured before we will unblock.

Bogus helo

The IP address you have submitted ( is not currently eligible for unblocking because the mailserver has returned a 'bogus helo'. This indicates that the server the email originated from either has a virus or has not been setup correctly. Please refer to the following information regarding this issue:


The SMTP HELO command is used by the outgoing mail server to greet the destination servers that they are connecting to. It is usually the first command issued when mail is being sent. It means "Hello, I am ..." Many viruses and bulk emailers send false or nonstandard HELO messages. We are starting to filter these messages and block traffic from email servers that utilize non-standard HELO settings.

Here are the types of error messages related to helo issues that you may experience:

1. bogus helo

This means that the sending email server connected to our mail server and said "HELO [their IP]". RFC 1132 says that the HELO ("hello") message should contain "a valid principal host domain name for the client host". This means a name like "", or "". An IP address is not a valid listing for the name of the server.

In order to resolve this situation, the sending server's administrators will need to configure the server properly, which will cause it to identify itself by name rather than IP address. The administrators of this server may also want to check it for viruses, as many viruses use the HELO command with an IP rather than the name.

2. bogus helo (IP address listed here)

This means that the sending server connected to our mail server and said "HELO (receiving email server's IP)". What this means is that the sending server tried to say "Hello, I'm you!" This action is generally caused by a virus.

In order to resolve this situation, the sending server's administrators will need to check it for viruses.

3. bogus helo matches rcpt

This means that the sending system connected to our mail server and said "HELO (receiving email server's domain name)". This is another version of "Hello, I'm you!" but using the server's domain name rather than the server's IP address. This is normally caused by a virus or a bulk emailer.

If this process is not done intentionally, it is generally created by a virus. The server's administrators will need to check the machine for problems.

We hope that this information is useful in diagnosing and resolving the issue that you are experiencing.

Dee F.
Online Support Technician
Customer Inquiry
Phone: 8008704340
Submitted by:

If you need further assistance with this matter, please reply to this email or contact customer service at 480-624-2500 and reference [Incident ID: 1411852].

Customer Service
2006. All rights reserved.