But as regards HELO, I know what the rules for HELO state, and so I know why it should work (even if it is considered RFC infringing). But I've never seen a detailed analysis of HELO strings in the same manner as I've seen studies for the effectiveness of different RBL.
This is one of the things that ASSP has been doing VERY reliably, and with some of the changes that Fritz has made (PenaltyBox being the main one), it is even better.
What I want to see is someone saying "X% of our normal genuine email servers were (would have been) caught" & "it stopped (or would have stopped) Y% of spam".
Lots of anecdotes don't cut it I'm afraid, not that I don't believe the people, just it is different when it is someone elses email you are filtering, especially if you are making a Yes/No decision on accepting email on the basis of the test. I need to know if it is <1%, <0.1%, or <0.001% false positives, as that'll establish how many people get angry. Obviously email sources vary, but I need to know where to concentrate the effort.
If you are really interested in how HELO checks can be used to drastically cut the number of valid connections, I highly suggest trying out ASSP, or at least checking its code.
--
Best regards,
Charles