You write:
> > Thank you for fast response and for the fast reaction.

> > I was assured to get no or only an unmet answer from a rbl
> > operator - i am very impressed about my mistake  :-) 

We are here to serve  :) 

> > Anyhow - i am not to be about to do a renaming for two
> > main reasons:
> > - it is really braindead to filter for a name with this
> >   consequences - my hostname is in difference to bad
> >   maintained windowsboxes in fact rfc2821 compilant (fqdn) -
> >   windows boxes jelling out OEMCOMPUTER without a domain
> >   part. And you get them into the trap within the HELO/EHLO
> >   with the common smtpd helo restrictions (HELO required,
> >   invalid hostname, unknown hostname, strict-821-style-
> >   envelope, jaddar, jaddar, jaddar).

Oh, I agree that it is a FQDN, and that it's not an RFC violation;
that's one of the things we tuned in the detection, so that the
boilerplate response will not be lying if something similar is
detected in the future. But it's still a VERY common name for Windows
boxen, is VERY commonly sent as a HELO by infected computers, only
in recent years it's being sent with randomly created or chosen domain
name suffixed, so the test becomes less useful if we restrict it to
only non-FQDNs. I'm only suggesting that it's very strange to see a
Linux box sensibly run with a name like a mass mailing virus prefers.

We look for high correlations with very low false positives, and detect
for them. As far as I know, you're the only FP we've ever seen on this
test, in several years of operation.  

> >   What will be the next if a big vendor will sell boxes with
> >   default name 'mail' or 'mx' or 'www'?

Ah, that's unlikely. And even if it were so, we would hardly check and
list for same. But name a server YOUR-0XDEADBEEF.example.com, and don't be
surprised if you're listed, because there are literally millions of boxes
out there named 'YOUR-$HEXSTRING' that are typically poorly secured Windows
machines. Just as an example.

> > - A name check is not a technical but a social check. I am
> >   real against social checks for technical difficulties,
> >   especial in the internet with so many different cultures
> >   and people.

No, it's a technical check, based on probabilities. Like it or not, there
is little way to separate social from technical.

> >   If you really need to do social 'weak' checks, inspect the
> >   result by technical 'hard' probes to verify. At that point
> >   it is essential to probe in a active way. Yes, i know,
> >   that you cannot do this because of missing man-, machine-
> >   and financepower. Think about it.

Probing would reveal our detectors. 

Thanks for the feedback,