EHLO/HELO
Learn what EHLO and HELO are in SMTP, how they identify sending mail servers, and how DMARCeye uses them to map and secure your mail infrastructure.
What are EHLO/HELO?
EHLO and HELO are SMTP commands used by mail servers to introduce themselves at the start of an SMTP session. The HELO command was defined in the original SMTP specification, while EHLO (Extended HELO) was introduced with Extended SMTP (ESMTP) to support modern extensions such as authentication, encryption, and 8-bit data transmission. These greetings identify the sending server and initiate communication with the recipient mail system.
Every SMTP conversation begins with an EHLO or HELO command, making it one of the most fundamental parts of email transmission. The domain name included in this greeting, known as the HELO domain, is often used for reverse DNS checks and authentication validation.
How EHLO/HELO Works
Example SMTP handshake:
220 mail.receiver.com ESMTP Ready
EHLO mail.sender.com
250-mail.receiver.com Hello mail.sender.com
250-SIZE 10485760
250-STARTTLS
250 AUTH LOGIN PLAINIn this example, mail.sender.com is the EHLO domain, and the server advertises its supported capabilities, such as message size limits and encryption options.
Differences Between EHLO and HELO
- HELO: Used in legacy SMTP systems and provides no extended capabilities
- EHLO: Used in Extended SMTP, enabling advanced features like STARTTLS, AUTH, and delivery status notifications
Modern mail servers almost always use EHLO. If EHLO is not recognized, the server falls back to HELO to maintain compatibility.
Why EHLO/HELO Configuration Is Important for Email Authentication
A properly configured EHLO or HELO domain improves authentication and deliverability. Inconsistent or invalid greetings can raise spam filters or fail reverse DNS checks. Best practices include:
- Using a fully qualified domain name (FQDN) that matches the server’s PTR record
- Avoiding generic or placeholder values (e.g., “localhost”)
- Ensuring the domain resolves properly in DNS
- Aligning EHLO/HELO with SPF and DKIM policies
EHLO/HELO and DMARCeye
DMARCeye analyzes EHLO and HELO identifiers found in authentication reports to map sending infrastructure and detect misconfigurations. By correlating EHLO domains with IP reputation, SPF alignment, and DMARC data, the platform helps administrators identify unauthorized or misaligned mail sources that impact deliverability.
Proper EHLO/HELO configuration ensures that outbound messages pass trust checks smoothly, supporting secure and consistent email authentication results across your domain.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.