That's what I thought, but I don't play in that playpen
Wouldn't you just have an inbound filter to only allow HE ASes? Or do you also want to reach other ASes that pay HE for upstream service, but are multi-homed so exist in their own AS?
There's two ways to think about this problem: routes advertised and routes received.
Received:
So for the most part people implement zero or just minimal filters on routes received from peers. They might drop a set of ASNs they consider large that would be indicative of a leak. Some may go the extra distance and even do IRR filtering. But for the most part people are fairly permissive in what they accept from peers
Advertised:
Here's the catch. You announce routes to HE and they're propagating it to networks you don't anticipate. This pulls in traffic from other HE peers you weren't expecting. You don't really have much controls here. You can try to prepend but remember it's the other leaked peers of HE that will generally set a better local pref to HE (by virtue of being a peer) so your prepends won't do anything.
Wouldn't you just have an inbound filter to only allow HE ASes? Or do you also want to reach other ASes that pay HE for upstream service, but are multi-homed so exist in their own AS?