Fake MX Records

Skip to first unread message


Sep 24, 2007, 12:50:53 AM9/24/07
to spamfr...@googlegroups.com

Fake MX Records

Fake MX records can work like greylisting and often much faster. It doesn't require the installation of new software. What you do is add a fake highest and lowest MX record. Normal email will probably retry but spammers often don't. This is especially true of virus infected windows zombie spam. Here's an example MX configuration.

The fake records can either be undefined or can point to dead IP addresses or to real IP addresses with port 25 closed. On the lowest numbered MX be sure it's pointed to a closed port because if you just use a temporary error then Qmail, which is not RFC compatible, will never move up to the next MX record.

Fake Lowest MX

The reason for the fake lowest MX record is that where most email is delivered. Real servers will get the error and retry the middle MX and deliver the email with only a few seconds delay. Zombie spam will just move on to the next victim. No good email is lost but a huge amount of spam never makes it into the system at all. This not only reduces spam but also reduces system load as SA doesn't have to process any of this.

Fake Highest MX

Email is supposed to be sent to the lowest numbered MX record first with the higher MX records being backup servers. Spammers often with try the highest MX record first thinking that the backup servers have less spam filtering than the main email server. They try the highest MX record and then never come back. So I set my highest MX record to point to an IP address that always returns a temporary "Come Back Later" error.

A real email will retry and get through. But the spammer will just go away. This trick saves having to process about 25,000 messages a day on my server.

Optionally you can add a lot of fake MX records on the top side. Additional fake MX records on the lowest numbers end will cause some additional delay, but on the high end there's no penalty. The reason for additional higher MX records is if spammers start trying random MX records then this give them more dead MX records to try.

Reply all
Reply to author
0 new messages