Preventing SPAM

Need help? Ask here.

Moderator: Moderators

Post Reply
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Preventing SPAM

Post by Black20VT »

I read an interesting suggestion for preventing SPAM on the SPAMASSASSIN site today and wondered if this was possible?
Fake MX Records

Email is supposed to be sent to the lowest numbered MX record first with the higher MX records being backup servers. Spammers often with try the highest MX record first thinking that the backup servers have less spam filtering than the main email server. They try the highest MX record and then never come back. So I set my highest MX record to point to an IP address that always returns a temporary "Come Back Later" error.

A real email will retry and get through. But the spammer will just go away. This trick saves having to process about 25,000 messages a day on my server.
Is this a valid way to prevent SPAM? If so, do Rollernet have the ability to do this?

Can you advise?

Thanks.
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

We see a lot of spam target us since we're the secondary on a lot of mail servers, but I've never personally tried setting up a fake highest-priority MX, so I can't say how well it works.

As far as offering such a service, yes, it's simple enough to add. We'd have to put a little logic behind it so it only responds with 4xx errors to domains we serve and 5xx to everyone else not in the system. We'll look in to it.
Technical Support support@rollernet.us
Roller Network LLC
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

That'll be great and I'd be willing to test it!

Like you say, a lot of my SPAM comes from my backup service, yourself, so if I can minimize that even more, that'll be a bonus!

Any idea when you'll possibly have such a thing in place that I could try?

Thanks.
sgrayban
Posts: 60
Joined: Wed Jul 12, 2006 9:53 am

Post by sgrayban »

I use this tatic on one of our main domains here.

We added....

MX 100 mta-spoof.domain.here

and gave mta-spoof.domain.here the internal IP of 192.168.0.1 which is totally valid RFC since intranet's can use that IP.

It's not the same as 127.0.0.0/8 which is black/BOGON listed because it is considered the LOOPBACK IP.

Stop's those spammers cold.
Post Reply