Post Feed
Comment Feed

About Me

My MP3 Player

Dream Theater - Octavarium Transatlantic - SMPTe Dream Theater - Train of Thought Transatlantic - Bridge Across Forever

New Comments

2017 Archives

All Archives...

Fight Spam with a Fake MX

Wednesday, November 15th, 2006

I just can't seem to get ahead of the spammers. I'm constantly looking for new techniques and little tricks to catch up to them. I usually do for a little while, but as time goes on they keep pulling ahead.

For those of you who don't know how email actually works, here's the quick and dirty version. Say you want to email user@example.com, you compose you message and hit "send" in your email client. Your client will connect to your email server (most likely your ISP's server) and send the message there. Once that server has the message it looks up the MX record for example.com. An MX record simply tells you what server(s) handle mail for the domain. You can (and really should) have more than 1 MX record with different weights. The server will then connect to the server with the lowest weight and pass the message along. From there it might get passed along (relayed) a few more times internally before it lands in your mailbox, but that's just about it. If the lowest weight MX doesn't answer (is down or busy) the sending server should then try an MX with the next higher weight and so on until the message is delivered or returned.

This whole idea of using the lowest weighted MX first and then moving up is set by the RFC (standards) for the Simple Mail Transport Protocol. Spammers don't use standards; in fact they usually do the complete opposite.

Yesterday I was reading about a trick that I haven't yet heard of, the idea of a fake MX. Basically you just add an additional MX record for your domain with a really high weight. All legit email servers should use the lower weight servers to deliver mail, and never touch this fake MX. Spammers on the other hand will sometimes use the highest weighted MX record first on purpose because they are usually just backup mail servers with less spam filtering. Then you simply set the mail server on the fake MX to tempfail all incoming mail. This basically means the server will reply with a "I'm busy, try again later" message and reject the email. Again according to the standards, legit email server will try again later and continue to for a number of days before returning mail as undeliverable. Spammers don't retry, at least most don't. They are all about sending as much spam as fast as possible. If they get tempfailed they usually just move on and don't come back.

I thought that was a pretty good idea. I haven't set this up yet, I'm trying to figure out a way of testing it to get some numbers without actually rejecting email, at least until I'm sure it's actually working.

Comments (3) Subscribe

Manda
#1 - Nov 15, 2006 at 7:39 PM
I had some guy call me at work today. He got spam from someone named Milton and his e-mail address had some random letters and our domain name. It was apparently confirmation of a loan he never applied for *gasp*. I've never heard of that happening. So this guy looks up our website and calls us. He was pissed.
I guess this was his first day using the e-mails.
Joe
#2 - Nov 16, 2006 at 5:39 AM
Wait, so this guy gets a spam with your domain name in the from address and he calls you to complain?! What a dumbass. That's like me sending you a snail-mail letter and writing someone elses return address on it.

There is actually something that can be done about that situation, it's called SPF. Basically it's another DNS record that specifies who (what mail servers) are supposed to be sending mail using your domain as the from address. It's handy to stop the phishing people from emailing company people from humanresources@company.com asking them to update their info.

I hope you told this guy to get a clue.
Manda
#3 - Nov 17, 2006 at 5:58 PM
Nah, I gave him Dave's e-mail address so he could go vent to someone who wasn't me. It was all quite amusing though.

Make a comment!

Name
Numbers from below

Comment

Email Address

Website URL


Remember me