Fake MX
Here's a simple trick to get rid of a lot of spam. This trick is especially effective for getting rid of spambot spam. (Spambots are virus infected Windows computers or hacked Linux boxes.) This simple trick can cut your spam in half without installing any software or losing any good email. (No false positives.)
Contents |
Background
Email is routed on the Internet using DNS MX records. These records tell the world where to send email for a particular domain. They are associated with priority numbers telling the sending email servers which of your servers it should try first, starting at the lowest numbered servers to the highest numbered servers .
mail.example.com 10 (main server) backup-mail.example.com 20 (backup server)
Many spambots don't follow the rules, and they try to spam the backup server first, assuming that the backup server is less likely to have spam filtering protection. Unlike real email servers, spambots don't retry on failure. They just move on to the next victim. So if you throw up any resistance, they go away, and you don't have to bog down your server running Spam Assassin to filter it out.
The trick
And all it takes is a simple modification of your MX records as follows:
mail.example.com 10 backup-mail.example.com 20 fake.mx.example.com 30
The host fake-mx.example.com is a fake MX record. What you do is point it to an IP that is either dead or doesn't have port 25 open. The way it works is that the spambots will try to spam your fake IP address, nothing responds, and they go away. It's that simple.
If your servers were down and a real email servers hit the fake MX, no problem. They would just keep retrying on the low MX records until your mail servers came back up. No good email is lost, but lots of spam goes away.
The trick part two
If you want to get more aggressive, you can put a fake MX on the low end too. This will delay your good email by about one second, but it's a small price to pay for significant spam reduction.
fake0.mx.example.com 0 mail.example.com 10 backup-mail.example.com 20 fake1.mx.example.com 30
In this configuration, the lowest numbered MX is also fake. Real email will hit this too, but real email servers will try again on the next highest numbered MX record and succeed. Spambots won't retry and will go away. No good email is lost, and spam is significantly reduced.
Conclusion
This of course doesn't block all spam. It just takes a hunk out of it. You would then have to process the remaining email using other spam filtering tricks to further reduce your spam. But this is a good front end trick that will get rid of a lot of it without taking up resources.
Web Hosting Wiki article text shared under a Creative Commons License.
