Reducing spambot spam with fake MX records
http://www.nationalcybersecurity.com/articles/163/1/Reducing-spambot-spam-with-fake-MX-records/Page1.html
Marc Perkel
Expert in advanced spam filtering technology. President of Junk Email Filter dot com. By Marc Perkel
Published on Wednesday 30th 2008
Handy tip about how you can reduce spam from virus infected spam bots using MX record tricks. This simple DNS trick can get rid of as much as 1/3 of your spam.
Tricking Spam Bots
One way to make your computer more secure is to stop computer viruses before they can get to you. Virus infected computers send virus infected spam that undermines your cyber security. Generally virus blockers do a good job but there's a simple trick to reduce spam so that your spam filters and virus blockers have to do less work.
Email systems use the MX (Mail eXchange) record in the DNS to tell the world where to send email for the domain. The MX records allow you to specify a list of email servers that will accept your email and you can use priority numbers to specify the order that the email servers should be tried. The lowest numbered servers are tried first, the highest numbered servers are tried last. Most domains have one or two servers. Here's an example of a typical configuration:
mail.example.com 10 -- main email server
backup.example.com 20 -- backup email server
In this example the server mail.example.com is tried first and if it is off line then the email is sent to backup.example.com.
Normal email servers attempt to send email in the normal order but spammers using spam bots often send email to the highest numbered MX records first thinking that there's less spam filtering on the backup MX servers. The try to go in the back door. And spam bots don't retry on failure. If the attempt isn't successful they go on to the next victim.
So the trick is to create a fake highest numbered MX record and point it at a server that either does nothing at all (no port 25 services or dead IP address) or return a "451 error" which is a "not ready - come back later" error. If a real email server hits this IP address the server will come back later to the correct mail server and no good email is lost.
However - when the spam bots try to send spam and don't succeed they just go off and don't come back. So the spam is blocked And you don't have to use Spamassassin or anti-virus software to block that spam, which increases system accuracy and decreases system load. About 1/3 of your spam just vanishes. Here's an example of how you might set up MX records to take advantage of this trick:
mail.example.com 10 -- main email server
backup.example.com 20 -- backup email server
tarbaby.junkemailfilter.com 30 -- fake email server
The last entry - which is a public fake MX server set up by junkemailfilter.com - not only sends the 451 error for you but also is a virus detection service and feeds data into public IP blacklists of known virus infected spambots. So by using this for a highest fake MX you not only reduce your spam but you help reduce spam for others.
This trick isn't a spam filtering solution in itself but is just another trick to help reduce junk email. And the best part is that it's free and just works. And in doing this you help fight a security problem that we all suffer from.
Email systems use the MX (Mail eXchange) record in the DNS to tell the world where to send email for the domain. The MX records allow you to specify a list of email servers that will accept your email and you can use priority numbers to specify the order that the email servers should be tried. The lowest numbered servers are tried first, the highest numbered servers are tried last. Most domains have one or two servers. Here's an example of a typical configuration:
mail.example.com 10 -- main email server
backup.example.com 20 -- backup email server
In this example the server mail.example.com is tried first and if it is off line then the email is sent to backup.example.com.
Normal email servers attempt to send email in the normal order but spammers using spam bots often send email to the highest numbered MX records first thinking that there's less spam filtering on the backup MX servers. The try to go in the back door. And spam bots don't retry on failure. If the attempt isn't successful they go on to the next victim.
So the trick is to create a fake highest numbered MX record and point it at a server that either does nothing at all (no port 25 services or dead IP address) or return a "451 error" which is a "not ready - come back later" error. If a real email server hits this IP address the server will come back later to the correct mail server and no good email is lost.
However - when the spam bots try to send spam and don't succeed they just go off and don't come back. So the spam is blocked And you don't have to use Spamassassin or anti-virus software to block that spam, which increases system accuracy and decreases system load. About 1/3 of your spam just vanishes. Here's an example of how you might set up MX records to take advantage of this trick:
mail.example.com 10 -- main email server
backup.example.com 20 -- backup email server
tarbaby.junkemailfilter.com 30 -- fake email server
The last entry - which is a public fake MX server set up by junkemailfilter.com - not only sends the 451 error for you but also is a virus detection service and feeds data into public IP blacklists of known virus infected spambots. So by using this for a highest fake MX you not only reduce your spam but you help reduce spam for others.
This trick isn't a spam filtering solution in itself but is just another trick to help reduce junk email. And the best part is that it's free and just works. And in doing this you help fight a security problem that we all suffer from.