Re: Random Email Bounces

Rich Matheisen [MVP] <richnews@xxxxxxxxxxxxxxxxxxxxx> wrote:
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

[ snip ]

Still SPAM bait regardless. Just takes a different hop.

An *additional* hop, sure. If you're saying you think the mere
presence of a secondary MX record *attracts* spammers who wouldn't
ordinarily bother targeting the *real* server....well, it's an
interesting theory, but I'm not sure how one could prove or disprove
it.

Easy enough to prove. Set up another server to act as a secondary for
your domain. Then do your own analysis of the messages that get
delivered to that IP. I think you'll be surprised.

Well, even if I thought it would be valid as a proper representative sample
size for this study, I'm probably not going to test this idea by using one
of my own registered domains that's currently blissfully free of spam - -
my own wee server here is pretty busy as is :-)

Why? Secondary MX are usually at some other site that you trust. If
spam is delivered there you won't be subjecting it to anything like
those ever-popular DNS RBLs . . . maybe not even passing it through
your normal spam filters.

Ah - well, that won't be true for me or my clients (all inbound mail is
going through the same filters), but yes, I understand the configuration
you're talking about.

Of course you can also depend on the fact that not a lot of the
mailers used by spammers retry failed delivery attempts. So why not
set up your primary MX to drop everything by resetting all
connections). A legitmate mailer will try your secondary. A good
number of spam mailers will not.

Interesting ideas. I'm just wondering what other people do, then...note,
other people who don't run large enterprise networks. Yes, I know the
sending servers should retry delivery for several days, but the DSNs the
senders will get don't really make the recipient's company look very good!

If I need to take someone's server down overnight/over a weekend, or
something else goes awry, I'm generally quite happy to have the queue-it-up
& redeliver it system in place. I'm slowly starting to migrate a lot of
clients over to hosted filtering services such as Postini/MailFoundry, which
I suppose will eventually make this somewhat moot.


.

Relevant Pages

  • Re: Spam
    ... I use SpamCop to report those spam messages that get ... through their server, which would eliminate the need for MailWasher. ... >> or "remove" yourself from the spammers' address lists; ...
    (microsoft.public.windowsxp.basics)
  • Re: A interesting way to detect spam based on the proximity of the sender with the receiver
    ... server to check for any other thing like white list, ... reams of spam, tend to keep open only the e-mail port, known as the ... Spammers also tend to have IP ...
    (Security-Basics)
  • Re: Spam
    ... > MailWasher to preview my email before downloading it from my ISP's ... I use SpamCop to report those spam messages that get ... > through their server, which would eliminate the need for MailWasher. ... If spammers had any intention of honoring ...
    (microsoft.public.windowsxp.basics)
  • Re: Intelligently processing deferred mail
    ... period, I have 4,000-7,000 deferred emails, but these generate nearly ... 1million delivery attempts. ... don't want (spam) to deliver to your users and that you're sending ... server with undeliverable messages. ...
    (comp.mail.sendmail)
  • Strange email deliveries
    ... Recently we have been getting a lot of spam past the Trend Micro Spam ... Small Business Server has removed potentially unsafe e-mail attachment ... The subject is Delivery reports about your e-mail ... The attachments are all the same though. ...
    (microsoft.public.windows.server.sbs)