Hallo!
I run a mail server for exampleALPHA.tld, and that same box also
happens to run as a 'tertiary' DNS server for exampleBETA.tld
There is no direct relationship between alpha and beta, other than that
our two organizations made an arrangement to act as fallback DNS for
each other. We do not accept mail for each other, or anything else.
We host 'zone' files for each other, but those zones are slaves of the
masters on our own servers, and they do not reference the other org.
We are now seeing multiple attempts to send mail to
vari...@examplebeta.tld - many of them legit addresses. But the
only MX listed for beta is their own mail server mail.exampleBETA.tld
Is there some obscure condition of (poor) mail server behaviour that
would cause legitimate mail to try to deliver to an IP that is only
identified as a tertiary DNS and NOT identified as an MX of any kind?
Or do I have a golden opportunity to run a 100% assured honeypot and
submit the IP addresses to pyzor and other blacklists as definitely
a spam source?
- Charles
