A. Use a valid domain mapped to an unroutable or loopback instead of the .
I've decided to use 127.0.0.1
B. Set spf -all, for those who bother to check that to stop inbound mail from
your domain.
Already had that in place
C. Donate the spam to someone who would use it.
I can't donate the existing incoming email due to privacy concerns, however,
project honeypot uses subdomains (f...@bar.example.com) for it's spam traps and
wants unused subdomains so it's traps will be 'clean to start'. I'll see if I
can get that done.
D. Expect some spammers to detect any MX strangeness you use and bypass it in
favor of your A record.
Understandable, and none of the referenced records in the DNS files accept mail
from outside, connections are silently dropped at the firewall. This is just an
attempt to cut the mess coming in because of the A record down in size.
E. Set up an actual mail server routing all mail to /dev/null.
I'd rather just drop the traffic rather than have another service to
maintain/secure/update
__
Eric Esslinger
Information Services Manager - Fayetteville Public Utilities
http://www.fpu-tn.com/
(931)433-1522 ext 165
-Original Message-
From: Eric J Esslinger [mailto:eesslin...@fpu-tn.com]
Sent: Tuesday, December 15, 2009 9:18 AM
To: 'nanog@nanog.org'
Subject: DNS question, null MX records
I have a domain that exists solely to cname A records to another domain's
websites. There is no MX server for that domain, there is no valid mail sent as
from that domain. However when I hooked it up I immediately started getting
bounces and spam traffic attemtping to connect to the cnamed A record, which
has no inbound mail server (It's actually hitting the firewall in front of it).
(The domain name is actually several years old and has been sitting without dns
for a while)
I found a reference to a null MX proposal, constructed so:
example.comINMX 0 .
Question: Is this a valid dns construct or did the proposal die? I don't want
to cause people problems but at the same time, I don't want any of this crap to
even attempt to deliver on this domain to any of my servers.
This message may contain confidential and/or proprietary information and is
intended for the person/entity to whom it was originally addressed. Any use by
others is strictly prohibited.