Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
I'm trying out a new idea for blacklisting hosts. I have several
email servers for processing spam. These servers service my lowered
numbered MX records. I also have several dummy mx records that are
higher numbered than my real servers. So in theory no one should ever
hit the higher numbered servers. Especially when the IP addresses are
on the same server as the lower numbered MX.
Nobody except for users of Domino, Blackberry, and who knows how many
other business mail platforms that send mail to whatever MX they feel
like.
Who thinks this is interesting?
Apparently you do. Sorry Marc, couldn't resist. :) This is pretty
old news though. You've even brought it up yourself at least once,
but probably five times, before.
I've brought up the idea of using high numbered fake MX records several
times and it's very effective. What's new here is that I'm powering my
public hostkarma blacklist database in part by the IP addresses that
make multiple attempts to send email to high numbers mx records when low
numbered mx records are available. In the last 7 hours I get 145000 hits
that I've recorded. And checking the dnsstuff lookup a lot of these IP
addresses aren't listed with anyone but me.