The Sender-MX-Check needs some enhancements. ;) Spammers mostly use RFC1918-adresses or unresolveable names as MX-RR, e.g.:
@ IN MX $PRI 127.0.0.1 @ IN MX $PRI has.no.a-record. @ IN MX $PRI has.rfc1918.a-record. latest examples (all of the domains below are only used to deliver SPAM): $ dig MX radiocompa.com ,----- | ;; ANSWER SECTION: | radiocompa.com. 86289 IN MX 0 127.0.1.51. `----- or: $ dig MX fflowershop.com ,----- | ;; ANSWER SECTION: | fflowershop.com. 3600 IN MX 10 localhost.fabulous.com. `----- $ dig A localhost.fabulous.com @ns1.darkbluesea.com ,----- | ;; ANSWER SECTION: | localhost.fabulous.com. 3600 IN A 127.0.0.1 `----- If I had the time and better C skills, I would add the tests myself but... ;) regards, Lars