Let me clarify something about using bogus MX records. Let's assume the
following.
bogus0.domain.com - MX 10
real.domain.com - MX 20
backup.domain.com MX 30
bogus1.domain.com MX 40
bogus2.domain.com MX 50
The host bogus1 and bogus2 are 100% safe and effective. The bogus IPs
can be dead on port 25 or can return 421 and let it retry. The 421 will
let you log hits if you want to see it working.
The bogus on the low end is trickier. What you have to do there is
firewall off port 25 to almost everyone. You can't do a 421 error
because it breaks Qmail servers. Qmail won't retry higher numbered MX
records after seeing a 421 but will try if the port is closed.
Because there is occasionally some server doing something very weird you
might have to open up port 25 one some specific IP who is running
something really dumb. I think I've had to do this only once or twice.
But once you open up port 25 to the problem user you solved the problem.
For the most part if you do an MX sandwich as above you'll get rid of
80% of your spam and not lose good email. If you are fearful of going
all the way then just do the higher numbered MX and leave the bottom as is.
