On Wed, 2007-08-29 at 18:48 +0100, Graeme Fowler wrote: > On Wed, 2007-08-29 at 10:23 -0700, Marc Perkel wrote: > > As some of you know I get rid of a lot of spam using fake high numbered > > MX records. I'm now doing some interesting experiments. Even though my > > TTL is only 2 hours I notice that if I change my fake high MX to > > different fake high MX that the spam zombies still send email to the old > > fake MX records for many days, sometimes weeks. > > In the olden days, when AOL used to be a Really Big Player (!), there > were many uncorroborated and persistent rumours that they (and several > other large ISPs) used to deliberately ignore DNS zone and resource > TTls, and forced them to be much longer than the zone administrators > intended. I say "uncorroborated" because even in the mists of NANOG, few > people can actually provide hard details that this was the case from the > inside of those organisations - most of the evidence is from external > observation. > OK - I'll corroborate it - In our Wimsey days and iStar days (1986-1999), we documented many times when AOL (once they joined the 'Net) in particular ignored both short TTLs (less than a day) and any TTL (ours defaulted to 7 days) and in general failed to update for as much as a month with some of their servers much longer so it was inconsistent. I could dig into my archives of correspondence with them if you'd like :)
I was the one who did most of the DNS changes and moved stuff as we grew and changed IP blocks and such. That was when we noticed it the most - but customers moving to us (and away from us) also had problems. Some, admitedly, were caused by other ISPs either failing to take their zone files out when a customer moved, or in a couple of cases actually working at screwing things up - but there were enough cases that I could truly put down to AOL not respecting the TTLs that I'm convinced. I even have web logs from that erra showing persistent tries to sites that had moved from AOL addresses. ... > I'm reminded of the joke about the engineer, the physicist and the > mathematician on a train journey through a strange land. The engineer > spots a black sheep: > > E: All sheep in this country are black. > P: One sheep in this country is black. > M: One side of one sheep in that field in this country is black. > > You simply cannot assume that any attempts to connect using your old MX > address are spam zombies. Many may be, but some will not. Some may be > legitimate messages affected by the observed behaviour of some caching > nameservers. Can you afford to drop them? > > Also, have you read about fast flux? Take care not to make your domain > look like a fast fluxer (in DNS terms) as you may fall foul of other > antispam operators too. You wouldn't want that again, would you? > > Graeme > Good story and good advice richard -- - Richard C. Pitt Pacific Data Capture [EMAIL PROTECTED] 604-644-9265 http://richard.pacdat.net www.pacdat.net PGP Fingerprint: FCEF 167D 151B 64C4 3333 57F0 4F18 AF98 9F59 DD73 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
