Matt, I do not consider ANY bulk mailer that purposefully violates RFCs "legitimate". Heck, AOL will delete or bounce your mail just for not having a properly configured PTR. In my mind, purposefully violating RFCs for the express intent of deceiving/avoiding spam filters is enough reason to reject their mail, if they are doing it on a consistent basis. I mean, why have RFCs, if some admins feel that they don't apply to them?
At least with PTRs, you can chalk some of those cases up to temporary problems of switching underlying networks or simple mistakes by admins. In order to send out bulk mailings to MXs in reverse order, you have to go WAY out of your way to modify a mail server or software to do something like that. There are no legit mail servers that do this in the default configuration. INTENT TO DECEIVE your mail server to accept their mail is the only reason someone would do something like this. In the end, its really all about money to these people though. If your solution works for you, great. On my system, 100% of the mail sent to the second or third MX is spam, or is sent by some shady bulk mailer. I have a much, much lower threshold for deleting spam on those servers. Any bulk mailers that want to get their garbage through the last MX (third) server will need to be whitelisted in the future, or pay me extra for the privilege of relaying their mailings via a server that they shouldn't even have to exist. William Van Hefner Network Administrator Vantek Communications, Inc. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Thursday, January 27, 2005 2:22 PM > To: [email protected] > Subject: Re: [IMail Forum] SpamCannibal (was another topic) > > > I have found that some newsletters/legitimate bulk-mailing > software will > hit lower priority MX's, possibly by design (some setups > don't have spam > blocking configured for backups which makes them more > desirable to hit, > but also some software doesn't bother with MX priority, they > just take > the first entry returned). > > Because zombie spamware regularly ignores MX priorities, we > set up 4 MX > records with 4 different priorities and made sure that our DNS was > round-robined, meaning that the records would be returned in random > order, but that doesn't matter to a complaint SMTP server > which should > choose the proper priority. Spamware seems to just simply choose the > first MX record returned, so when round-robined, that means > that zombie > spamware is evenly divided over our 4 records. This is > effective enough > that we then use Declude to filter for hits on all but the primary MX > record, and we add points for such hits. It is very effective since > hits to our MX3 and MX4 are 99.9% spam. Hits on our MX2 are scored > lower since their is more legitimate traffic that may hit it > and it is > on a separate box on a separate network. MX3 and MX4 are on the same > box as MX1, so technically, those should almost never be hit > by anything > remotely legitimate. > > Matt > > > > R. Scott Perry wrote: > > > > >>> The only time that any legitimate traffic should flow through our > >>> "secondary > >>> MX" is when the primary is down completely. > >> > >> > >> "never, ever" ??? not very humble, you "IMHO" > >> > >> In practice, simply not true, so don't bet any money on it. > > > > > > You are correct -- it the *remote* mailserver has a > temporary problem > > with their Internet connection, the connection to the primary may > > fail, and the mailserver will contact the backup. So legitimate > > traffic definitely can go to the backup. > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail > > mailservers since 2000. > > Declude Virus: Ultra reliable virus detection and the leader in > > mailserver vulnerability detection. > > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > > > ---- > > This outgoing message is guaranteed to be authentic by Message Level > > users. > > Guarantee the authenticity of your email @ > http://www.messagelevel.com. > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > -- > ===================================================== > MailPure custom filters for Declude JunkMail Pro. > http://www.mailpure.com/software/ > ===================================================== > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
