preventing backscatter at the source
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sat Mar 29 08:27:52 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Nienberg wrote:
| Mark Sapiro wrote:
|
|> The anti-backscatter militants will tell you you just can't have a
|> backup MX unless it always has access to your user database. Since
|> mail never goes to your backup unless your primary is down, there's
|> no way the backup can call forward to the primary to validate an
|> address. But, the bright side of this is you are just rejecting the
|> backup's mail at SMTP time, so the backscatter DSN is the ISP's
|> problem ;)
|
| Interesting. A lot of spammers seem to send deliberately to secondary
| or teriary MXs instead of the primary even when the primary is up and
| running, in hopes of that it will not be as well protected. So most of
| the time the backup at my ISP could call forward (but I doubt that it
| is, I'll have to check).
There are some ways to defeating this. They started by picking the worst
MX record. So add your own server as worst record and these messages are
are toast again.
Then they started to do the random thing. So now you just add more worse
case entries that point back to aliases and they propably will hit you
instead of your backup. It just becomes a number game.
Hugo.
- --
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH7f2HBvzDRVjxmYERAn2yAKCHODkB9nnocBGwZoPZcCq+P8r1VwCfYxQK
xgp2Lc1W0HT37qJEWIpW7bg=
=WtIq
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list