Slashdot Mirror
Fight Spam With Nolisting
An anonymous reader writes with the technique of Nolisting, which fights spam by specifying a primary MX that is always unavailable. The page is an extensive FAQ and how-to guide that addressed the objections I immediately came up with. From the article: "It has been observed that when a domain has both a primary (high priority, low number) and a secondary (low priority, high number) MX record configured in DNS, overall SMTP connections will decrease when the primary MX is unavailable. This decrease is unexpected because RFC 2821 (Simple Mail Transfer Protocol) specifies that a client MUST try and retry each MX address in order, and SHOULD try at least two addresses. It turns out that nearly all violators of this specification exist for the purpose of sending spam or viruses. Nolisting takes advantage of this behavior by configuring a domain's primary MX record to use an IP address that does not have an active service listening on SMTP port 25. RFC-compliant clients will retry delivery to the secondary MX, which is configured to serve the role normally performed by the primary MX)."
YASIGFINFE (Yet Another Spam Idea Good For Individuals, Not For Everyone) - Spammers will change their techniques to be more RFC compliant as soon as (if) Yahoo, AOL, Hotmail, Gmail adopted this method.
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
There are shills on slashdot. Apparently, I'm one of them.
This strikes me as the ultimate in temporary solutions. If spam senders *tend* to use only the primary MX record, and people start fighting spam by listing bad primaries, won't the spam senders simply start using secondaries? It almost seems the only way that this approach might be valuable, is if it weren't publicized and posted on /., and one kept it to oneself :)
Love many, trust a few, do harm to none.
This is not a long term solution.
1) It's bad netiquette, and a lot of people don't like that, including myself and I'm sure many other administrators.
2) It's an artificial "defense" that is easily circumvented because the rule is obvious. It's security through obscurity with the added suck that there is no obscurity.
3) It's solving a symptom and not any of the actual problems (e.g. hosts being compromised to send spam).
Thanks, but I'll pass.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
An anonymous reader writes with the technique of Nolisting, which fights spam by specifying a primary MX that is always unavailable.
Funny, I fight afternoon meeting schedulings in almost the same way. Just specify a primary time that's always unavailable.
The theory of relativity doesn't work right in Arkansas.
As someone who runs the incoming mail machines for a large university, I have found that spammers pick the highest and lowest IP to hammer away on, regardless of MX preference. Many spammers specifically target the high MX. I fail to see how making the low mx unavailable will deter spammers. If they can alter each image they send with each spam, they can alter which IP/MX their botnets deliver to.
We get stuff directed at our secondary all the time, despite having a highly available primary. Why? Our secondary is listed at another domain - they do our backup in the case of disaster. I can only assume that spammers hit it thinking that its a 'back door' into the network, perhaps we don't have the same rigorous anti-spam measures there.
Dumb idea. You're better sending all your domain mail to gmail, using their spam filtering, and then pulling it from there.
I want to delete my account but Slashdot doesn't allow it.
Just an awesome post. Love it.
Greylisting works just as well, donkeys.
Most spam bots already send to the *lowest* priority MX (ie. the highest number), and work their way backwards, because it's common for the backup MX'es to have lower anti-spam rules.
However, this idea would have been *great* six years ago. Once the developer invents a time machine, he's got the spam problem licked for at least a week!
There is more spam than penises needing enlargement, dammit!
I cant believe this is allowed to go on. How long did it take for callerID and no-call lists to get here? How long before we start putting these people in jail!
No more bandaids, lock these fuckers up!
For some time a few years ago, spammers used to IGNORE the primary MX and send to secondary MXs preferentially.
Since in our case, the 2ndary MX was a dumb sendmail relay only without knowledge of the user DB, it shot the traffic load out thru the roof with bounces to junk spam that, because they couldn't be rejected during the actual delivery attempt, hammered our backup relay.
This is just a dumb idea.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Based on watching a few corporate spam sites and even stuff which reaches my private, never-posted addresses, *much* of the spam could be eliminated by moving non-Windows clients. I'm not just talking about zombies. Some of the spam I see hits lists of addresses which are valid and include very difficult to guess addresses inside the company. Once somebody inside your company, or a buddy of yours is rooted, your previously private address is out there; I've never had this happen via any route but a Windows user. Of course, people who CC: everybody they know with idiotic crap instead of BCC: make this problem much worse.
Oh, and please stop with the lame form letter responses to these articles. It was cute once, long ago. I know at least five people will have posted them by now. Damn spammers.
"Greylisting" is where an SMTP server refuses messages for a certain amount of time. You set the criteria on why the message would be refused and how long the server would refuse to accept it.
It's been pretty much defeated now because so many spammers have their machines try to hammer the message through until it does go through.
I'm using greylisting right now and the only advantage is that many times a spammer will end up on an RBL during the 15 minutes that I'm refusing his messages.
Remember, the spammers have, effectively, unlimted bandwidth and unlimited processing power at their disposal.
Now the spammers just pushed out an update to their botnets... "Soldiers - try the high MX first."
/.
Okay everyone, switch your primary back - and don't post it on
Oh, wait... doh!
Just take the bastard spammers out into the main street and shoot them.
Bet you'd only have to shoot a couple to stop spam completely.
Spammers will often try secondary (and lower) MX's because there's a good chance that the anti-spam AND ANTI-VIRUS systems on those machines are weaker (read "outdated") than on the primary MX.
The more machines you have to maintain, the more likely you are to focus your efforts on the most critical ones and just let the other slide. Spammers are happy to exploit this.
Set the primary MX to 127.0.0.1 . That should keep those buggers busy for a few days. Have fun with those feedback loops, sucka!
;p
Of course, the same might be true of legitimate senders, as well....
Funny, I fight afternoon meeting schedulings in almost the same way. Just specify a primary time that's always unavailable.
When I worked overnights, I had a similar system.
Boss: We need to talk.
Me: Great. What night would you like to come in?
Boss: No, I mean you should stay late.
Me: But you don't come in until 9, and my shift ends at 7.
Boss: But it's important!
Me: Why is it always about your needs. Your need to have a meeting. Your need to get a decent night's sleep. What about my need not to sit around for two hours on the clock waiting for you to show up, surfing the web, all the while getting paid one-and-a-half my regular pa...okay, fine, you win.
Then, when I became the boss years later, I would always show up at the beginning of the night shift to talk to the employees, and then go to the bar. It made the employees feel noticed and made my superiors think I was motivated. Turns out my best defense against assholes like me is actually having been me.
The only surefire protection against Microsoft infections is abstinence. - The Onion
Standard Smartass Form for Comments on SPAM
.... you! Kind of joke
1. Please select format:
( ) In soviet Russia
(x) The same old form on spam subject we're tired to see here
( ) Some comment on female parts
( ) Suggesting you/slashdot_readers are virgins
( ) Will it run Linux?
( ) Cowboy Neal
2. Are you:
(x) Meant to be funny
( ) In a bad day, trolling
(x) Being authoritative on this subject
(x) Expecting to be modded up
( ) Agreeing with the news
(x) Trying to piss over something people might think it's interesting or relevant
3. Include "I'll be modded down for this but...."? (Y/N)
No
Thank you for submitting your message to the Slashdot forum.
Slashdot Quick'n'simple Form: The easy way to show people how smart your are!
Gmail's filtering is, well, badass. I'd think a large number of companies would be willing to pay them to handle email for their domains and forward to a company mail server which only accepts messages via gmail. You'd get a very nice web interface, but could still have the speed and power of a local POP/IMAP server. And virtually no spam. That would be worth a few bucks a month per account for a lot of people. Me, I'd be a little creeped out by them having that much access to my personal emails. Which is why I only use gmail for stuff that I don't want lost in a spam filter, like job searching, financial transactions, attorneys, my friends traveling in the Middle East, etc. But nothing personal!
Very strange. I've found that spammers try the secondary MX first, hoping that it has lower filtering than the primary. The higher the MX priority, the higher the probability that it will be the FIRST to be hit. That's why my secondary MX records point to the strictest server in our "cluster"... For a while, it pointed to one that refused ALL mail!
I run a mail system that pushes ~3million messages per day. Not huge, not small.
We have thousands of domains pointed to our mail servers and secondary MX servers. Looking at the long run stats, I'd be tempted to completely disregard this technique.
When we take a primary down for maintenance, the secondaries and alternate primaries (same weight MX) see the load almost immediately.
I second the opinion that if this has any effect, it's only for low volume applications, with few/one domain.
We generally see more hits straight to the secondaries by spammers hoping for less rigorous checking. It would be interesting to profile IPs connecting to secondaries without being seen at the primary assuming a primary is always available - I bet that a very high percentage of these connections to secondaries could be viewed as spam.
The problem remains that most tricks of this sort - including greylisting - are eventually circumvented by spammers once the trick gains critical mass. Lets not forget that there are a lot of broken, yet not open relay, mail servers out there. Good engineers and administrators quickly find that Jon Postel's words ring true with their customers "Be liberal in what you accept, and conservative in what you send." - don't let your RFC enforcing configuration be responsible for delaying/blocking the delivery of that big contract your PHB was waiting for!
How hard would it be for Yahoo, Google and other internet mail services to simply have two inboxes?
One for mail addressed to someone in your mailbox.
One for everyone else.
90% of my spam problem would be solved by this simple recipe.
It is your personal duty to fight for what is right on a daily basis. Ignoring injustice is identical to approving
> How long did it take for callerID and no-call lists to get here? About 125 years
tasty electronic music vittles
This probably works in many cases, but as a mail system admin I can tell you that it can fail and will cause problems for legitimate mail delivery. Over the past few months I remember seeing a few messages stuck in my Postfix mail queue, that didn't ever seem to make it out to the recipient's MX. These were domains with deliberately non-functioning MX, and I could not figure out why Postfix was not trying the other MX even though it was up and running. In one case I also tried mailing the recipient domain through gmail, which ALSO failed after many days of retrying. Again I am not sure why the scheme failed to work, but it did fail through both Postfix and gmail which are two very legitimate mail servers.
Sorry, this isn't going to work. It won't even help a little bit. As a long-time email administrator and the author of an email server I can tell you, with absolute certainty, that spammers ignore the priority of your MX records. In fact, they exploit multiple MX's much of the time, by sending spam to your secondary server(s) even if the primary one is up. In addition to extra target capacity, they often manage to take advantage of badly configured secondaries that might not have spam filtering that's as good as the primary, and in many cases the primary has its secondaries whitelisted to make sure no mail gets accidentally dropped.
Tired of FB/Google censorship? Visit UNCENSORED!
How comes everyone tries to fight spam by breaking infrastructure? Wikipedia neuters links, email server admins delay mails (graylisting) or even reject connections (unlisting), users turn off Flash and Javascript to avoid ads. IMHO, if we have to break our own toys to keep the spammers from playing with them, we're heading for dull times.
But they're often slow to respond. Hell, I changed a DNS record when I moved servers once and spammers will still going after the other server, with no DNS record pointing to it, for 6 months because they use static caches.
Many people were already using this trick, probably hoping it wouldn't show up as lead story on slashdot.
In some ways, selfish ways, it's like the story of the two hikers who face a bear. The first hiker immediately sits down and starts putting on his running shoes. The other says, "What are you doing? You can't outrun the bear!" The first hiker says, "I don't have to outrun the bear. I just have to outrun you."
Many spammers, faced with a failed attempt at sending mail, do not bother to retry or try other MX. Instead, they just move on to the next target in the list, since trying a new target is just as easy as retrying an old target. No real difference to them. But it means you just push your spam attempts onto other people who haven't elected to bend the standards to divert the spammers.
The "good" spam sending programs run many threads, timeouts don't punish them, their limit is more the bandwidth. Attempts to divert spammers onto others who have not tried the tricks should create an ethical question. Are we just arranging for the bear to eat our friend?
Has it been over a year since you last donated to the Electronic Frontier Foundation
Like it or not, these spammers run extremely profitable businesses. You may not realize it, but they can only continue doing what they're doing because enough people actually do happen to buy the products that they advertise via spam. If people stopped buying items advertised in that way, then the spammers would have no market to sell to, they wouldn't make money, and thus would have virtually no reason to send out spam.
A number of recent studies have shown that most of the major purchasers of goods advertised via spam are from the United States. One particular report offered statistics showing that most spam-advertised goods were bought by people in the Oklahoma, Arkansas, Mississippi, Alabama, Tennessee and Missouri region of the US. Another major area for the purchasers of spam-advertised items was London, England.
If anyone is responsible for spam, it is all the people who actively go forth and continually buy the items that are advertised via email spam.
ISPs must restrict clients to 'n' emails (ie free minutes) per day based on their type of account. If they want to send more they have to pay.
Undetectable Steganography? Yep, there's an app fo
Uh, they can't reply until the article goes live. And they aren't given any information on when it goes live. So he had to sit there and hit refresh and drive up page views just like anyone else would.
Sorry, that wasn't meant to be a rant.
How long before we start putting these people in jail!
Hopefully a very, very, very, very long time. Ideally, never. Jail is perhaps the worst possible place to put spammers.
First of all, what they're doing is not at all harmful to society at large. Using a proper mail filtering system, it's quite easy to remove the vast majority of spam. Furthermore, blacklisting, greylisting and whitelisting techniques can be used to prevent spammers from even connecting to your SMTP servers in the first place, hence vastly reducing the load put on them filtering spam, and also reducing the bandwidth that is consumed. The cost to you can basically be eliminated outright.
Second of all, it's fucking expensive to jail even just one inmate. That's why it's best only to jail those who have committed serious crimes. Maybe you don't realize it, but it's the money you pay in taxes that goes towards locking such people up. Frankly, I'd rather delete a few unwanted mails each day, then knowing that the state will be paying $60,000 or more each year to lock that spammer up. A portion of that money is coming directly from my pocket, and yours. That's not something I approve of. I like my money in my pocket.
Then again, you'd have to catch them in the first place. It's unlikely that you'll be getting your American hands on any Russian, Pakistani, Sudanese or Chinese spammers. It'd be a waste of time and resources for such countries to hand over such petty criminals.
It sounds like a function called MailHurdle that's built into Mirapoint email filters.
It works wonderfully. We've been using for about a year at my organization. It works by initially rejecting all incoming mail from unknown servers. If the server is legit, it will retry the email, and on that retry, MailHurdle will allow the mail through.
It instantly eliminated well over half of our incoming spam. Very clever technique, and it certainly works.
I have an IP that still receives spam even though the MX record was changes seven years ago. That's right. SEVEN YEARS. Every once in a while I monitor port 25 and sure enough after about five minutes a hit, then another and another. There has been no SMTP for seven fricken years and they are still trying. Anyone who thinks spammers abide by MX records and RFCs is smoking crack.
Then make the 2ndary MX the bad one!
There is a way to stop spam. It's simple, too. Stop using direct email - don't give out an email address. Ever.
Next time around, we need to develop a technology so that it isn't open to everyone and their brother, his 4th cousin, and that guy who knows your 4th cousin and the fellow who took out that guy's trash.
Web-based contact forms that require humans aren't a bad idea for now. You know... "Randomly ordered /which kitten has the string from the yarn wrapped around its ear?/" one time, and "/which alligator has one eye closed/" in the next, and so on for many, many examples where each image contains considerable random cruft so that they can't be checksummed or etc and marked by a human for a one-time recognition a machine can use. Until Ai comes, that'll work for incoming message traffic if you do it well. Give 'em a URL where your answer will be posted when they send it, and they can check there for an answer if they're so motivated. A program could manage that without being annoying.
'course, then you need a website. Sigh. yeah, what we need is a whole new technology. Key based.
I've fallen off your lawn, and I can't get up.
No. That's not the only solution. It's not even the best ISP-managed solution. A much better one is to disable port 25 on most internet broadband internet connections, and ALL connections with a dynamic IP. Exceptions to this rule would be granted to anyone who explicitly requests to have port 25 open because they are running a server.
Most spam comes from botnets these days. And the bots are generally running on unpatched compromised home or work machines. Machines that have no business sending traffic on port 25. Just block the bloody stuff.
With Noemail.
What?
Dude... https://gmail.google.com/support/bin/answer.py?ans wer=12096
:(
Also, random information: I have never given out my true address, just aliases, yet today, I received an unsolicited message about ViXXAGra and CiXXalis addressed to my true address! Well, I lie, it isn't really my true address, it's my address on the domain which I give out to websites (I use a different domain entirely for personal messages) -- but all the same, I might have to actually start receiving spam
This article is complete shit. Anyone with half a brain knows how spammers work. And the #1 thing they try to do is send to your BACKUP if you have one.
"Why, oh why would they do such a thing?" you might ask.
Because if they send to your backup, there's a better chance that your backup server isn't setup as well as your main server. ie, you probably don't have a proper spam filtering service on there because you only use it in emergencies. This means their spam gets through your filters because it didn't go through any.
Huh, imagine that.
Oh wait, actually, I suck, I did give it out. Haha. I administrate a phpBB forum. Apparently it shows emails in plain text and the current skin ignores the "Always show my e-mail address: Yes/No" option. Well, that sucks.
Respectfully I have to disagree just a slight bit. While I'd agree on the whole that most spam borders on harrassment rather than free speech, I would say that it is a hard line to draw about the appropriate ratio of 'pull' to 'push' (and I'd argue that all methods of communication, including most forms of what we might call 'legitimate' advertisement, have a mix of both). Which is why I agree more with your assessment, or rather, the way it was presented, than the 'shouting penis in my home' metaphor guy; I mainly object to the metaphor, not the underlying point.
However, I must admit to a certain degree of discomfort with where this leads; I know of no one (but myself) who is capable of judging my tolerance threshold for me, and criminalizing certain types of marketing wholesale is nearly guaranteed to err on the wrong side of the line. I also have real serious problems with enforcement when, with easy anonymous violation conditions such prosecution might be futile; some other discouragement approach might work better from a pragmatic sense. Some poster the other day in a different article suggested better user education, and while I scoffed at the time, maybe he/she was onto something.
While this may make me something of an 'e-mail prick' or somesuch, I tend to think that in a context like e-mail or snail mail where the sender has only the subject line or some equivalent short bit of data to explain to me why I should open it, a descriptive e-mail heading meaningful to me is the only thing that's gonna get me to open the damn mail. 're: your mail' and somesuch should be ignored just as readily as 're: penis PILLS'; there is an etiquette that develops in all communicative mediums over time to circumvent just these sorts of problems, and these types of positive flags (e.g. well-formed, descriptive, meaningful headers by legitimate email users) would help in ways that even the best spam filter and its list of negative flags would not. And of course, both approaches meet in the middle; a spam filter brings down the haystack to a human-heuristic filterable level, and then the human searches for and opens in this haystack only e-mails very likely to contain a needle, indicated by well-formed 'e-mail courteous' subject lines. A spammer in this case would have to be damn clever with his subject header generators (damn things would nearly have to pass a Turing Test) to defeat this two-pronged approach. Education and evolving standards of etiquette vis a vis legitimate use of e-mail might help reduce spam not by criminalizing it but simply by making it less effective at making money.
All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)
It's not even a temporary solution.
By their own stats only 47% of the spam tries just the primary MX of an unresponding 2-MX system, while 36% tries only the secondary and 17% tries both. So even before the spammers work around it they'd stop less than half the spam.
It looks like there might be a few spambots out there that only try the primary, but that about 3/4ths of those that only try one on each attempt make a random choice. Having only the secondary down rejects 36% rather than 47% of the spam, so the approach seems to have little to recommend it.
(You might stop something like 83% by implementing a stateful double-knock system - but again only until the spammers deploy a followon version of their bots rehacked to try all the MXes until they get through rather than just randomly pick one and poke it.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I was reading the article, and suddenly port knocking came to mind. It wouldn't be a far stretch to modify an SMTP server to only reject connections on the lower priority IP address if the source had not tried to first connect to the higher priority IP address.
Instead of blocking the connection to the primary at a firewall or using an "unused" IP address, the primary SMTP server could give a greeting banner and then immediately return a "temporarily unavailable" status code (and cache who was connecting there).
In other words, an RFC compliant MTA should be connecting to the higher priority host as defined by DNS first, then fail over to the lower priorty host, in order. If an MTA tried to connect directly to the secondary MX first it could be rejected with a temporary failure status code which a spammer is likely to ignore. It would require the SMTP receiver to keep a cache of who had connected to what IP addresses within a certain time period which would eat up some memory depending on traffic load. We already cache reverse DNS lookups and RBL lookups, so it could probably be done.
With this setup you would have two MX records for your primary mail server that your SMTP server would be active and listen on. It would just track the order of connections to ensure that the remote MTA was following the rules before it allowed the source to get past the greeting banner.
in a presentation from Randal L. Schwartz (yes, the perl guy). Well, really isn't the same, it's just the oppossite, make secondary MX unavalaible(temporary error), and trap non-compliant hosts who should have checked primary first (spammers do it because secondary MX usually have lesser defences). It's funny to see how such different aproaches reduce spam. Check out his presentation You had me at HELO
I have a solution that would benefit everyone and will most probably work:
1. We all buy penis enlargement remedies advertised by spam.
2. We all enlarge our penises to some manageable size, I say 15-20 inches.
3. Spammers have no marked to sell their wares.
4. Spam stops for good.
5. Profit.
I for one welcome our soon-to-be-RFC-compliant spammer overlords. I mean, we want standards compliance, right? Right??
This post expresses my opinion, not that of my employer. And yes, IAAL.
I have read some truly terrible ideas on this website. (Usually followed by a chorus of inexperienced idiots blindly saying how great they are, while all the skilled and experienced people rolled their eyes.)
This is one of the worst ideas I have ever read. Intentionally introducing a large and unpredictable delay into the receipt of all e-mail.
What's next, a recommendation to cut down on telemarketing by setting your PBX to automatically disconnect 50% of all incoming calls?
I put dibbs on tripleverify. IT'S MINE! By the mere mention of it, any attempt to patent it is stymied.
qmail doesn't try secondary MXs, so this method is likely to only cause pain.
I use different technique to control spam. I'm using it for the last two years and I'm able to classify 40% of the mails which I receive as spams with 98% accuracy!! Here is the link
s imple-spam-fighter/
http://transcendental.wordpress.com/2006/08/05/a-
I basically prioritize my mails instead of classifying them as spams. Very low priority are generally spams, which can be deleted very quickly. It should work for 90% of the mail users on web.
Spam: Any activity on internet to gain popularity without paying to advertising companies like Google.
what about a setup like this for mx:
5 foo-blackhole.domain.com
10 legit-mailserver.domain.com
15 bar-blackhole.domain.com
to stop the spammers that also start at the lowest priority ?
I can easily implement this to test its effectiveness, but does this have any negative repercussions?
Hell, if you just want 98% accuracy, label everything as spam. Added bonus: no false negatives.
Just shoot the muthafuckas!!! And hang them afterwards!!
Thank you all for working so hard to solve spamming problems. I am the most minor of minor bush league players, and I understand that I don't understand what you all are coping with.
I have about 15 working email addresses, I think. Eight are forwarded into one earthlink account, one is a hopelessly spam-ridden University account, and I have several gmail accounts for various purposes. In addition, I have a bunch of websites that have one fake human-sounding account each.
These last are no problem, so far.
As I read through the discussion, it occurred to me that I have one very active email account that is perfectly spam free. My low-tech solution? The mail in the account goes first to an earthlink account, which filters for spam, and is forwarded from that account to a gmail account, which has even better spam filters.
Now I realize that you have been talking about solutions from the IT staff perspective. My simple solution (which someone else has mentioned, in part, when s/he suggested just use gmail) to IT responsibility: advise people to use gmail, or to use Earthlink plus gmail.
Actually, the Specific University IT problem with spam and/or webmail is bad enough that they are in discussions with two web mail providers to pay the chosen one a fee (more or less per capita) for handling email for faculty, staff, and students. I gather the "handled" email would remain on Specific University servers, rather than servers served by gmail or similar web mail providers.
It works practically. Try using it.
Spam: Any activity on internet to gain popularity without paying to advertising companies like Google.
Rather than debate, at great length with nothing solved or really accomplished but sarcasm and smugness - I think I would much rather test this on a control and monitor it for a few weeks and just see how it goes. Technically it's an easy enough modification to make and if need be remove even accross large numbers of sites (in many cases).
I like do be a jerk, be sarcastic and sometimes even play the devils advocate playing "debate and debunk" as much as any self serving geek but when it comes to spam I'd rather respond and test. I may just create a forum for success/failure reports on my site in case anyone cares to try this method and share results.
It has gotten to the point where a good majority of many peoples customers are willing to try almost anything... Why not give them the option to try it out?
Spam Thwart: Anti-Spam Collective
Tripleverify Doubleplusgood!
I was going to say, there's no way for anyone to resolve an alias to a destination mailbox without admin on a box - that's pure paranoia! haha
Spam Thwart: Anti-Spam Collective
Let me see if I understand. You delete your email address when it starts getting spam. And you think you've come up with the ultimate solution. Ok then. It's a good thing you copyrighted that.
That'd work, if most servers didn't parse email. Try signing up anywhere with an address that is more than letters, numbers, '@' and '.'
... it is recommended to hide your money under the carpet and your second house key above the door frame - studies show that burglars rarely look there. Up to now.
| Don't have numbers to back it up, but most things I read say that the Secondary MX is *more* likely to be targeted by spammers on the belief that fewer filters will be in place to prevent spam.
The argument in your favor that says secondary MX's mostly queue and forward, and have fewer "hard", 5xx, rejects. For example, if only the primary MTA was running something like Spamassassin set to reject at certain threshold.
Still, TFA's point is good, and may help quite a bit.
The numbers in the article show something different: 50% of the spammers directly and only connect to the secondary MX. From what I observed. most dont even bother trying the primary MX because there usually the best Anti-Spam measurements are installed. :-)
After all, the secondary MX is only for emergency...
My suggestion: Have none of the MX listen to port 25. Instant reduction do no spam any more. Okay, no legitimate e-mail either, but they're such a small percentage, anyway
I own a number of domains, and get the usual 'joe-job' backlash mail bounces when emails claim to have come from non-existent addresses on my domains. stuff like 'dave AT positech.co....
Anyway, I know what addresses are used to *send* (as opposed to receive) email from my domains, as it's always me doing it. Is there a way to specify somewhere that "these are the only legit SENDING addresses at this domain? That way, any email that ever bounces around from the imaginary dave@ address will just get zapped before it leaves the fence. It's vital that I'm still able to receives ALL email for the domain, because people sometimes guess addresses, and I've given out so many over the years before I realised I should have kept closer track on them.
I'm pretty sure you can do this but don't know how. I'm a simple windows end-user, who has his domains registered at freeparking.co.uk, and forwards email from there to various places. I'm not personally running the mail server or anything clever.
Help a n00b do his bit. It's something to do with MX records and SPF isn't it?
DRM-free indie games for the PC and Mac: Positech Games
Offtopic, but from my experience, the worst PHBs I've met were former brilliant nerds, one was even a Ph.D., who got hit with the Peter's Principle stick. They got promoted (or promoted themselves by starting their own company) to a management position that they thoroughly didn't understand, didn't like, and didn't have the social skills for.
At least two (one I've actually worked for, one I've had to do business with and heard stories from one ex-employee) ended up the worst kind of control freaks, as a result of not being able to realistically plan, control or set their expectations, and unable to motivate anyone. So they backed out into the only way out they could see, personally annoying everyone to make them work to those unrealistic plans and expectations.
For example, we all can remember some unrealistic "bah, I can do that in a day" we've said, which in practice turned out to be a week. Sometimes it was a superficial underestimation of the specification, sometimes wrongly omitting the interruptions and time to debug, etc. It happens. And we're all very quick to find excuses for ourselves afterwards. Both these guys ended up taking such guesses and holding others responsible to always finish within those unrealistic schedules, and with unrealistic optimization expectations at that.
And, oh, when I've mentioned that someone once told me, "wth do you need free Sundays for? You'd sit in front of a computer anyway." It was one of these guys, not an MBA. Damn glad I don't work for him any more. The other was known to pull such faux pas as calling one Russian employee to his office to translate an email in Russian another employee had sent to his wife from work. It just said he's going to be late for dinner because he's got to finish something. Both employees quit after that incident.
A third ended up, well, basically doing his best not to manage. He was the perfect yesman in _both_ directions, and just avoided taking any decisions, or attracting any attention from either superiors or subordinates. It sounds like fun to work for him, but unmanaged chaos is hardly actually that much fun in practice. A dose of laissez faire is good, complete chaos isn't. We ended up pretty much electing a team member to coordinate the project inofficially instead.
Thing is, none of the three was happy either. They had moved from doing a nerd's work that they loved, to doing a manager's work that they didn't like and didn't have much achievements either.
So basically, well, while we all like to think that one guy who's been on the receiving end of it would surely know better than to repeat the same mistakes he's been a victim of, that's hardly guaranteed. I'm glad that it worked for you, but for other people it doesn't.
A polar bear is a cartesian bear after a coordinate transform.
Can I get blacklisted for this?
No, you simply have a broken primary MX.
Actually, you can get blacklisted for this. Or for any reason a blacklister chooses. They most likely aren't going to but they might.
If both your primary and your backup MXes are non-functional, you won't get ANY spam! Problem solved!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I run a fairly low-key server, which I only use for my family, so I am not sure how relevant my data is.
I remember at one point last year checking on the usage my backup MX gets and was surprised to see a lot of mail coming through it. Surprised because my primary server is (almost) always available. Upon a closer inspection I was astounded by what I found: all the email that came through the backup MX was spam for the past year was spam. No exceptions!
Certainly, mine is an extreme case, but I think the trend is very clear.
I use qconfirm myself but there's also tmda and others.
*If* you are serious about getting rid of the spam then just do it. The technical part is readily available.
I deployed that almost a year ago and never looked back. I still see the occassional spam in a
mailing list folder because those go through unfiltered for obvious reasons but I couldn't care less.
My inbox has been spam-free since then and that's what matters.
I don't quite get why people are still bothering with greylisting, spamassassin, razor, dcc, bayes and
the ilk. I tried them all and they're more trouble than it's worth. You get false positives, false negatives,
it's a stupid game that you can't win.
What abuot an idea that every smtp server should have some second level domain, and requirement that forward and reverse dns of it matches? This is very easy to implement and would easily stop all the botnets, because buying a domain for every bot pc is way to expensive.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
It's utter waste of time doing crap like this, spammers obviously pay more attention to the subject matter, and if other than spammers would magically start using something as silly as this, it would immediately stop working. There are countless of similar nonsense methods of wasting time and
breaking poorly behaving MUA's and MTA's.
From my point of view problem of spam would be rather trivial fixed with more political approach, say we'd have *.mail tld, which perhaps *.cc.mail
delegated to local communication regulatory authorities. Common rules and requirements would be established that you'd need to meet and maintain
to be qualified for *.cc.mail, such rules and requirements would mandate level of responsiveness, how consumer/residential mail would be handled
(should all email be forced to provider server? should provider limit number of unique receivers per second per sender? etc etc and limit
of acceptable amount of leaked spam as function of your user base (some spam have to be accepted, the more users you have, the more spam
from you have to be acceptable). Now if you couldn't comply with the rules, your *.cc.mail would simply be removed.
Then MTA admins could simply not accept email from other than *.cc.mail domains or give them extremely low score. Everyone who'd be serious
about email, would no doubt make the effort to qualify for *.cc.mail and to stay qualified.
Much of our SPAM comes from our secondary MX handler. In fact, for a two week period I monitored all of the mail that came from ther secondary MX (our volume isn't huge) and discovered that every single message was SPAM. If our server had gone down, this likely would not be true, but under normal operation we don't receive anything from the other MX that is NOT SPAM. I've always suspected that SPAM sites send directly to the second (or subsequent) MX directly in order to avoid some of the black lists and whatnot, since everyone accepts mail from their other mail exchangers. To me, this solution sounds like it would do more to slow the delivery of email (potentially creating more copies for "them" to look at) than it would to do anything to block SPAM.
I still think that MS should send a patch out Windows Update, which throws up a warning message up when a machine starts hammering a bunch of stuff out to port 25's.
"Software running on your machine is spamming half the fucking internet. Are you deliberately doing this, or are you confused why this window just popped up? Please click one of the following: [Yes, I'm sending this picture to everyone i know! SO CUET! ITZ A LAUGHING KITTAH! ROFL!] [What the fuck?]"
Of course, 10 seconds later the spamware authors will have figured a way to click the [OMG DOGGEH!] button automatically... or more likely, they've got Windows Update disabled.
Sure, some people will still do it anyway. However if we hang them, they won't do it again. I bet they have wasted more than a year of my life dealing with their BS. I'm also sure they couldn't care less about what other people go through because of them. I think we should change that. Every nation should cooperate, no place to hide.
This will work for about 3 weeks to a month after this article was published and then be completely useless. Plus it delays real mail.
Having had to recently retire my old e-mail server and migrate to a new one (because the old one had been compromised and was relaying), I'd been wondering if another tarpit-like idea would work.
My idea was a FAKE open relay. The box would accept SMTP connections, accept the spam, acknowledge receipt, and then pitch it.
I'd SUSPECT (but I don't know), that anybody who's SMTP-ing to my server with mail that isn't addressed to me is a spammer. They could merrily spam away, thinking that I was relaying their spam for them.
Drawbacks I see with the plan:
1) I could see my server getting blacklisted, because it LOOKS like an open relay.
2) The spammers ARE tieing up my bandwidth
But still, I wonder if it would help.
Do without email for a week by having all the routers bouncing back to the previous node the email just sent.
If the internet turns off all email routing for a week, this will hit businesses twice:
once because they are legitimate email users and can't send email, damaging their business
once because they are ligitimately scum and can't sell Viagra pills, damaging their business
The legitimate ones who accidentaly use spam services will know that if they don't stop such practices will have to encounter this problem again.
With the next node bouncing back mail traffic will ensure that the internet isn't clogged with mail any more, though if you share a node with a spammer, you may find that the node is saturated. If a home computer is a spam zombie, they will be maxed out on their connection for a week and the problem can be laid at the users' feet: you're not looking after your system. It will also cause many people to run over their bandwidth limit and the ISP can charge them. 'course the ISP could just let them know that their computer is hosed and that they can avoid such charges in future by fixing their computer.
I can't believe someone that claims to have anti-spam knowledge is suggesting this when in fact the opposite is true. Spammers frequently forgo opening an SMTP connection to the MX with the highest priority (lowest numeric value) and instead opt for the ones with the lowest priority. They do this hoping that the secondary MX doesn't have the same spam-fighting abilities as the primary MX. They're hoping that it's a simple backup or that it only queues for the recipient domain in question and doesn't validate recipient userids. The spammers hope that the primary MX will accept all mail blindly from the secondary, as is usually the case. This has been a long-standing theory that hasn't ever been disproven. This jives with what I've always seen on all my MXs.
Spam is a result of poorly configured networks. That's it.
[%] Cingular Ringtones
This is happening to me right now and it's a royal pain in the ass. I have several domains and one of them is currently getting used as a spoofed from: address in pump & dump stock scams. The from address is a five random letters @example.com. This is resulting in 30-40 bounce messages per day to my inbox. I haven't received any complaints yet from people who do not know about spoofing which surprises me to be honest.
I'm considering a using regex in procmail to catch these five letter names, but I have a number of legitimate five letter names on there and I don't have a list of them due to wildcarding and such like.
well, now that those instructions are posted, surely it'll just be a day or a week until spammers work around that. So, nice idea, not much of a future, I don't think...
No, sorry, spammers are lazy.
Even if the only thing you do is proper greylisting, for example with Postfix + policyd, the amount of spam, you receive, will decrease over 90%
Nolisting is an excellent thing to do, if you have the IP address which can send the resets.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I've been doing this for some time at Junk Email Filter do com and have over 1000 domains and it actually does work. It's even better if you put a dummy MX on the high end as spammers sometimes try the highest MX first.
My MX looks like this:
dummy0.junkemailfilter.com - 10
mx.junkemailfilter.com - 20
mx.junkemailfilter.net - 30
mx.junkemailfilter.org - 40
dummy1.junkemailfilter.com - 50
http://www.junkemailfilter.com/
...and encourage readers to RTFA, where I've addressed many of the issues brought up in these comments. I also encourage people to try the technique, if they are in the position to do so (admins only, this is not a solution for endusers), and evaluate it for themselves. Or not. It's true that most new antispam solutions are dreamed up by crackpots. I might be a crackpot. If this possibility concerns you, don't be an early adopter. Wait and see.
It's true, in my experience, that Nolisting stops some spam with no false positives (in my experience). And that's a Good Thing. But it doesn't stop significantly more spam than a combination of other techniques, which I also implement. Some of those techniques use a lot of resources, such as content filters (often powered by perl) and virus scanners. Nolisting provides a way to free up some of those resources, possibly resulting in better performance and even hardware savings. These savings can be significant at large sites that currently scan each and every message that arrives.
Nolisting can be bypassed. I don't make any wild claims. Spammers can get past it easily by going directly to the secondary MX. Guess what? They already do that, and have been doing that well before greylisting was introduced. Nolisting significantly reduces the percentage of spam my MX processes, thereby freeing up resources. It's just one part of a layered solution.
I've limited secondary MX access by extending Nolisting into Unlisting (Port Knocking for SMTP): http://www.joreybump.com/code/howto/unlisting.html . It's wildly effective, except for one serious problem: A retry might originate from a different IP. This appears to be legal, and seems to be the result of load balancing strategies adopted by some important sites. For that reason I don't recommend it. It will randomly block messages from gmail, for example. You can't reasonably predict the IP a multihomed host will use for a retry, so be very skeptical of any approach that claims to have solved this problem.
Unwanted email is annoying. When it carries a payload, it is potentially dangerous. But I don't really view this as a security issue. I don't buy the argument that Nolisting is security by obscurity, and therefore bad. It's a form of access control, a gatekeeper, a prophylactic. It's an apple a day, not a cure for cancer. It's not addicting, fattening, or life-threatening. Try it, if you're looking for ways to improve the health of your mail system. Discontinue use immediately at the first sign of complications. Side effects include more sleep and time spent with your kids.
Nolisting rarely introduces delays. As I point out in the article, most relays retry immediately. Any relay that cannot get beyond Nolisting is seriously, seriously noncompliant. While I don't suggest Nolisting as a complete replacement for Greylisting, it is a viable alternative for sites that experience problems with Greylisting and find the delays it introduces to be unacceptable. As the name implies, Nolisting is meant to used without dependence on whitelists. Wider adoption and testing will determine if this ideal has been realized.
Like Greylisting, Nolisting breaks infrastructure to some degree. Many admins find this distasteful. I know I do. If Nolisting becomes widely adopted, logs will become fatter with "Connection refused" errors when the primary MX doesn't respond. I'm sorry for that. But our logs are already fat with 45x errors from Greylisting, RBL disconnections, SpamAssassin scores, etc. Nolisting might even help to make logs smaller, if you currently see a lot of these messages. Time will tell. Keep an open mind, and remember that we often make concessions to improve a system's overall health. Just reducing the possibility of another zombie being created on the Internet creates benefits for everyone.
Try it before you draw a c
Yup, that's a sure-fire method. It'll stop spammer's in their tracks. Spammers are such a dull, plodding, unimaginative lot that they'll never think of trying secondary MX records. Good shooting there Hoss!
there is no complete soloution to the problem of spam that doesn't bring much bigger problems (the only one i can think of is a centralised system with a group who bans spammers and tight control of new registrations)
but that doesn't make systems that reduce the ammount of spam i have to check manually useless to me.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Well, personally I don't need to be contacted by people I don't know as I don't run a business or website or anything, so since the first day I recieved a spam-mail I just use a simple whitelist allowing only friends/family and my ISP.
/. to stop spam from Anonymous Cowards like me: A webform with a verification image.
But if I needed to be contacted anonymously I think I would just use the same stuff that is used by
If I answer a mail received from the form, the sender's address will be automatically added to my whitelist.
No, it's not a final solution, but I think it's pretty easy to keep up with it (changing the style of the image used etc.), or do I oversee something here?
>advertising generally is free speech.
What's that got to do with spam?
Advertising in general pays its own way. Advertising in general doesn't conceal its origin. Advertising in general doesn't manipulate penny stocks. Advertising in general doesn't direct people to enter valuable passwords into crooked web sites.
The other argument is that spam can be handled adequately by manual deletion after it reaches the end user. Most of us found that to be inadequate many years ago, so we're suppressing display of our email addresses in our Slashdot preferences or obfuscating it. It's interesting that the parent chose not to display an email address.
... in the end it matters not. They both leave a bad taste in your mouth!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
For now I'll stick with SPF and old fashioned spamassassin (milter).
And whats with the anti SPF sentiment? Its not like we've got a lot of more effective alternatives on the market and the only real argument I read is the rejection of real email, when softfail pretty much takes care of that (then leaving it to spamassassin to decide if the mail is legit).
We send an receive a good deal of email and I certainly wish SPF was more common. I'm tired of forged bounces and the *slew* of undeliverable responses 'dumb' servers return to our system every day.
Yet instead of taking any real action we bicker while spammers laugh all the way to the bank. Their is no magic bullet, but from my POV SPF is the closest thing yet (unless my DNS gets hi-jacked, but then I'm fucked anyway).
Quack, quack.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
A possible problem, as I see it, is that properly configured clients will have to "retry". Doesn't this add to the processing required by non-spamming users? Or is it insignificant?
Thanks.
If you read the article, the technique prevents this approach as well.
Only mail that FIRST tries the primary, fails, and THEN tries the secondary gets through.
Period.
Yes, I'm yelling because you clearly aren't paying attention!
My experience is the same. My primary MX gets all my legitimate messages, and a lot of spam.
My secondary MX only gets a lot of spam.
Instead of rejecting connections to the third MX record, you could teergrube them, so the spammer's machine ends up dogged out on tiny TCP windows talking to a mail server that's going very slowly and will eventually reject their message. If you want to get fancy, you could also have it feed blacklists, or at least adjust greylist timers, but just being passive-aggressive toward spammers is a good start.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Of course, you can always whitelist mail servers you deal with often, so their mail doesn't get stuck waiting for 5 or 30 or 60 minutes.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I don't see the benefit from this vs. greylisting - either way, you're interrupting the SMTP transmission process before accepting the message, but with double-verify you're doing more CPU work and handling the message-body traffic the first time (when it might be spam)? Part of greylisting's appeal is that you don't need to do much work or accept much traffic on the first attempt, so you can reduce the load on your system and only have to filter spam from the semi-competent spammers.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It'll also cut down on "don't-bouncegram-me" complaints from people whose addresses are being forged by spammers, because it'll reject a lot of that mail before your bouncegram system gets to it.
You may also want to consider checking SPF before bouncegramming unknown senders - lots of people don't use it, and lots of spammers do, but it gives people who are having joe-job impersonation problems a way to keep you from adding to their trouble with your autoresponder, and those are one of the most common sets of SPF users.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But there are other types of spammers it also kills off - one popular attack by the clever set is to hijack unused IP address space (typically by using ISPs that don't follow best practices on BGP filtering), blast away spamming for a few minutes, then drop the old address and switch to a new one, leaving the old address in various anti-spam blacklists and impossible to traceroute to. The fact that greylisting wants you to retransmit from the _same_ mail server IP address means that this attack won't work, and the only way for this kind of spam to work is to keep the stolen address space around for long enough to be traceable.
But as other people have said, greylisting also works because it makes the spammer call back later, after there's been time for the spammer's IP address to hit real-time blocklists. You can even implement this one yourself, without having to trust other RBL providers, by keeping some spam-bait email addresses around that never get legitimate email, either on the same domain you're protecting by the greylist or on a separate server (less effective, but less complex to implement safely.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Dude, at least get the joke right :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
False positives are more annoying in a corporate environment, but usually if a mailserver is at least halfway competently misconfigured then the user will get to see your well-written message saying "Sorry if my spam-blocker confused your mail server, call my postmaster at 1-415-555-1212 or www.example.com/postmaster" and you can whitelist them when they call to complain. (Because yes, it's realistically much more likely that you'll want to whitelist a potential customer than bother getting them to fix their email server.) And you're going to want to whitelist frequent contacts anyway, just to avoid slowing down their mail.
False negatives are ok. If greylisting only cuts your spam load by 50% instead of 90% or 99%, it's still cutting the CPU load on your better spam filters in half, and letting you be more careful about filtering the real email out of the flood of better-implemented spam.
Also, you can get fancy about greylisting selectively if you want - take all those hyper-aggressive take-no-prisoners admit-no-mistakes RBLs, and the Linux-user-hating dynamic-address DUL blocklists, and greylist that stuff even if you're not going to greylist the rest of the internet. You'll be blocking most of Zombieland, and very little corporate email that way, and it'll still cut your spam load. If you know there are countries where you don't do business, e.g. Korea, China, and Nigeria, you can put them on your greylist targets as well.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You're already going to have some constant DNS load from spammers who aren't using their own ISP's DNS server; this won't increase it much, because you're still using static configs. Most ISPs have caching DNS servers, and most zombies and other virus-driven spammers are going to be using their ISP's DNS servers, not targeting any special ones.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I find the same situation with my backup MX. The spammer's thinking is that a backup MX isn't going to have the same level of spam/virus protection as the primary, so better to try for the secondary.
I dropped my secondary MX. My mailserver is rarely down for more than a few hours, so why bother with secondary MX?
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Brian Keefer came up with an idea for an MX Honeypot which takes note of mails blocked by nolisting a lowest-priority MX server in his email MX Honeypot theory . I had linked this writeup on the WikiPedia:Nolisting article (stub), but an anonymous user removed it on the premise that it would confuse users.
Use my userscript to add story images to Slashdot. There's no going back.