I read a tip just recently that advocated the use of fake MX records as a spam deterrent.  The solution was apparently devised after struggling with the server load that was being generated by spam emails.

As we all know, spam makes up as much as 90% of global email traffic, so it is not unusual for spam load to be a serious issue for email server performance.  The natural instinct is to prevent that load from being applied to the server in the first place.  Fake MX records are not the best way to do this.

MX records are the DNS records that tell email servers where to send email that is addressed to a particular domain.  For example, if I send an email to john@company.com my email server will look up the MX record for company.com, determine the associated IP address, and transmit the message over SMTP to that IP address.

To maintain redundancy most organizations will use multiple MX records that point to multiple email servers, so that if one is unavailable the others can still receive incoming email.  MX records are given a priority, an arbitrary number that is only relative to the priority of other MX records for that domain.  The lower the number, the higher the priority.

So for the same example as above, my email server looks up the MX record for company.com and gets the following response.

company.com MX preference = 10, mail exchanger =
 maila.company.com

company.com MX preference = 20, mail exchanger =
 mailb.company.com

It knows then to send to maila.company.com first, and then try mailb.company.com if the first try is not successful.

The idea of fake MX records is to create multiple MX records (usually at least 3) of varying priority, and have the highest and lowest priority MX records be pointing to non-existent servers.  The theory is that spammer’s botnets will only try to send to the highest or lowest priority MX, and then when they get no response will give up and move on to the next victim.  Some email administrators use as many as 10 MX records with only one real one among them.

The theory has some merit.  Spammers want to send out as much email as possible so usually won’t waste time and resources by having their bots try multiple MX records for a targeted domain.  However the technique impacts legitimate senders as well. Continue reading Fake MX Records More Harm Than Good

Is your business drowning in spam? Do you want an efficient and free way to stop spam from entering your inbox? ExchangeServerPro.com and GFI Software have teamed up to achieve a Spam Free 2010 by giving away two license packs of GFI MailEssentials™.

Two people have the chance of winning either the first prize which is a 50 user license pack or the runner up prize – a 25 user license pack.

For details on how to enter the competition check out Paul’s blog post. The deadline for the contest is 31 January 2010, Australian EST.

Despite the generally excellent performance of most modern, well-tuned anti-spam engines, some spam is going to get through. We may be lulled into a false sense of superiority when for a period of time our anti-spam tools and techniques have borne fruit, and we see that we have more-than-just-excellent results; we have no spam in our inboxes for an entire day, week, whatever. Then, it returns. We’ve all seen it happen. Some strangely formatted message that you or I can surely tell is garbage, a bizarre attempt to sneak through your heuristics that has surprisingly succeeded.

Lately it has been some rather clever nonsense. I’ve been getting these spam emails with a particularly peculiar twist. Many of them have what appear to be at first glance meaningful, but “non-spam” sentences. On closer look, the sentences are strange, and not quite sensible. For some reason they consistently were getting through the spam filtering. What was strangest to me was the lack of any marketing content or attempt to sell whatsoever. They did have a link in the message, and the link was not ever to the same web destination or even clearly directed to an obvious undesirable site. This may have been one of the reasons this set of spam got by; to the filters, it looked really no different than a sentence or two sent by a friend describing some link they thought I would be interested in.

Continue reading The Latest Spam Getting Through Your Filtering – and What to Do About It

The National Cyber Security Alliance (NCSA) has announced their annual campaign for cyber-security awareness.

Awareness, more than anything, is the most important weapon in securing your enterprises and ensuring that malware doesn’t sneak in through your email servers. Awareness? Doesn’t everybody know about the dangers lurking in cyberspace by now? What we folks in the IT business take for granted is often unknown or ignored by ordinary users. When we get emails from a deposed general of a third world country, asking for assistance in moving $40 million into the US, and offering a percentage for the service, our immediate reaction is to simply delete the email. It’s a painfully obvious scam to most of us and we pay it no attention. But yet, they keep coming in every day. Why do people keep sending out these pathetic attempts to get our bank account numbers? Simple. Because not everybody is aware that it is a scam.

Continue reading Confusion over cyber-security