Do I really need an MX record? (for e-mail to work)
Peter Dambier
peter at peter-dambier.de
Fri Dec 23 21:27:36 UTC 2005
Kurt Boyack wrote:
> On 23 Dec 2005 09:58:26 -0800, sm5w2 at hotmail.com <sm5w2 at hotmail.com> wrote:
>
>>Kurt Boyack wrote:
>>
>>
>>>I've put up many mail servers, and the spammers usually find them long
>>>before they have MX records
>>>They scan IP addresses and look for hosts listening on port
>>>25, then they start sending spam and trying to relay.
>>
>>I don't believe that most spam is sent the way you describe.
>
>
> I did not say that most spam was sent that way, but I know for a fact
> that some of it is.
>
>
>>I believe that spammers have lists of e-mail (millions of addresses)
>>some verified, many probably aren't (but probably were once valid
>>addresses). These lists just keep getting bigger, addresses harvested
>>from various web sources, etc.
>>
>>It would be insane to scan an IP block for a responding NNTP server,
>>and then try to fire off spam to that server without even knowing what
>>domain that server was handling, let alone getting the user names
>>right. The server would be rejecting the attempts left and right.
>
>
> There are people out there scanning IP addresses all day long. They
> are constantly looking for computers to hack and mail servers to relay
> off of.
>
>
>>>It sounds like the reason you are getting less spam is not due to your
>>>MX going away, but due to your IP address changing. It is only a matter
>>>of time before your mail server is found by spammers.
That is different things:
Phase 1: Finding and infecting computers to make zombies. This is done
by scanning ip addresses.
Phase 2: Finding mail relais that sometimes turn out to be mailers
and send them the spam to gathered and guessed addresses. If you happen
to have hit the mailer of an ISP then most of your usernames will hit.
If 1% of your address hit then you are a good zombie.
>>
>>I believe that most spam is sent by home computers (zombies) infected
>>by back-door trojan services that allow spammers to up-load lists of
>>e-mail addresses and e-mail payloads to those machines which then begin
>>a spam campaign or spam run.
Looking through the spam I received you are right.
>
>
> How do you think they found these computers? Through MX records?
>
Very likely, yes.
>
>>The way I see it, zombies either send e-mail through the out-going SMTP
>>server belonging to the ISP to which the zombie has access to, or the
>>zombie sends it directly to the recipient's server (direct-to-mx). If
>>it is direct-to-mx, then either (a) the zombie must perform the mx
>>lookups itself (which may be blocked by the ISP), or (b) the recipient
>>list that is uploaded by the spammer includes the mx lookup information
>>already (in which case it might be old information that is rarely
>>updated - which is a good thing in my case).
They find both me and my ISP. I am on a dynamic ip that normally does
change once a day but may be found via 3 MX records for 3 different
hosts.
Some viruses are known using DNS. Why should not a zombie? It results
in less work for the spammer.
>
> So you are saying that they cannot send you spam because you do not
> have an MX record? I thought you said that you were able to get email
> without an MX record?
>
I have seen the same kind of wordbooks on my mailer that I see on SSH
port 22. Since I moved SSH to a different port the wordbook have gone.
Since I have an MC records I see the wordbooks on my reject list.
I guess the zombie finds some mailers and sends them all the garbadge
they take for email addresses and appends his message.
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the bind-users
mailing list