Subject: Re: Heads up - SPAM attacks
To: None < ([This is my bacque pas,>
From: John F. Woods <>
List: current-users
Date: 02/27/1998 07:27:57
> Apparently there is a new spam mailer out there that attacks by hitting
> your lowest precedence (highest numbered) MX host first.  Since this
> machine is usually off site as part of a robust contingency plan for
> mail delivery, it is nearly impossible to filter using sendmail, or
> so I am told.

Hmm.  I guess that explains why I see so many MX-forwarded spam messages even
when my modem line has been up and solid for a couple of days.  This trick
probably isn't new, though there may be a brand new mailer using it; I've been
seeing forwarded mail like this for quite some time.

> Since the low-precedence MX hosts are not usually under the control of
> the site's postmaster, it's difficult to set up blocking.

Indeed, for the couple of sites I do MX forwarding for, I deliberately do
less aggressive blocking than I do for local mail, since I don't want to
accidently discard someone else's mail.  (And, alas, my MX backup does scarcely
any filtering at all -- meaning they get to handle my reject messages...)

> I thought of a fix, but it can have potentially far reaching results.
> I was thinking that perhaps we should all set our lowest-priority MX
> records to or an unqualified "localhost".  THAT would
> give the spammers something to choke on. :-)

Possibly a better approach would be to add a low-priority MX record of your
normal mail host (i.e. the 0 priority one).  Of course, that's not too hard
to outwit; perhaps a simply bogus host would be better (in hopes that this
spam mailer won't try any other hosts), since that makes the spammer waste
his own time and resources and doesn't make the fall-back-to-last-place case
(for genuine mail) any worse than it already is...