<<< Chronological Author Index    Subject Index <<< Threads

[anti-spam-wg@localhost] Re: distributed spam attack question (fwd)

  • From: Paul Wouters < >
  • Date: Wed, 11 Dec 2002 01:23:53 +0100 (MET)

I had asked earlier about the distributed spam attacks we were seeing.
I also asked Steve Linford of the Spamhaus Project, and he has a very
interesting answer:

> They're attacking the backup MXs because usually the backup MX 
> accepts mail for <anyuser>@domain so they can feed it 1000's of 
> random usernames in one long string and it won't bounce them straight 
> away (then when it does bounce the 99.9% of them it can't deliver, 
> the bounce goes nowhere).
> 
> The programs doing these attacks look for the highest MX, so you can 
> trick them by adding an even higher MX to the DNS, which simply 
> points to the main MX again:
> 
> domain.net.	1800	IN	MX	10  smtp.xtdnet.nl.
> domain.net.	1800	IN	MX	20  fallback.xtdnet.nl.
> domain.net.	1800	IN	MX	80  smtp.xtdnetnl.

So even though I'll be cuttin' me own throat, I'll share the information
Steve gave me :)

Paul 



  • Post To The List:
<<< Chronological Author    Subject <<< Threads