Loading ...
Sorry, an error occurred while loading the content.

229247Re: Possible MX Lookup/Ordering Issue

Expand Messages
  • gordan@bobich.net
    Nov 1, 2007
    • 0 Attachment
      On Thu, 1 Nov 2007, mouss wrote:

      > gordan@... wrote:
      >> On Thu, 1 Nov 2007, mouss wrote:
      >>> this does not prove that using 10 records significantly reduces the spam
      >>> received on the real MXes. This only shows the dsitribution of spam
      >>> attempts when using 10 records.
      >>
      >> Sure - but unless spam that went to MX10 then went and tried MX2, the
      >> spam wasn't delivered to MX2.
      >>
      >
      > As Jorey said, it's not like there is a finite quantity of spam to be
      > distributed among MXes. I have domains that receive 0 spam (and they
      > have an MX). BTW. I also see smtp attempts to machines that are not
      > listed as MX for any domain.

      Sure - but I've tested this across different networks and different
      domains. There is always the dominant shape of the curve: disproportionate
      number of connections on the 1st nth, n-1 and n-2 MX records (where n is
      the number of MX-es).

      >>> the experiment would be:
      >>>
      >>> test 1: with only 2 records, what amount of spam is targetting the real
      >>> MX. do this for some period of time (so that there are actually many bot
      >>> runs).
      >>>
      >>> test 2: do the same test with 10 records.
      >>>
      >>> if the amount of spam (on the "real" MX) in test 2 is significantly
      >>> lower than in test 1, then 10 records would be useful. otherwise, you
      >>> are just putting more honey for the flies.
      >>
      >> The difference is extremely signifficant. It is also signifficant
      >> between 3 and 5 MX-es, although it gets less measurable when going from
      >> 10 upward.
      >
      > you did not show actual numbers for this.

      It worked so well that I never bothered gathering any stats. But I guess I
      could go through my spam folder and put some numbers to it when I have a
      moment.

      >>> No. see above. you are comparing numbers in a single setup. you are not
      >>> comparing different setups (different number of records).
      >>
      >> Yes I was. I tested with increasing numbers of MX records and the amount
      >> of spam reduced. You do get into diminishing returns (statistically, 10
      >> gets around 90% of it away, going from 10 to 100 only reduces it by
      >> another 9%), so usually I don't bother with more than about 15. The
      >> drop-off is actually better than linear because spammers seem to target
      >> the 1st highest and 3 lowest MX-es, so adding more in the middle just
      >> dilutes the ones that target a random MX.
      >>
      >
      > If they target 1st and last 3, then why 10 instead of 5?

      Because there is still a measurable drop, and it isn't exactly an
      expensive solution.

      >> You could, of course, just try it yourself for some figures you can
      >> trust. :-)
      >
      > I suspect there may be broken MTAs out there, so I keep myself under the
      > 2 MX limit to avoid any risk on "real" domains. but I may test this on
      > domains unused in email.

      You'll need some quite spam-heavy unused domains to gather the statistics
      quickly enough.

      Gordan
    • Show all 44 messages in this topic