Re: Possible MX Lookup/Ordering Issue
- gordan@... wrote, at 11/01/2007 09:35 AM:
> One thing that could be causing it is that I am, unfortunately, relyingIsn't "partially broken" like "partially pregnant"? Try against a
> on a partially broken PowerDNS setup
working DNS setup and see if that makes a difference. This could be a
simple case of garbage in, garbage out.
- On Thu, 1 Nov 2007, mouss wrote:
> gordan@... wrote:Sure - but I've tested this across different networks and different
>> On Thu, 1 Nov 2007, mouss wrote:
>>> this does not prove that using 10 records significantly reduces the spam
>>> received on the real MXes. This only shows the dsitribution of spam
>>> attempts when using 10 records.
>> Sure - but unless spam that went to MX10 then went and tried MX2, the
>> spam wasn't delivered to MX2.
> As Jorey said, it's not like there is a finite quantity of spam to be
> distributed among MXes. I have domains that receive 0 spam (and they
> have an MX). BTW. I also see smtp attempts to machines that are not
> listed as MX for any domain.
domains. There is always the dominant shape of the curve: disproportionate
number of connections on the 1st nth, n-1 and n-2 MX records (where n is
the number of MX-es).
>>> the experiment would be:It worked so well that I never bothered gathering any stats. But I guess I
>>> test 1: with only 2 records, what amount of spam is targetting the real
>>> MX. do this for some period of time (so that there are actually many bot
>>> test 2: do the same test with 10 records.
>>> if the amount of spam (on the "real" MX) in test 2 is significantly
>>> lower than in test 1, then 10 records would be useful. otherwise, you
>>> are just putting more honey for the flies.
>> The difference is extremely signifficant. It is also signifficant
>> between 3 and 5 MX-es, although it gets less measurable when going from
>> 10 upward.
> you did not show actual numbers for this.
could go through my spam folder and put some numbers to it when I have a
>>> No. see above. you are comparing numbers in a single setup. you are notBecause there is still a measurable drop, and it isn't exactly an
>>> comparing different setups (different number of records).
>> Yes I was. I tested with increasing numbers of MX records and the amount
>> of spam reduced. You do get into diminishing returns (statistically, 10
>> gets around 90% of it away, going from 10 to 100 only reduces it by
>> another 9%), so usually I don't bother with more than about 15. The
>> drop-off is actually better than linear because spammers seem to target
>> the 1st highest and 3 lowest MX-es, so adding more in the middle just
>> dilutes the ones that target a random MX.
> If they target 1st and last 3, then why 10 instead of 5?
>> You could, of course, just try it yourself for some figures you canYou'll need some quite spam-heavy unused domains to gather the statistics
>> trust. :-)
> I suspect there may be broken MTAs out there, so I keep myself under the
> 2 MX limit to avoid any risk on "real" domains. but I may test this on
> domains unused in email.