Loading ...
Sorry, an error occurred while loading the content.

Re: Possible MX Lookup/Ordering Issue

Expand Messages
  • Jorey Bump
    ... Isn t partially broken like partially pregnant ? Try against a working DNS setup and see if that makes a difference. This could be a simple case of
    Message 1 of 44 , Nov 1, 2007
    • 0 Attachment
      gordan@... wrote, at 11/01/2007 09:35 AM:

      > One thing that could be causing it is that I am, unfortunately, relying
      > on a partially broken PowerDNS setup

      Isn't "partially broken" like "partially pregnant"? Try against a
      working DNS setup and see if that makes a difference. This could be a
      simple case of garbage in, garbage out.
    • gordan@bobich.net
      ... Sure - but I ve tested this across different networks and different domains. There is always the dominant shape of the curve: disproportionate number of
      Message 44 of 44 , Nov 1, 2007
      • 0 Attachment
        On Thu, 1 Nov 2007, mouss wrote:

        > gordan@... wrote:
        >> On Thu, 1 Nov 2007, mouss wrote:
        >>> this does not prove that using 10 records significantly reduces the spam
        >>> received on the real MXes. This only shows the dsitribution of spam
        >>> attempts when using 10 records.
        >>
        >> Sure - but unless spam that went to MX10 then went and tried MX2, the
        >> spam wasn't delivered to MX2.
        >>
        >
        > As Jorey said, it's not like there is a finite quantity of spam to be
        > distributed among MXes. I have domains that receive 0 spam (and they
        > have an MX). BTW. I also see smtp attempts to machines that are not
        > listed as MX for any domain.

        Sure - but I've tested this across different networks and different
        domains. There is always the dominant shape of the curve: disproportionate
        number of connections on the 1st nth, n-1 and n-2 MX records (where n is
        the number of MX-es).

        >>> the experiment would be:
        >>>
        >>> test 1: with only 2 records, what amount of spam is targetting the real
        >>> MX. do this for some period of time (so that there are actually many bot
        >>> runs).
        >>>
        >>> test 2: do the same test with 10 records.
        >>>
        >>> if the amount of spam (on the "real" MX) in test 2 is significantly
        >>> lower than in test 1, then 10 records would be useful. otherwise, you
        >>> are just putting more honey for the flies.
        >>
        >> The difference is extremely signifficant. It is also signifficant
        >> between 3 and 5 MX-es, although it gets less measurable when going from
        >> 10 upward.
        >
        > you did not show actual numbers for this.

        It worked so well that I never bothered gathering any stats. But I guess I
        could go through my spam folder and put some numbers to it when I have a
        moment.

        >>> No. see above. you are comparing numbers in a single setup. you are not
        >>> comparing different setups (different number of records).
        >>
        >> Yes I was. I tested with increasing numbers of MX records and the amount
        >> of spam reduced. You do get into diminishing returns (statistically, 10
        >> gets around 90% of it away, going from 10 to 100 only reduces it by
        >> another 9%), so usually I don't bother with more than about 15. The
        >> drop-off is actually better than linear because spammers seem to target
        >> the 1st highest and 3 lowest MX-es, so adding more in the middle just
        >> dilutes the ones that target a random MX.
        >>
        >
        > If they target 1st and last 3, then why 10 instead of 5?

        Because there is still a measurable drop, and it isn't exactly an
        expensive solution.

        >> You could, of course, just try it yourself for some figures you can
        >> trust. :-)
        >
        > I suspect there may be broken MTAs out there, so I keep myself under the
        > 2 MX limit to avoid any risk on "real" domains. but I may test this on
        > domains unused in email.

        You'll need some quite spam-heavy unused domains to gather the statistics
        quickly enough.

        Gordan
      Your message has been successfully submitted and would be delivered to recipients shortly.