Marc Perkel wrote:
> Looking for a few volunteers who want to reduce their spambot spam and
> at the same time help me track spambots for my black list. This is
> free and mutual benefit. I ( want to be your
> highest numbered fake MX record. Here's how you would configure your
> domain:
> MX 10
> MX 20
> I will never actually receive your email. The recipient all always get
> a 451 error just after the DATA command. So if your servers are down
> you won't lose anything. A 451 error is a "I'm not ready, come back
> later" error.

what if he comes back later to the same MX, again and again (AFAIK, this
is the case with qmail)? mail will be lost.

> This will help you reduce your spambot spam generally by half. Many
> spambots try the highest number MX records first and never try again.
> So these attempts just go away. Your system load drops, your spam is
> reduced, spamassassin doesn't have to work as hard. And some spammers
> will actually blacklist you because when they see a
> junkemailfilter,com host in the MX they don't even try because they
> know that it will only reduce their spambot army to even attenpt to
> send a spam.

do you have any evidence for this? or more generally, do spammers really
check the MX name for such patterns?
> I have developed an extremely accurate way of detecting spambots and
> getting them listed on the first attempt to send spam. It involves
> detecting a combination of several sins that if they hit this
> combination, and most do, it's a virus infected spambot. Without going
> into great detail one of the unique things I look for is hosts not
> closing the connection with quit but rather allowing the connection to
> time out after receiving the 451 error. When you combine that it's the
> highest MX, no QUIT, and several other tests on HELO and other things
> I can get these hosts blacklisted which blacks their spam for everyone
> who uses my blacklists. And - unless you are huge - you can use my
> blacklists for free.
> Here's what an SMTP session to my tarbaby server looks like.
> telnet 25
> Trying
> Connected to
> Escape character is '^]'.
> 220 ESMTP Exim 4.68 Wed, 07 May 2008
> 08:20:24 -0700
> helo
> 250 Hello []
> mail from:<>
> 250 OK
> rcpt
> 250 Accepted
> data
> 451 DEFER - Try a lower numbered MX record -
> So - if you are interested all you have to do is set your highest
> numbered MX to If you want to know more
> about my lists you can read about them here.
> This is experimental. I'm looking to see what kind of useful data I
> can derive from this to see how well it work and if I'll continue it.
> Send me a private email if you have any questions.