A semi-wish for an official 'null MX' standard

September 24, 2013

I've written before about how it seems that spammers will scrape anything that looks like an email address and then attempt to spam them. Of course, much of what gets scraped is probably for (alleged) hosts that don't have anywhere to send email, so the spammers never even get as far as sending it. But through some sort of luck I have such a host that doesn't accept email but also happens to have an accessible mail server running on its IP address (because that IP address handles email for some other things).

Since I watch my SMTP logs (it's a low-activity mail server) this has given me a nice ringside seat to the spam attempts and helped add things to my personal blacklist. But as entertainment this palls after a while and I'm starting to reach the point where I don't care and I would rather that all of the would-be spammers just go away. To do this I'd like what gets called a 'null MX', an MX entry that says 'this thing doesn't get email, don't even bother trying to talk to its IP address'.

To my surprise there is no official standard for this. There is a widespread habit of using an MX to '.' (dot, the root of the DNS hierarchy) but it's not actually a standard (although it was first put forward as a draft RFC in 2005 and is being tried again this year). In theory this has been around long enough as customary practice that many mail servers should support it; in practice I have no idea how well it works. If it's not very effective at reducing incoming spam attempts I might as well not add the entry at all. I suppose I actually have a relatively good opportunity to conduct a slow-moving scientific experiment to find out.

(Probably the most reliable way to do this is to set the MX to a public IP address under your control that doesn't exist or doesn't accept incoming SMTP. I wouldn't use a private IP address or a 127/8 address because both of those may be ignored by legitimate mailers while the only thing that's going to ignore an unresponding public IP as an MX is spamware that is deliberately trying your A record even though an MX exists.)

Written on 24 September 2013.
« The FTE pricing gamble (for vendors)
Trying to explain my harshness on configuration management tools »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Sep 24 23:57:58 2013
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.