spam filtering

Kenneth Brody kenbrody at bestweb.net
Thu Sep 27 06:00:00 PDT 2007


Quoting Brian K. White (Thu, 27 Sep 2007 00:56:25 -0400):
[...]
> When we turned on mxlogic only about 5 per day actually reached me, and they
> were mostly mails that somehow got submitted directly to the mail host even
> though the mx records pointed at mxlogic. Perhaps spammers know enough to
> just try likely things like "mail.aljex.com" and if it's a mail server, just
> try submitting mail to it, regardless of mx records. I'm surprised I don't
> still get a ton of spam that way come to think of it.
[...]

In the good old days, spammers used to do "direct to MX" spam runs.  That
is, the spammer's software would connect directly to the recipient's MX
server's SMTP port.  I suppose some of them may have done the "let's see
if mail.example.com works" before actually reading the MX record.

However, nowadays, many ISPs block outgoing SMTP connections, and instead
require that you send mail through their servers.  (Where they can, in
turn, do some processing, such as some attempt at filtering, or some
rate throttle, or add some tracking headers in case it gets reported as
spam.)  These, in turn, will pass it on to the recipient's MX server.
Since the ISP's servers won't go the "let's try mail.example.com" route,
(unless, perhaps, if you don't have an MX record), they will always send
to your MX server.

-- 
KenBrody at BestWeb dot net        spamtrap: <g8ymh8uf001 at sneakemail.com>
http://www.hvcomputer.com
http://www.fileProPlus.com


More information about the Filepro-list mailing list