Prevent spam with DNS

I learned a neat antispam technique from a good colleague of mine on how to help stop spam email coming into your mail host. The goal is to trick spamming mail servers to hit a fake mail server, thus causing them to give up and not attempt a 2nd connection to your true mail server. The technique to accomplish this is to configure your MX records in DNS and rank your “true” mail server lower than your fake one.  devil

Here’s my example below using bind in Linux.

$TTL    1D
@       IN      SOA (
2015032701      ; Serial
7200           ; Refresh
7200           ; Retry
2419200         ; Expire
10800 )        ; Negative Cache TTL
NS      ns1
NS      ns2
MX      10 mail1
MX      20 mail
;      IN      TXT     “v=spf1 mx -all”
mail                            A                      A
ns                              A
ns1                             A
ns2                             A
www                             A
comm                            A
mail1                           A

​Here is the result of a host command:

root@estone:~# host has address mail is handled by 10 mail is handled by 20

Now hopefully when a spam engine mail server attempts to connect to my fake mail1 email server, it will of course fail(because their is no mail service on the mail1 host) and then hopefully give up.