Prevent spam with DNS

I learned a neat antispam technique from a good colleague of mine on how to help stop spam email coming into your mail host. The goal is to trick spamming mail servers to hit a fake mail server, thus causing them to give up and not attempt a 2nd connection to your true mail server. The technique to accomplish this is to configure your MX records in DNS and rank your “true” mail server lower than your fake one.  devil

Here’s my example below using bind in Linux.

;
$TTL    1D
@       IN      SOA     ns1.estone.ca. hostmaster.estone.ca. (
2015032701      ; Serial
7200           ; Refresh
7200           ; Retry
2419200         ; Expire
10800 )        ; Negative Cache TTL
;
NS      ns1
NS      ns2
MX      10 mail1
MX      20 mail
;
;
estone.ca.      IN      TXT     “v=spf1 mx -all”
mail                            A       206.116.5.55
estone.ca.                      A       206.116.5.55
ns                              A       206.116.5.55
ns1                             A       206.116.5.55
ns2                             A       206.116.5.111
www                             A       206.116.5.55
comm                            A       206.116.5.55
mail1                           A       206.116.5.1

​Here is the result of a host command:

root@estone:~# host estone.ca
estone.ca has address 206.116.5.55
estone.ca mail is handled by 10 mail1.estone.ca.
estone.ca mail is handled by 20 mail.estone.ca.
root@estone:~#

Now hopefully when a spam engine mail server attempts to connect to my fake mail1 email server, it will of course fail(because their is no mail service on the mail1 host) and then hopefully give up.