Prevent spam with DNS
I learned a neat antispam technique from a good colleague of mine on how to help stop spam email coming into your mail host. The goal is to trick spamming mail servers to hit a fake mail server, thus causing them to give up and not attempt a 2nd connection to your true mail server. The technique to accomplish this is to configure your MX records in DNS and rank your “true” mail server lower than your fake one.
Here’s my example below using bind in Linux.
$TTL 1D
@ IN SOA ns1.estone.ca. hostmaster.estone.ca. (
2015032701 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
10800 ) ; Negative Cache TTL
;
NS ns1
NS ns2
MX 10 mail1
MX 20 mail
;
estone.ca. IN TXT “v=spf1 mx -all”
estone.ca. A 206.116.5.55
ns A 206.116.5.55
ns1 A 206.116.5.55
ns2 A 206.116.5.111
www A 206.116.5.55
comm A 206.116.5.55
mail1 A 206.116.5.1Here is the result of a host command:
root@estone:~# host estone.ca
estone.ca has address 206.116.5.55
estone.ca mail is handled by 10 mail1.estone.ca.
estone.ca mail is handled by 20 mail.estone.ca.
root@estone:~#
Now hopefully when a spam engine mail server attempts to connect to my fake mail1 email server, it will of course fail(because their is no mail service on the mail1 host) and then hopefully give up.