[exim] An interesting observation about spam zombies

Top Page
This message is part of the following thread:
M+-+\the complete thread tree sorted by date
MM\MM 
MMMRichard Pitt at ->
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: [exim] An interesting observation about spam zombies
As some of you know I get rid of a lot of spam using fake high numbered
MX records. I'm now doing some interesting experiments. Even though my
TTL is only 2 hours I notice that if I change my fake high MX to
different fake high MX that the spam zombies still send email to the old
fake MX records for many days, sometimes weeks.

My theort is that spam zombies do DNS caching so as to maximize spam
output by eliminating dns lookups. Thus zombies retain old information
far longer than they are supposed to.

So I'm experimenting with a blaclisting trick where I change my fake
high MX records, wait several hours, and then anything that hits the old
fake MX records are spam zombies.

Thoughts?


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Too many concurrent SMTP-ConnectionsRe: [exim] An interesting observation about spam zombies->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)