[exim] An interesting observation about spam zombies

As some of you know I get rid of a lot of spam using fake high numbered
MX records. I'm now doing some interesting experiments. Even though my
TTL is only 2 hours I notice that if I change my fake high MX to
different fake high MX that the spam zombies still send email to the old
fake MX records for many days, sometimes weeks.

My theort is that spam zombies do DNS caching so as to maximize spam
output by eliminating dns lookups. Thus zombies retain old information
far longer than they are supposed to.

So I'm experimenting with a blaclisting trick where I change my fake
high MX records, wait several hours, and then anything that hits the old
fake MX records are spam zombies.

Thoughts?