Hmmm... over the years I've run into many instances where short TTLs
(and in fact any TTL in some cases) have been ignored by some (many) of
the big ISPs - again, sometimes for a month or more (AOL for example)
These instances were for A records mostly as things like web sites and
ftp sites were moved - but I expect MX records probably get tarred with
the same brush.
Now I'm not saying that this isn't an interesting tidbit - but it might
cause some problems with the big guys (and some little ones who have
misconfigured DNS caches) but "them's the breaks" ;)
richard
On Wed, 2007-08-29 at 10:23 -0700, Marc Perkel wrote:
> As some of you know I get rid of a lot of spam using fake high numbered
> MX records. I'm now doing some interesting experiments. Even though my
> TTL is only 2 hours I notice that if I change my fake high MX to
> different fake high MX that the spam zombies still send email to the old
> fake MX records for many days, sometimes weeks.
>
> My theort is that spam zombies do DNS caching so as to maximize spam
> output by eliminating dns lookups. Thus zombies retain old information
> far longer than they are supposed to.
>
> So I'm experimenting with a blaclisting trick where I change my fake
> high MX records, wait several hours, and then anything that hits the old
> fake MX records are spam zombies.
>
> Thoughts?
>
>
--
-
Richard C. Pitt Pacific Data Capture
rcpitt@??? 604-644-9265
http://richard.pacdat.net www.pacdat.net
PGP Fingerprint: FCEF 167D 151B 64C4 3333 57F0 4F18 AF98 9F59 DD73
