Failover MX Servers Result in Spam
Email spammers tend to send to the highest cost MX server, rather than the lowest cost one as you might expect. To illustrate, consider a backup MX server that is intended for emergency use only:
hostA IN MX 0 hostA
IN MX 100 BackupHostHere, hostA has the
lowest cost (0
versus 100 for
BackupHost), so
the first delivery attempt should be to hostA. But most
spam-sending software ignores low-cost records (the
record for hostA
in the preceding code) and will instead deliver to
the highest cost server (BackupHost) on purpose.
The theory is that a site will run connection-based
spam filters on the main (lowest cost) server
(hostA) but
will be much more lax on a failover MX server that
is intended only for emergency use (BackupHost). The main
server (hostA)
will never reject connections from its own failover
MX server (BackupHost). Spam senders use that
knowledge to circumvent connection-based rejections
by always sending to the failover MX server.
If you list multiple MX records, be certain that the same level of connection-based spam controls are installed on all of them. Content-based spam control may still reside only on the main mail server because it will still screen messages from all MX failover machines.
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
