DNS question, null MX records

Bill Stewart nonobvious at gmail.com
Tue Jan 5 00:34:39 UTC 2010


On Tue, Dec 15, 2009 at 7:46 AM, Eric J Esslinger <eesslinger at fpu-tn.com> wrote:
> So in any case, due to customer privacy concerns we feel we can't do that.

If you don't want to handle email for the long-obsolete customer
accounts, but just don't want to send that mail to anybody else, it's
pretty easy to run a teergrube or other tarpit system to trap any mail
addressed to the A-record.  These systems basically accept mail
v.e.rrrr.yyyyy....s....l.....o...w...l..yyyyy so that spammers can
waste their time talking to your tarpit instead of to somebody who
cares, and so you can trap their IP addresses and potentially block
them or use them to support your other spam-blockers if you want.
You don't need a high-performance machine because all the users are
spammers and you're *trying* to give them bad service.  (Some
variants, like LaBrea, are used for connection attempts to
non-existent machines - they'll send a syn-ack so the attacker thinks
he has a successful 3-way handshake, which slows down scanning
attacks.)

If you do want to accept mail for the long-obsolete customer accounts,
so you can give them a proper human-readable rejection message, you
may need to customize.   It looks like Exim supports that, though I
haven't tried it.

-- 
----
             Thanks;     Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.




More information about the NANOG mailing list