Monday, 4 April 2016

39368 in my spam trap

About a year ago, I set up a spam trap. It was very simple.

When you set up the DNS for your email, you make a list of MX (mail exchange) records. Normally, you'd have two, one for normal times, and a secondary on in case the first one is down , or overloaded, or otherwise unavailable. Exceptionally, you might have three.

I have seven.

You indicate which is the main one, and which are the secondaries, by giving them priorities in the DNS records. So, your main one might have priority 10, the secondary 20 and the tertiary 30. Or 100,200, 300. Or 1, 2, 3. That tells servers trying to get mail to you about your preferred order.

A while ago, I noticed that many spammers just don't care about the order.

When you do a "dig" to discover the list of mail servers, they are presented in a random order, and the remote server is supposed to use the priority number to decide which one to use.

Spammers don't do that. They just send the spam to the first one in the list.

So I set up a spam trap. As well as my primary, secondary and tertiary mail servers, I have several other mail servers, all with low priority, and all actually sending to the same server, under different aliases.

I set it up a year ago, and frankly, I forgot about it.

I looked at it today, and it had 39368 spams. So that's about 100 spams per day that I haven't needed to look at, or spam-filter.

I can see that a lot of them (most of them) have attachments, apparently invoices, remittance advices and suchlike. These are obviously email-borne malware. Some are invitations from girls, some are luxury watches.

All are now deleted at one command!

No comments:

Post a Comment