Fun with Spammers


Category: Tech
Posted by Jonathan Corbett on October 2nd, 2009


At FourTen we use Postini, a third-party spam filtering service that takes your e-mail before it gets to your server, removes the spam, and forwards on the good stuff. Postini built itself a great reputation when it first arrived on the scene for being reliable and accurate, and luckily for its customers, its new owners (Google) have kept a hands-off approach, leaving well enough alone.

The way a spam filtering service like Postini gets set up is by setting DNS mail server (MX) records for your domain to the spam filtering service, which means that before any mail gets to you, it goes straight to them for filtering. You can set multiple MX records for a domain, each with a different priority, and to play it safe, we set Postini's mail server as the highest priority and then our own mail server as a lower one, so that in case Postini for some reason went down, our low-priority server wouldn't miss a beat and we wouldn't lose e-mail. It would take a pretty intelligent spammer to avoid the high-priority server and send to the lower priority one, right?

Well, fast forward to today and we've found that about 50% of spammers were smart enough to code their mail sending apps to avoid Postini's servers and send to the non-Postini server if one is listed in the MX record. That totally ruined our fun, until we realized that since only spammers were sending to the low-priority server (Postini goes down just about... never), we could indeed have some fun. We could set up a script to automatically report spam to the sender's ISP, we could send our mail server logs on to one of the many IP blacklists for known spam senders, or we could have forwarded all the mail to spam filtering services for analysis so that they would be better able to block the spam from getting to other recipients.

We opted for a much quicker to implement solution: set the low-priority mail server address in DNS to 127.0.0.1, the loopback address, essentially telling the spammers to deliver the mail to themselves. :) We now have less than 1 in 100 pieces of spam sent to us get through the filter, and the same quantity of legitimate mail blocked as spam (which we can manually deliver through Postini's Web interface). Nice.

Blog Posts by Month