Nolisting

Nolisting is the name given to a technique to defend electronic mail domain names against e-mail spam.[1][2]

Each domain name on the internet has a series of one or more MX records specifying mail servers responsible for accepting email messages on behalf of that domain, each with a preference. Nolisting is simply the adding of an MX record pointing to a non-existent server as the "primary" (i.e. that with the lowest weighted value) - which means that an initial mail contact will always fail. Many spam sources don't retry on failure, so the spammer will move on to the next victim - while legitimate email servers should retry the next higher numbered MX, and normal email will be delivered with only a small delay.

Implementation

A simple example of MX records that demonstrate the technique:

MX 10 dummy.example.com.
MX 20 real-primary-mail-server.example.com.

This defeats spam programs that only connect to the highest priority (lowest numbered) MX and do not follow the standard error-handling of retrying the next priority MX.

Drawbacks

  • The technique relies on spammers using simple software that doesn't retry the next priority MX, and so becomes ineffective if or when spammers begin using more sophisticated software.
  • Some legitimate SMTP applications are also very simple and only send to the lowest numbered MX record. This might be the case with simple devices such as printers or data loggers, or with older legacy software. Mail from them will also fail unless there is some mechanism to allow a "whitelist" of IPs access to the mailserver via the lowest numbered MX record.
  • It is important that the highest priority (lowest numbered) MX should be completely unresponsive on port 25. If it is open and responds with a 4xx error, (i.e. "retry later"), then email from some MTAs (such as qmail), may be lost if they do not step to the next MX record, but instead wait and continually retry the first one.[3]

Similar techniques

There are alternate techniques that suggest "sandwiching" the valid MX records between non-responsive ones.[3] Some variants also suggest configuring the highest-numbered hosts to always return 4xx errors (i.e. "retry later").[3]

A simple example of MX records that demonstrate the technique:


MX 10 dummy1.example.com.
MX 20 real-primary-mail-server.example.com.
MX 30 dummy2.example.com.


Greylisting also relies on the fact that spammers often use custom software which will not persevere to deliver a message in the correct RFC-compliant way.[2]

gollark: We recommend standing still to limit collateral damage.
gollark: Do not attempt to resist.
gollark: In summary, you are being orbitally lased.
gollark: Personal attacks are interpreted by GTechâ„¢ defense systems as personal attacks, which will initiate an orbital-laser response.
gollark: Well, I interpret any criticism of length-terminated strings as a personal attack.

See also

References

  1. "Does 'nolisting' help stop spam?", Feb 2007, M Edwards, Windows IT Pro
  2. "Nolisting: Poor Man's Greylisting"
  3. "Other tricks", Apache SpamAssassin
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.