In <3FE6609A(_dot_)6030908(_at_)gladstonefamily(_dot_)net> Philip Gladstone
<philip-spf(_at_)gladstonefamily(_dot_)net> writes:
What is the recommended approach for handling MX secondaries?
I recommend that SPF be checked on the MX secondaries.
I just got done posting this rant on one of the spamcop newsgroups, so
I'll just repeat it here.
Secondary MXes that don't reject exactly the same email as the primary
MX are A Very Bad Idea in this day and age.
As you have already noticed, spammers realize that secondary MXes
often have substantially fewer checks and make far better targets for
sending spam to. Spammers *will* try the secondary MX first.
Worse, spammers will use dictionary attacks which will cause a flood
of bounces. This has been going on for a long time, but recently it
happened to a friend of mine. Despite my warnings, he continued to
use a secondary MX. I don't think the though my warnings were of the
chicken-little type, but rather "it won't happen to me". So, a few
weeks back, a spammer did a dictionary attack, and he was not able to
kill his secondary MX until the spammer had gotten through a-f. He
now gets around 80,000 rejected spams per day to these invalid email
addresses. It is unclear whether his domain is effectively toasted or
not.
For another example of what happens when spammers can do to a domain,
see: http://www.striker.ottawa.on.ca/
I strongly recommend that anyone with an "wildcard" or "accept-all"
mailbox to shut them down. I strongly recommend that anyone with a
secondary MX that doesn't reject exactly the same way as the primary
to remove the secondary MX.
You are living on borrowed time.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡