Nolisting

Nolisting is the name given to a technique to defend electronic mail domain names against e-mail spam.^[1]^[2]

Each domain name on the internet has a series of one or more MX records specifying mail servers responsible for accepting email messages on behalf of that domain, each with a preference. Nolisting is simply the adding of an MX record pointing to a non-existent server as the "primary" (i.e. that with the lowest preference value) - which means that an initial mail contact will always fail. Many spam sources don't retry on failure, so the spammer will move on to the next victim - while legitimate email servers should retry the next higher numbered MX, and normal email will be delivered with only a small delay.

Implementation

A simple example of MX records that demonstrate the technique:

MX 10 dummy.example.com.
MX 20 real-primary-mail-server.example.com.

This defeats spam programs that only connect to the highest priority (lowest numbered) MX and do not follow the standard error-handling of retrying the next priority MX.

Drawbacks

The technique relies on spammers using simple software that doesn't retry the next priority MX, and so becomes ineffective if or when spammers begin using more sophisticated software.
Some legitimate SMTP applications are also very simple and only send to the lowest numbered MX record. This might be the case with simple devices such as printers or data loggers, or with older legacy software. Mail from them will also fail unless there is some mechanism to allow a "whitelisted" list of IPs access to the mailserver via the lowest numbered MX record.
It is important that the highest priority (lowest numbered) MX should be completely unresponsive on port 25. If it is open and responds with a 4xx error, (i.e. "retry later"), then email from some MTAs (such as qmail), may be lost if they do not step to the next MX record, but instead wait and continually retry the first one.^[3]

Similar techniques

There are alternate techniques that suggest "sandwiching" the valid MX records between non-responsive ones.^[3] Some variants also suggest configuring the highest-numbered hosts to always return 4xx errors (i.e. "retry later").^[3]

Like "nolisting", the greylisting technique relies on the fact that spammers often use custom software which will not persevere to deliver a message in the correct RFC-compliant way. It is however, a more sophisticated technique that needs specialist software to track which senders and IPs that it has encountered - hence "nolisting"s title of "The Poor Man's Greylisting".^[2]

References

↑ "Does 'nolisting' help stop spam?", Feb 2007, M Edwards, Windows IT Pro
1 2 "Nolisting: Poor Man's Greylisting"
1 2 3 "Other tricks", Apache SpamAssassin

External links

Nolisting: Poor Man's Greylisting
Fight Spam With Nolisting article on Slashdot
Other Trick for Blocking Spam where the concept of using fake MX records was discussed.

This article is issued from Wikipedia - version of the 3/4/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.