-----Original Message----- From: Glen Eustace [mailto:geustace(a)godzone.net.nz] Sent: Tuesday, 15 January 2008 10:43 a.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] Using nolisting to reduce spam
Yesterday, I came across the concept of 'nolisting' as a technique for reducing the volume of inbound spam. It wasn't something I had previously come across so have done some reading on the topic. http://nolisting.org as a starting point.
For such a simple technique, I was surprised by its impact.
Simply speaking, the idea is to use a primary MX that doesn't listen on port 25 but simply rejects the connection. Well behaved MTAs will all try the secondary MX(es) and delivery will occur. Many spambots only try the primary so there is an immediately benefit, less inbound to check in other ways and a consequential increase in the available resources on the mail server(s).
I set it up on one domain and behavior seems to be exactly as described. My reading suggests that there is no negative impact on legitimate mail and no noticeable additional latency in delivery as
the
switch from the primary to secondary on a reject is almost instantaneous.
I was wondering whether anyone else has had any experience with this technique and if so whether the claim that it has no negative impact is true. Also, if people haven't heard of it, it may be something people might want to look at as another weapon in the anti-spam war.
Glen.
_______________________________________________
Nolisting sounds like a bad idea, at least for many of the sites I manage. One big problem that springs to mind is "increased IP traffic" on not only public internet connections but private office ones too. Doesn't sound too bad until you get a few thousand hosts bouncing off a dead MX to discover the real(secondary) one. This is also true for bad hosts, who will be retrying to send their spam over our connection. From one MX to the other, the bandwidth all adds up. The other thing that worries me is that this all relies on a "well behaved MTA" for transporting all our clients email. Does that include Microsoft Exchange? We use multiple exchange servers, which in turn use our Qmail server. Do you think everything will play nice in this environment? (or are we going to expect a hefty log file full of connection errors). I reckon nolisting might be a good idea for small business, but not large business, which already ought to have state-of-the-art antispam/antivirus software installed with some kind of RBL technology. And, if it's anything like Spamassassin and ClamAV, should be working really well. Nolisting also sounds like it could be a very temporary thing before it is undermined by the demon-beast Spam, as their config has to change little to spam second or tertiary mx's first. Cheers Mike