|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mlist.only
free.fr)
Date: Thu Nov 01 2007 - 13:57:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
gordanbobich.net wrote:
> On Thu, 1 Nov 2007, mouss wrote:
>> this does not prove that using 10 records significantly reduces the spam
>> received on the real MXes. This only shows the dsitribution of spam
>> attempts when using 10 records.
>
> Sure - but unless spam that went to MX10 then went and tried MX2, the
> spam wasn't delivered to MX2.
>
As Jorey said, it's not like there is a finite quantity of spam to be
distributed among MXes. I have domains that receive 0 spam (and they
have an MX). BTW. I also see smtp attempts to machines that are not
listed as MX for any domain.
>> the experiment would be:
>>
>> test 1: with only 2 records, what amount of spam is targetting the real
>> MX. do this for some period of time (so that there are actually many bot
>> runs).
>>
>> test 2: do the same test with 10 records.
>>
>> if the amount of spam (on the "real" MX) in test 2 is significantly
>> lower than in test 1, then 10 records would be useful. otherwise, you
>> are just putting more honey for the flies.
>
> The difference is extremely signifficant. It is also signifficant
> between 3 and 5 MX-es, although it gets less measurable when going from
> 10 upward.
>
you did not show actual numbers for this.
>> No. see above. you are comparing numbers in a single setup. you are not
>> comparing different setups (different number of records).
>
> Yes I was. I tested with increasing numbers of MX records and the amount
> of spam reduced. You do get into diminishing returns (statistically, 10
> gets around 90% of it away, going from 10 to 100 only reduces it by
> another 9%), so usually I don't bother with more than about 15. The
> drop-off is actually better than linear because spammers seem to target
> the 1st highest and 3 lowest MX-es, so adding more in the middle just
> dilutes the ones that target a random MX.
>
If they target 1st and last 3, then why 10 instead of 5?
> You could, of course, just try it yourself for some figures you can
> trust. :-)
I suspect there may be broken MTAs out there, so I keep myself under the
2 MX limit to avoid any risk on "real" domains. but I may test this on
domains unused in email.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]