Spammers Ignore MX Records
We recently changed our SMTP mail routing via our MX records to point a hosted email service after running our own inhouse email filtering for the last few years.
We changed the MX records, updated the rules on our firewall to route from our email service providers servers to our own Exchange servers and after the usual 48 hours for these things to propagate across we signed it off as a project complete.
6 months later we came to investigate a mail routing issue, and on checking the firewall logs we were still seeing traffic directly hitting the IP address of our old MX records hosted in our DMZ. Strange we thought, so we plugged in Posfix to talk SMTP on this IP address just to see what was happening.
Funnily enough all the email that was coming through was blocked by RBLs so we can say that a change in MX records will not necessarily protect you from spammers who try to use old SMTP and MX details to push their email to you. This is why a DMZ and a proper granular firewall policy makes them oh so much worth while. So don’t trust MX records to protect your Exchange or other MDA enviornment from junk mail.
2 Comments
4 years later, i noticed this behavior too.
i moved to another server but kept the old one going “just in case”. mx records were changed and all seemed well.
for reading purposes, i prefer gmail’s interface. on the old server, i was using aliases to push mail to my gmail account. (i’ve switched to using gmail’s mailfetcher to pull mail from the new server)
i was having a hard time figuring out why heaps of spam were showing up in gmail.
like you say, the spammers were using the old server. to address the problem, i just deleted every account. there’s still a server at that ip address but it won’t actually accept mail anymore. this way, i figure the spammers won’t know to look up the new mx. 🙂
Hi Bob,
Glad to see spammers don’t change their tactics, gives us an easy way to catch them!
Thanks for commenting and sounds like you’ve fixed it, well done 🙂
Gyp