Security Basics mailing list archives
RE: virus mail ignores MX?
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Mon, 21 Jun 2004 11:03:24 -0400
More than 70% of our spam that is blocked is blocked at the secondary MX. I agree and fully believe that spammers seem to be targeting secondary MX's directly, and most likely for the reasons listed below. We've seen instances where the same spam message is delivered to both mail exchangers. This is likely spammers hoping that one has less anti-spam filtering than the other.
Hence even if the RFC had specified a MUST, a virus writer could make an intelligent guess that a backup MX server is probably not as well protected as the primary server and hence better his/her chances by violating the RFC, and using the backup server. Any protection against such an attack would involve too much state tracking and is probably not worth the effort. Its much better to protect all servers equally.
************************************************************************************************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** this message has been scanned for viruses, vandals and malicious content ** ************************************************************************************************** --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: virus mail ignores MX?, (continued)
- Re: virus mail ignores MX? Andrej Kacian (Jun 14)
- Re: virus mail ignores MX? Paul Kurczaba (Jun 14)
- Re: virus mail ignores MX? die tuere (Jun 14)
- Re: virus mail ignores MX? Pierre-Yves Bonnetain (Jun 14)
- RE: virus mail ignores MX? Burton M. Strauss III (Jun 14)
- Re: virus mail ignores MX? Ranjeet Shetye (Jun 21)
- RE: virus mail ignores MX? Joshua Vince (Jun 14)
- RE: virus mail ignores MX? Alan Greig (Jun 14)
- Re: virus mail ignores MX? Monty Ree (Jun 16)
- Re: virus mail ignores MX? Mircea MITU (Jun 18)
- RE: virus mail ignores MX? Keith T. Morgan (Jun 22)