Security Basics mailing list archives

RE: virus mail ignores MX?

From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Mon, 21 Jun 2004 11:03:24 -0400

More than 70% of our spam that is blocked is blocked at the secondary
MX.  I agree and fully believe that spammers seem to be targeting
secondary MX's directly, and most likely for the reasons listed below.
We've seen instances where the same spam message is delivered to both
mail exchangers.  This is likely spammers hoping that one has less
anti-spam filtering than the other.


Hence even if the RFC had specified a MUST, a virus writer 
could make an intelligent guess that a backup MX server is 
probably not as well protected as the primary server and 
hence better his/her chances by violating the RFC, and using 
the backup server. Any protection against such an attack 
would involve too much state tracking and is probably not 
worth the effort. Its much better to protect all servers equally.

**************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

** this message has been scanned for viruses, vandals and malicious content **
**************************************************************************************************

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Re: virus mail ignores MX?, (continued)
- Re: virus mail ignores MX? Andrej Kacian (Jun 14)
- Re: virus mail ignores MX? Paul Kurczaba (Jun 14)
- Re: virus mail ignores MX? die tuere (Jun 14)
- Re: virus mail ignores MX? Pierre-Yves Bonnetain (Jun 14)
- RE: virus mail ignores MX? Burton M. Strauss III (Jun 14)
  - Re: virus mail ignores MX? Ranjeet Shetye (Jun 21)
- RE: virus mail ignores MX? Joshua Vince (Jun 14)
- RE: virus mail ignores MX? Alan Greig (Jun 14)
- Re: virus mail ignores MX? Monty Ree (Jun 16)
  - Re: virus mail ignores MX? Mircea MITU (Jun 18)
- RE: virus mail ignores MX? Keith T. Morgan (Jun 22)