Spam is a well-known problem for all Internet users, especially technical administrators of Internet services. I own several domain names used for different purposes. Most of my domains are not supposed to receive e-mails. However, spammers don’t care and will still send spam mails to these domains. Even without Mail eXchange (MX) records a domain is still unsafe since some spammers will instead try out the A record of the domain. With several domains not used for e-mail, this be annoying to manage and causes extra server load.
What is a fake MX records?
To minimize spam fake MX records, known as ‘nolisting‘, has been proposed as a trick to reduce spam.
A fake MX server simply rejects all incoming e-mail and either does nothing or returns an error message. Typical errors returned are error 421 or 550. It is preferred to use a fake MX record that returns a valid error code so senders of non-spam mail will know that an e-mail was undeliverable.
Fake MX records generally have two use cases.
First use case: Fake MX records can be entered for domains not intended to receive e-mails. In this case, a fake MX record can be added as the only MX record to reject all incoming mail. I only recommend that you consider using fake MX records for this use case.
Second use case: You can use fake MX records as a form of greylisting approach. In this approach, a fake MX record is added with the lowest priority with genuine MX records. A legitimate SMTP server will receive an error from the fake MX server and retry one of the other (real) MX servers. Most spam software will not retry sending bounced e-mails.
As is the case with most tricks, the nolisting strategy has some drawbacks if using a fake MX setup on a domain intended for receiving e-mail. For example, poorly written SMTP servers might not correctly handle errors and bounced e-mails. You can find more details and drawbacks on the Wikipedia page ‘Nolisting.’
I recommend using a good spam filter instead of fake MX records for domains intended for receiving e-mails. Using fake MX records as a greylisting approach can be unpredictable.
Using fake MX records is no ultimate solution to avoid all spam from getting in touch with your servers. Still, anecdotal experiences reported from different forums indicate that fake MX records significantly reduce spam.
More detailed information about fake MX records can be found at “Nolisting: Poor Man’s Greylisting” and “Other Trick For Blocking.”
Free Fake MX services
Using a free fake MX service is an easy approach to setup fake MX records. This approach requires little technical knowledge and the setup can easily be removed again if needed.
Junk Email Filter
I’m currently using a free service offered by Junk Email Filter Inc. They are running Project Tar (formerly known as Project Tarbaby), essentially a cluster of fake MX servers. The project has two goals: 1) to help reduce incoming spam, and 2) to support the ongoing work of maintaining the Junk Email Filter blacklist of known spam sources.
The service is very simple to setup and use. Simply add the following hostname as the only MX record of the given domain:
tar.junkemailfilter.com
Example of the MX record in a DNS zone file.
@ 14400 IN MX 100 tar.junkemailfilter.com.You can set any value as the priority, for example, 100.
Every time a mail is received the system will respond with the code 550, which means that the message was not deliverable. Genuine senders will receive a reply with an error message and know that a given address is not available, and spam bots will move on and get registered in the blacklist. This MX server also delays each SMTP stage with a few seconds to slow down spam bots and so they are less effective.
Fake MX
Another free service is Fake MX. Add the following hostname as the MX record of the given domain:
mx.fakemx.net
Example of the MX record in a DNS zone file.
@ 14400 IN MX 100 mx.fakemx.net.Set any value as the priority, for example, 100. If you use more than one MX record, set the Fake MX record with a higher priority than the primary MX record. For all incoming mail Fake MX will return the error code 451 “Try again later.”
Dnswl.org
A third free fake MX record service is dnswl.org. They maintain a whitelist to provide reputation information about email senders to reduces the risk of false positives. They also provide a fake MX record that can be used as spamtrap for domains not used for receiving e-mail.
mail-in.verboten.net
Example of the MX record in a DNS zone file.
@ 14400 IN MX 100 mail-in.verboten.net.Blackhole.mx
The Blackhole.mx service is provided by Abusix, a cyber security company. All mail sent to their MX record will receive the hard bounce error 550. The collected spam mails are used by the company and their partners to improve measurements against spam.
void.blackhole.mx
Example of the MX record in a DNS zone file.
@ 14400 IN MX 100 void.blackhole.mx.As mentioned, I do not recommend using fake MX records on domains intended for receiving e-mails. Also remember to read the terms of use before adding third party fake MX records.