Intentional use of secondary MX record - anyone seen it?

Kevin Darcy kcd at daimlerchrysler.com
Mon Apr 23 22:47:01 UTC 2001 

It's not uncommon for backup MX'es to receive a small proportion of mail. Any
hiccup in the network can cause a timeout trying to connect to the primary
MX and a failover to the backup MX. The fact that you see mail from certain
domains consistently using the backup MX isn't very surprising either, if your
backup MX is on a different network -- probably their outbound routing is
screwed up in such a way that they can't talk to the network on which your
primary MX resides.

Now, if your backup and primary are on the *same* network and you consistently
get messages on the backup MX from certain domains and *never* get messages
from them on the primary MX, I'd start to get suspicious. But, even in that
case, it's possible that it's just a broken SMTP routing implementation.


- Kevin

Ray wrote:

> Hi,
>
> We have had a single MX record forever. In preparation for the installation
> of an email gateway virus scanner, we added a higher number/lower preference
> MX record pointing to the gateway. We figured that we would see very little
> if any messages hitting the gateway.
>
> Well, we were partially correct. We average about 3,500 messages a day. 10
> to 20 were hitting the gateway, which was enough to confirm that it was
> working. There was no correlation between time of day or anything else that
> we could find for why these messages were hitting the secondary MX record.
>
> Except for one thing. Every single day we get emails coming from at least
> two domains going to people in our company: rtn.emazing.com and xmr3.com
>
> The xmr3.com messages were always addressed to the same two people in our IT
> department and were a daily newsletter. The rtn.emazing.com messages went to
> a bunch of people.
>
> It seems a little beyond the realm of possibility that out of 3,500+
> messages going to 1,500+ people, this type of repetition would be seen. The
> only explanation I could come up with is that these mass-mailers are
> intentionally using the lower preference MX record in an attempt to make
> sure their messages got through the first time.
>
> The gateway vendor, Symantec, recommends that you have your higher
> preference number point to the gateway and a lower preference number point
> directly to your mail server in case the gateway fails. This presumes that
> mail will never hit the lower preference MX record except in a gateway
> failure situation. Other people have reported seeing mail going to a
> secondary MX record on the Symantec support forum also.
>
> Does anyone have any insight as to why this is happening?

More information about the bind-users mailing list