Do I really need an MX record? (for e-mail to work)

[sm5w2 at hotmail.com]

Kurt Boyack wrote:

> > I believe that most spam is sent by home computers (zombies) infected
> > by back-door trojan services that allow spammers to up-load lists of
> > e-mail addresses and e-mail payloads to those machines which then begin
> > a spam campaign or spam run.
>
> How do you think they found these computers? Through MX records?

Which computers are you talking about?  If you're talking about the
zombies, then of course MX records have nothing to do with "finding"
zombies - or in making zombies.

We are not talking about how the zombie became a zombie in the first
place.

We are talking about how a spam zombie performs it's function to send
spam.

We are talking about if the zombie performs it's own MX lookups or is
given the IP of the destination server by the spammer.   We are talking
about if the zombie falls back to the A record if it encounters a null
MX record.

> So you are saying that they (zombies I assume) cannot send you spam
> because you do not have an MX record?

Yes.  Exactly.

I am saying that based on my un-intended experiment of changing my SMTP
server's IP and by not configuring an MX record for my domain (both as
part of a switch to a new ISP), I have discovered that (a) our spam has
dropped by 75-80 % and (b) we seem to be getting the normal flow of
legit e-mail.

I can only conclude that "zombie-spam" is handicapped in that

1) Most zombies do not perform MX lookups when sending spam (they are
given the IP of the destination server along with the destination
e-mail address), or

2) If zombies do perform MX lookups while sending spam, they do not
fall-back to the A record like legit servers do.

Either (1) or (2) above MUST be happening by the majority of zombie
spam-software based on what I am seeing now.

If (1) is happening, then the IP being given to the zombies is clearly
dated information, and there is no telling how often it is updated, and
it may depend on who specifically is generating the spam lists.

If (2) is happening, then time will tell if zombie spam-software (ie
the SMTP engine that performs the actual send) becomes advanced enough
to perform the A-record lookup when there is no MX record.

> I thought you said that you were able to get email
> without an MX record?

Yes - from legit servers (and "a few" spam zombies too).

> They could also get your IP from the A record on your domain

Who?  The zombie performing a spam run?  Yes, they could, but as I said
above, they don't seem to be doing that because of the immediate
reduction in the volume of spam I've been getting since nuking my MX
record.

> or by running a port scan.

No.  I'm sorry, but there's no way my server is going to receive spam
targeted to my local users just because some port-scanning software has
identified my server's IP address.

In order for my server to accept e-mail, it must be addressed to an
active account at my domain.  Just testing an IP address does not tell
the port-scanner the account-names of any users on that machine.

A port scanner can identify an SMTP server.  It can't figure out any
legit e-mail addresses that are being handled by that server, and if
that server has been configured to not act as a relay, then the port
scanner hasn't found anything of value.

> How would you know if a customer cannot send you an email message?

They will either call us, or send us a fax, or e-mail us from their
corporate or institutional account instead of their throw-away
hotmail/yahoo/gmail or residential account.

That usually happens when the domain or IP of their SMTP server has
been added to our server's local blocking list.

> If they cannot send you an email, they may decide to do business
> elsewhere.

These are people that are making decisions on the order of $5,000 to
$50,000.  They will find a way to contact us.  They always do.  There
are very few alternatives (world-wide) to what we do.