From: Glen Eustace [mailto:email@example.com]
Sent: Tuesday, 15 January 2008 10:43 a.m.
Subject: [nznog] Using nolisting to reduce spam
Yesterday, I came across the concept of 'nolisting' as a technique for
reducing the volume of inbound spam. It wasn't something I had
previously come across so have done some reading on the topic.
as a starting point.
For such a simple technique, I was surprised by its impact.
Simply speaking, the idea is to use a primary MX that doesn't listen
port 25 but simply rejects the connection. Well
behaved MTAs will all
try the secondary MX(es) and delivery will occur. Many spambots only
try the primary so there is an immediately benefit, less inbound to
check in other ways and a consequential increase in the available
resources on the mail server(s).
I set it up on one domain and behavior seems to be exactly as
described. My reading suggests that there is no negative impact on
legitimate mail and no noticeable additional latency in delivery as
switch from the primary to secondary on a reject is
I was wondering whether anyone else has had any experience with this
technique and if so whether the claim that it has no negative impact
true. Also, if people haven't heard of it, it may
be something people
might want to look at as another weapon in the anti-spam war.
Nolisting sounds like a bad idea, at least for many of the sites I
manage. One big problem that springs to mind is "increased IP traffic"
on not only public internet connections but private office ones too.
Doesn't sound too bad until you get a few thousand hosts bouncing off a
dead MX to discover the real(secondary) one. This is also true for bad
hosts, who will be retrying to send their spam over our connection. From
one MX to the other, the bandwidth all adds up.
The other thing that worries me is that this all relies on a "well
behaved MTA" for transporting all our clients email. Does that include
Microsoft Exchange? We use multiple exchange servers, which in turn use
our Qmail server. Do you think everything will play nice in this
environment? (or are we going to expect a hefty log file full of
I reckon nolisting might be a good idea for small business, but not
large business, which already ought to have state-of-the-art
antispam/antivirus software installed with some kind of RBL technology.
And, if it's anything like Spamassassin and ClamAV, should be working
really well. Nolisting also sounds like it could be a very temporary
thing before it is undermined by the demon-beast Spam, as their config
has to change little to spam second or tertiary mx's first.