Nolisting is the name given to a technique to defend electronic mail domain names against e-mail spam.[1][2]

Each domain name on the internet has a series of one or more MX records specifying mail servers responsible for accepting email messages on behalf of that domain, each with a preference. Nolisting is simply the adding of an MX record pointing to a non-existent server as the "primary" (i.e. that with the lowest weighted value) - which means that an initial mail contact will always fail. Many spam sources don't retry on failure, so the spammer will move on to the next victim - while legitimate email servers should retry the next higher numbered MX, and normal email will be delivered with only a small delay.

Implementation

A simple example of MX records that demonstrate the technique:

MX 10 dummy.example.com.
MX 20 real-primary-mail-server.example.com.

This defeats spam programs that only connect to the highest priority (lowest numbered) MX and do not follow the standard error-handling of retrying the next priority MX.

Drawbacks

Similar techniques

There are alternate techniques that suggest "sandwiching" the valid MX records between non-responsive ones.[3] Some variants also suggest configuring the highest-numbered hosts to always return 4xx errors (i.e. "retry later").[3]

A simple example of MX records that demonstrate the technique:


MX 10 dummy1.example.com.
MX 20 real-primary-mail-server.example.com.
MX 30 dummy2.example.com.


Greylisting also relies on the fact that spammers often use custom software which will not persevere to deliver a message in the correct RFC-compliant way.[2]

See also

References

  1. ^ "Does 'nolisting' help stop spam?", Feb 2007, M Edwards, Windows IT Pro
  2. ^ a b "Nolisting: Poor Man's Greylisting"
  3. ^ a b c "Other tricks", Apache SpamAssassin