On Mon, May 16, 2005 at 04:07:05PM -0400, Matthew Miller wrote: > This just amounts to "don't use an ummaintained machine with no anti-spam > tools for your backup MX". I don't see why that in any way invalidates the > whole idea. (In fact, for the reasons you describe, one might want to have > *stricter* spam checking rules on the backup MX.) The backup MX will become a back-scatter generator unless it has a valid list of recipients @your.domain (which it usually won't have if it's not under your control). Most spam these days has fake sender addresses sent directly to your server from zombie SMTP clients. If an SMTP server knows all valid addresses, it can reject unknown during the SMTP session, and the zombie quietly does nothing. If on the other hand the zombie is talking to a backup MX, that server just accepts all emails for the domain, including all the old addresses of people who left your organisation five years ago. The backup MX then passes all this crap onto the main MX, which then rejects it with 'user not found', and the backup MX has no option but to send a bounce message to the purported sender (which of course is fake). So Joe Random then gets lots of spurious bounce messages for messages they never sent. -- SCO - a train crash in slow motion