MX Backup service [closed]

domain-name-system email mx-record

What suppliers can you recommend, that provide an MX backup service?


it used to be the case that having a backup MX was a Good Thing. the internet was unreliable, email was unreliable, smtp was not so common, bang-path addressing and other forms of manually-specified mail routing was common, and uucp was the mail protocol of choice.

That was a long, long time ago. It's not true today. sending MTAs will queue up undelivered mail and keep on trying to deliver it for several days (default is usually 4 or 5 days), so if your mail server is down or unreachable for a few days, your mail will eventually get delivered to you.

Today, except in very specialised circumstances, you do not need a backup MX and, in fact, it will cause you far more problems than you imagine that it might solve (in reality it solves almost no problems).

Unless your backup MX has a list of valid recipients for the domain(s) that it is supposed to receive mail for, it WILL instantly become a source of back-scatter (spam bounces to forged sender addresses). it will also be a potential route for spam to bypass some of your spam filters (because you necessarily trust your MX more than you trust random smtp servers on the net). Many spammers still target backup MX machines in preference to primary MXs for this reason (and also because secondary MXs often have weaker anti-spam filters).

NOTE: when i write "spam", i mean spam AND viruses. from my POV, they're the same thing and are generally sent by the same scumbags anyway (most viruses are spambots of one kind or another).

1st Rule of thumb: unless you know exactly why you need a backup MX and exactly what problems it may cause and exactly how you're going to prevent them, then DO NOT HAVE A BACKUP MX.

2nd Rule of thumb: unless you have complete control over the backup MX and can ensure that it has an up-to-date list of valid recipients, and roughly equivalent spam-filters as your primary MX, DO NOT HAVE A BACKUP MX.

3rd Rule of Thumb: see Rules 1 & 2. If in doubt, DO NOT HAVE A BACKUP MX.

starting to see the pattern?

BTW, you can take advantage of spammers targetting secondary MXs. e.g. i block a lot of spam by running a bogus least-priority MX that responds with 450 tempfail to every delivery attempt. many spambots target that and don't even try the primary MX, so the load on my real mail servers is greatly reduced. Legitimate senders never try it because my mail servers are always on (and if by some chance they aren't, the sender gets a 450 temporary failure code and tries again later)

Related

Iptables massive 1:1 NAT
Suggestions for using Active Directory credentials (user name/password) with Google Apps?
SYN Flood Advice
Is it possible to make redundancy on HAProxy server?
How can I set the disk partition alignment using linux tools?
New Sys Admin job...Where do I begin?
Active Directory in a DMZ
How to set up two default routes in linux
Alternative to mod_throttle
CentOS 5 - realtime patch
Windows 10: Group Policy fails to apply directly after boot, succeeds later
Why is site serving different SSL certs to different browsers? [closed]