Identifying domains that don’t accept or send email

A couple folks have asked me recently about MX records that they don’t understand. These records consist of a single . or they contain localhost or they are 127.0.0.1.

In all cases, the domain owners use these records to signal that the domains don’t accept email. What do these records look like?

screenshot of a terminal session that says: laura@pazu:~$ host yahooo.com yahooo.com has address 98.136.103.23 yahooo.com has address 212.82.100.150 yahooo.com has address 74.6.136.150 yahooo.com mail is handled by 0 .

Why do domains do this? In all cases it’s because the domain owners want to signal they don’t accept email. But there are a number of different reasons to do this.

In the yahooo.com example, this is a domain actually owned by Yahoo. The website redirects to the primary yahoo.com site. But, it’s not a domain that accepts mail. They notify us of this by using a dot mx.

Screenshot of a terminal session that says: laura@pazu:~$ host collectors.org collectors.org has address 91.195.240.126 collectors.org mail is handled by 0 localhost.

In the collectors.org example, they list the MX as localhost. This is a convention I’ve seen from a lot of for-sale domains. (As an aside, some of the for sale domains do accept email. The ones I’ve identified use a handful of common MXs that I suspect belong to the companies that sell access to spamtraps.)

I’ve also seen some domains use 127.0.0.1 as a MX record. Again, this is signalling that they really, really don’t want to accept email.

There’s also a way to signal a domain doesn’t send mail. This is accomplished by using a SPF -all record.

Screenshot of a terminal session that says: laura@pazu:~$ host -t txt collectors.org collectors.org descriptive text "v=spf1 -all"

There you go. Multiple ways to signal a domain doesn’t accept email and one way to signal the domain never sends email.

Related Posts

5 Simple Tricks to Reach the Inbox

I saw a post over on LinkedIn today. It was from an ESP, talking about their simple tips and tricks for getting into the inbox. The laughable bit was half the “tricks” had nothing to do with getting to the inbox, but rather were about enticing people to open the mail once it’s gotten to the inbox.
There are no “tricks” to getting to the inbox. There used to be some tricks. But the ISPs figured them out and protect against them.

Read More

Mike might be spamming, but why?

I’ve been talking a lot about ongoing B2B spam. That is, where senders drop your address into some sort of automation, that sends mail from gmail or amazon and just spams and spams and spams. This is what my mailbox looked like this morning

Yes, every one of those emails is sent to the same address. “you are still using the address laura-info@…” Well, no, actually. That was the original address I used as part of our contact on the first iteration of the WttW website. I stopped using that address somewhere around 2002? 3? It’s been a very long time in any case.
Folks, B2B spam is still spam. It doesn’t matter if you register a new domain and use Gmail as your outbounds as a way to avoid filters.
It doesn’t matter…

Read More

Organizational security and doxxing

The security risks of organizational doxxing. 
These are risks every email marketer needs to understand. As collectors of data they are a major target for hackers and other bad people. Even worse, many marketers don’t collect valid data and risk implicating the wrong people if their data is ever stolen. I have repeatedly talked about incidents where people get mail not intended for them. I’ve talked about this before, in a number of posts talking about misdirected email. Consumerist, as well, has documented many incidents of companies mailing the wrong person with PII. Many of these stories end with the company not allowing the recipient to remove the address on the account because the user can’t prove they own the account.
I generally focus on the benefits to the company to verify addresses. There are definite deliverability advantages to making sure email address belongs to the account owner. But there’s also the PR benefits of not revealing PII attached to the wrong email address. With Ashley Madison nearly every article mentioned that the email address was never confirmed. But how many other companies don’t verify email addresses and risk losing personally damaging data belonging to non customers.
Data verification is so important. So very, very important. We’ve gone beyond the point where any big sender should just believe that the addresses users give them are accurate. They need to do it for their own business reasons and they need to do it to prevent incorrect PII from being leaked and shared.

Read More