MXCheck

Greetings,

If you are here because some of our IPs showed up in your mailserver logs, the following text aims to address your questions and concerns.

We can assure you of the following:

We did not attempt to deliver spam to your server. Our software does not (and in fact can not) send any emails whatsoever.
We are not checking for security holes or otherwise attempting to gain elevated access to your resources.

I. Our process.

We are running an email validity checking process for research purposes.

This consists of connecting to the remote SMTP server and asking it (RCPT TO) if one or several recipients are considered an acceptable destination.

The queried recipients will be one of the following:

The postmaster@ address (see https://en.wikipedia.org/wiki/Postmaster_(computing))
A string we use to ascertain the catch-all status.
Opt-in customer lists of medium-large companies which are using our service to prune their contact lists (not spammers).

The interaction with the remote server is meant to be minimal, we simply:

📞 Connect to the public SMTP port.
🤝 Exchange standard handshake messages.
📦 Send the RCPT TO commands (containing recipients).
🔌 Disconnect.

In case of a failure, we may retry the process from different IPs.

We do not send any email.

II. What do your logs show?

The above description of the use case will be corroborated by the logs, where it will show that our machine[s]:

Connected to the SMTP port.
Exchanged the standard protocol messages mentioned above.
Disconnected.

There is nothing in our activity that could, upon an exhaustive technical analysis, be mistaken for:

An attempt to send email.
Our software is not programmed to send the full set of SMTP commands required for the sending of emails.
You can verify this right now if you’re looking at the logs: our client always disconnects after the RCPT TO commands, and did not attempt to proceed with filling in an email subject or the body.
A brute force password-guessing attack.
We do not attempt to authenticate with a username/password combination.
An attempt to hack the remote system.
We do not perform any commands that aren’t part of the SMTP standard (including any specially-crafted payloads which could be used to exploit a known or unknown vulnerability).

III. Summing up.

For the above reasons, we consider that our activity does not represent abuse.

We have performed hundreds of millions of checks thus far, without triggering a single abuse report indicating specific damaging or malicious behavior in our activity.
We strive to adhere to all protocol regulations and best practices in our data collection activities.

We trust this is sufficient to address your concerns.

IV. Possible actions on our part.

On request, we can exclude your systems from any future project.

Please just let us know what @domain(s) or IP(s) you want exempted by writing to our abuse@ email address, or use the contact form below.

Links / References:

Contact form

We usually process requests within 24 hours.

If you fill in your email, we will send you an acknowledgement when the request has been processed.

Name / Company (Optional)Your Email (Optional)Message

0 / 5000