So my isp recently informed me that an email DOS attack on my domain was detected. They have "changed the MX record for your domain name to point to a device that is designed to mitigate such attacks. The MX record tells the global DNS system which server is in charge of handling e-mails for your domain name. In this case, all incoming e-mails will be routed to the anti-spam/DoS device, which will mitigate the attack and forward all legit e-mail back to your shared hosting server. This will allow you to receive all valid e-mails while the attack is ongoing."

Today when I asked if the attack was still going on they provided me with this information:

"We have checked the status of the Email DDoS attack and it seems that it is still ongoing. For the last 20 hours there are more than 12 000 MX requests."

# cat /var/log/named/queries.log | grep mydomain.com | grep MX | wc -l
12385

My question is why would my tiny ecommerce site be targeted for such an attack? Could this be a competitor? I did block the entire country of china last week. Could this even be an attempt of my isp to sell me their "spam killer" service?

Any advice appreciated.