Hi - I've started getting large numbers of bounce messages sent to random-looking addreses at my domain (e.g. aadjforkj@daviddlewis.com). A spammer is apparently including randomly generated addresses with my domain name in forged headers of messages they're sending out.

Since I have the catchall address turned on, I'm getting all these bounces. Presumedly I'll eventually also get complaints from annoyed recipients of the spam.

About all I can think of doing is to turn off the catchall address or, perhaps better, make it a black hole with an autoreply that explains I'm not a spammer. I hate to do this, because I've given out several hundred addresses with my domain, and have been relying on catchall to catch them. (I've been giving every web site and company I deal with a different address for me, so I can turn it off if they sell it to spammers.)

I'd be very interested in suggestions on how to handle this.

Thanks, Dave

I don't have an answer. I'm starting to turn off catch-all on some accounts too. They are getting hit with tons of spam to guessed user names, <edit>both bounces and directly sent mail. It is too much to review even every few days.</edit>

For what it's worth...

We track all spam email sent to the Service Desk, as noted in this post (http://www.aota.net/forums/showthread.php?postid=110948#post110948) , and we have seen the daily number jump from an average of 350 to 450 since April 1, 2004, with a high of 536.

Rough calculations show a 25% increase and today we are on pace to collect 600, based on an hourly average, which would be yet an additional 25%+ increase...

What has stood out to me since we started tracking spam in this method has been a roughly 20 - 25% increase in spam every few months. These increases seem to occur overnight not on a daily incremental basis %)

-Bob

- FWIW, and I am not sure what it is worth :P -

Ironically, some of the real accounts here are getting more spam these days than the catch-all, which I use the same way Dave does. Between SA tagging and Thunderbird's junk filter it's still tolerable -- I haven't even bothered to set up EFM on the catch-all yet. Guess I ought to.

Come to think of it... Probably 90% of the spam on that account is coming through the address in my Whois record. So it's not really a catch-all problem at all. I think it's time to start blackholing the spam on that account.

Randall

I'm worried about the quantity of these bounce messages that I'm getting, and not just from the perspective of having to sort through them; what if my domain ends up on a blacklist because a spammer is forging a fake return address at idolhands.com?