Helping people with computers... one answer at a time.

As a result of techniques used by spammers you may get bounces for email you never sent. There's little you can do.

Lately I have been receiving returned emails that were originally sent by a randomly generated email address in my domain. These accounts don't exist, but when the mail is returned we get the returned email. How can I stop this?

The painfully short answer is that you probably can't. Though there are some ideas to at least make it a little less painful.

For what it's worth, you're not alone. You are so not alone.

What's happening is a variation of what's called a "dictionary attack" though in this case attack is perhaps the wrong term. Spammers will often search the domain name registry for domains that they can then assume are real. Once they have the domains, they send their spam to randomly selected common names or just randomly manufactured email addresses on that domain. Hundreds of them. Thousands of them. AND they use them as fake return addresses as well which is what you're seeing.

It's very similar to the situation created by certain types of viruses I discussed in my previous article: Someone's sending from my email address! How do I stop them?!.

Most of the randomly generated email addresses miss - they're not valid accounts and as a result they get bounced back to the "From" address. In your case the from address is also a random and invalid address on your domain and your mailer is presumably letting you know about it.

What to do?

Well, as the owner of several email domains I used to like being able to have what's called a "catch all" address - meaning that mail sent to any address on my domain would get to me. It was a great way to see who's using mail email addresses for what purpose by just using some bogus address on my domain and seeing what email got sent to it.

Unfortunately that also meant that any email address on my domain was valid and would get to me.

I don't do that any more. Dictionary attacks like I've just described result in a flood of email to all sorts of random addresses on my domains. I now only look at the addresses I actually define.

So sadly, don't use catch-all addresses.

Unfortunately some email addresses should be looked at. Not only my own, but addresses like "webmaster" are standard ways for some forms of notification. I do know that many domain owners no longer look at these either due to the volume of spam. I happen to have a reasonable spam filter which catches about 90% of the spam.

Invest in a good spam filter.

Finally, and probably most relevant to your situation, if a bounced email message gets sent to an invalid address (because the original "came from" an invalid address it sounds like your email system is notifying you, or forwarding those invalid bounces to a known good address. If you can, I'd turn that off and let those bounces to invalid addresses just disappear.

Article C1983 - June 4, 2004 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
alta hubbard
March 11, 2006 2:44 PM

I really like your answer's they have helped me lots of time

NITISH
November 24, 2010 9:31 AM

Please exept my email id

Sorry, I have no idea what you mean.
Leo
25-Nov-2010

Fred Christman
October 9, 2012 9:37 AM

mydomain.com is now used only for a bit of email, and I do get some returned rejected mail, as today MAILER-DAEMON@host.gotcheaphositing.com could not deliver to and returned to . I do have a catchall. But two questions...: Is this in any way using my domain? and is it likely that such emails are causing comcast and verison to frequently reject my personal emails claiming spam? Thanks.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.