Summary: As a result of techniques used by spammers you may get bounces for email you never sent. There's little you can do.
Lately I have been receiving returned emails that were originally sent by a randomly generated email address in my domain. These accounts don't exist, but when the mail is returned we get the returned email. How can I stop this?
The painfully short answer is that you probably can't. Though there are some ideas to at least make it a little less painful.
For what it's worth, you're not alone. You are so not alone.
•
What's happening is a variation of what's called a "dictionary attack" though in this case attack is perhaps the wrong term. Spammers will often search the domain name registry for domains that they can then assume are real. Once they have the domains, they send their spam to randomly selected common names or just randomly manufactured email addresses on that domain. Hundreds of them. Thousands of them. AND they use them as fake return addresses as well which is what you're seeing.
It's very similar to the situation created by certain types of viruses I discussed in my previous article: Someone's sending from my email address! How do I stop them?!.
Most of the randomly generated email addresses miss - they're not valid accounts and as a result they get bounced back to the "From" address. In your case the from address is also a random and invalid address on your domain and your mailer is presumably letting you know about it.
What to do?
Well, as the owner of several email domains I used to like being able to have what's called a "catch all" address - meaning that mail sent to any address on my domain would get to me. It was a great way to see who's using mail email addresses for what purpose by just using some bogus address on my domain and seeing what email got sent to it.
Unfortunately that also meant that any email address on my domain was valid and would get to me.
I don't do that any more. Dictionary attacks like I've just described result in a flood of email to all sorts of random addresses on my domains. I now only look at the addresses I actually define.
So sadly, don't use catch-all addresses.
Unfortunately some email addresses should be looked at. Not only my own, but addresses like "webmaster" are standard ways for some forms of notification. I do know that many domain owners no longer look at these either due to the volume of spam. I happen to have a reasonable spam filter which catches about 90% of the spam.
Invest in a good spam filter.
Finally, and probably most relevant to your situation, if a bounced email message gets sent to an invalid address (because the original "came from" an invalid address it sounds like your email system is notifying you, or forwarding those invalid bounces to a known good address. If you can, I'd turn that off and let those bounces to invalid addresses just disappear.
Related:
- Ask Leo! - Someone's sending from my email address! How do I stop them?!
- Ask Leo! - How do I get rid of all this spam?!?!
- The Spam Primer
Article C1983 - June 4, 2004
I really like your answer's they have helped me lots of time
Posted by: alta hubbard at March 11, 2006 2:44 PM