Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I keep getting bounce emails for addresses on my domain that don't exist. How can I stop this?

Question: Lately I have been receiving returned emails that were originally sent by a randomly generated email address in my domain. These accounts don’t exist, but when the mail is returned we get the returned email. How can I stop this?

The painfully short answer is that you probably can’t. Though there are some ideas to at least make it a little less painful.

For what it’s worth, you’re not alone. You are so not alone.

Become a Patron of Ask Leo! and go ad-free!

What’s happening is a variation of what’s called a “dictionary attack” though in this case attack is perhaps the wrong term. Spammers will often search the domain name registry for domains that they can then assume are real. Once they have the domains, they send their spam to randomly selected common names or just randomly manufactured email addresses on that domain. Hundreds of them. Thousands of them. AND they use them as fake return addresses as well which is what you’re seeing.

It’s very similar to the situation created by certain types of viruses I discussed in my previous article: Someone’s sending from my email address! How do I stop them?!.

Most of the randomly generated email addresses miss – they’re not valid accounts and as a result they get bounced back to the “From” address. In your case the from address is also a random and invalid address on your domain and your mailer is presumably letting you know about it.

What to do?

Well, as the owner of several email domains I used to like being able to have what’s called a “catch all” address – meaning that mail sent to any address on my domain would get to me. It was a great way to see who’s using mail email addresses for what purpose by just using some bogus address on my domain and seeing what email got sent to it.

Unfortunately that also meant that any email address on my domain was valid and would get to me.

I don’t do that any more. Dictionary attacks like I’ve just described result in a flood of email to all sorts of random addresses on my domains. I now only look at the addresses I actually define.

So sadly, don’t use catch-all addresses.

Unfortunately some email addresses should be looked at. Not only my own, but addresses like “webmaster” are standard ways for some forms of notification. I do know that many domain owners no longer look at these either due to the volume of spam. I happen to have a reasonable spam filter which catches about 90% of the spam.

Invest in a good spam filter.

Finally, and probably most relevant to your situation, if a bounced email message gets sent to an invalid address (because the original “came from” an invalid address it sounds like your email system is notifying you, or forwarding those invalid bounces to a known good address. If you can, I’d turn that off and let those bounces to invalid addresses just disappear.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “I keep getting bounce emails for addresses on my domain that don't exist. How can I stop this?”

  1. mydomain.com is now used only for a bit of email, and I do get some returned rejected mail, as today MAILER-DAEMON@host.gotcheaphositing.com could not deliver to and returned to . I do have a catchall. But two questions…: Is this in any way using my domain? and is it likely that such emails are causing comcast and verison to frequently reject my personal emails claiming spam? Thanks.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.