Help, I’m under attack by spammers

A while ago, I noted that spammers seemed to have a new trick; since some of them were unconcerned about getting replies to their spam email, just about advertising their product, they’d fake the mail so that it came from an address somewhere else, and that person would get all the bounce messages from dud email addresses and anti-spam complaints from postmasters. This happened to me; because anything at all @kryogenix.org goes to me, with a couple of exceptions, someone spammed from “black” and “mack” at my domain and I got 1100 bounces in under an hour. So, I just blackholed those named addresses, so that my MTA didn’t accept mail for them — add the line “black: :blackhole:” in /etc/aliases, if you’re using Exim as I am on my mailserver.

Now, though, the spammers have come up with an even cleverer trick. The email address seems to be part randomly generated with each mail, so I’m getting bounces returned to “mackqd” and “mackfr” at kryogenix. I can’t blackhole all potential addresses. What I’m looking for here is advice on how to deal with this problem.

Caveat: I do not want to have to specify every potential email address at kryogenix that can receive mail and deny all others, if I can avoid it. However, I don’t mind if I allow certain named addresses plus sil-ANYTHING — I like signing up for a service at FooBar.com with the address sil-foobar so I can tell who has been selling their subscription list to spammers.

While I have been writing this, another 30 mails have come in. Help? Please?

I'm currently available for hire, to help you plan, architect, and build new systems, and for technical writing and articles. You can take a look at some projects I've worked on and some of my writing. If you'd like to talk about your upcoming project, do get in touch.

More in the discussion (powered by webmentions)

  • (no mentions, yet.)