> > > I'm the only person on web-options, and I'm not spamming > anyone. One > > of the black hats has picked up the domain name and is > using it - I've > > received spam from non-existant email addresses using my > domain name. > > Here's a tip... make sure your server is configured to NOT > send a bounce reply back when it receives mail for an invalid > address.
It's already set up that way. Anything incoming with an invalid To: address is just ignored. Anyone who has found a valid email address at this domain can send to that email address, of course. What happens is that I receive mail from spammers who've spoofed the From: address. Anyone who knows the domain name can do that and there's nothing the domain name owner can do about it - this is how phishing attacks try to fool people into thinking their bank is emailing them. What some spammers seem to have done is found a valid email address one way or another and started sending spam to that address from an invalid but plausible address with the same domain name. For example, from ad...@*.com. They hope that the recipient is an office drone who will unthinkingly open the email in the belief that it's from their company email management team. It's just another kind of phishing attack. It's not a problem for me, except that Ann's provider is too dumb to recognise that the From: address is not related to the actual sending domain so they've blocked the domain on the From: address. They should be doing a reverse DNS lookup and blocking emails where there's a mismatch. Bob -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
