Steve wrote: > I've recently had my domain targeted by a variety of offensive spammers > pushing legally dubious stuff who have chosen my domain as the sent-from > and/or reply to address in forged email. > > My simple question (which I admit is a bit spamassassin off-topic) is > "what can I do about it?"
There isn't much you can do, but one thing you can do is publish a SPF record for your domain in your DNS records. While this doesn't do much to stop spam, it does at least make it possible for site receiving this spam to verify that it is a forgery. This really is a small step, and won't solve your problems (SPF is not a cure-all for spam), but does change a few things to make your life easier. 1) Fewer complaints: Those sites which actually do check and verify SPF records will know not to complain to you about it. 2) Fewer sources of bounces: Many sites using SPF milters will reject this message prior to being queued so you'll get fewer sources of bounces. You'll likely still get just as many bounces, but more of them will come from the abused relay, and fewer will come from other servers, making it easier for you to deal with them (by blocking the abused relay with a 550). 3) Reduced incentive to repeat the joe-job: SPF will also make it less useful for the spammer to continue to joe-job you. Those messages will be detected as forgeries by sites that do check SPF records, meaning the spams won't be reaching all of their "target audience".
