If I understand your question correctly, the industry seems to be going this way...
Postfix has this beautiful rule. ------------------ reject_unverified_recipient Reject the request when mail to the RCPT TO address is known to bounce, or when the recipient address destination is not reachable. Address verification information is managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details. The unverified_recipient_reject_code parameter specifies the response when an address is known to bounce (default: 450, change into 550 when you are confident that it is safe to do so). Postfix replies with 450 when an address probe failed due to a temporary problem. This feature is available in Postfix 2.1 and later. ------------------ The nice thing about rejecting unverified recipients is that you will cut a substantial amount of traffic on your email servers instantly, 75% to 90% would not be an unreasonable reduction in unwanted traffic. If you have servers downstream of your Postfix, they must support recipient verification as well. For instance, Exchange 2000 does not, but Exchange 2003 does. Where do all those bad email addresses come from? I have heard a couple theories. One is that spammers are sending spam to your domain, when it bounces it gets sent to the correct recipient by your email server (if your server does not do recipient validation as described above). Another theory is that these are email address harvest attacks. And, another theory is that spammers just don't care, the make email addresses up and sell them to other spammers. Regardless, rejecting unverified recipients will most likely be a new standard going forward, especially since Microsoft added the feature to Exchange 2003 which makes it a default standard for office email systems. > -----Original Message----- > From: Steve [mailto:[EMAIL PROTECTED] > Sent: Saturday, September 24, 2005 7:36 PM > To: users@spamassassin.apache.org > Subject: Joe-jobbed...What are my options? > > > I've recently had my domain targeted by a variety of offensive spammers > pushing legally dubious stuff who have chosen my domain as the sent-from > and/or reply to address in forged email. > > My simple question (which I admit is a bit spamassassin off-topic) is > "what can I do about it?" > > Sorry if this is really simple... any advice would be useful. > > Thanks, > > Steve > >
