Since I purchased this domain, I have accepted mail to every possible address – anything@geofffox.com. Over time there has been more and more spam. Mostly it came to my established address.
Recently, there has been an onslaught of spam, most of it bounces from other domains. Some spamming software has decided to take random letters and attach them to my domain as the return address. So, I get emails addressed to things like adgjkfrm@geofffox.com.
Mostly they’re variations of, “You sent email here, but there’s no one here with that address,” or “Thanks for the email, but I’m on vacation,” or “This is Fred’s anti-spam software. Please verify you’re a real person and not spam!”
One day this week I had nearly 50 emails make it past my spam filtering and none of them were real emails for me – not one!
I have just adjusted the way this website works. Now, only emails addressed to me specifically will get to me.
I feel like I’m giving in to these dastardly attacks. I didn’t want to do that. I had no choice.
If we don’t come up with a solution for spam soon it will kill email. It really will.
I had to do the same thing with my catchall address. I had 3 domains and was accepting mail for everything@each. In the beginning it was a great idea – I could simply make an email address unique to certain websites that I’d have to make an account on.. for example.. slashdot@mydomain for my slashdot account.. microsoft@mydomain for my MS account.. this way if some unsavory website sold my name up the river, I’d at least know who it was. not that I’d have any real recourse, but at least I could warn people I know.
I still do this, but now it requires the extra step of editing my postfix aliases file and creating the new alias.
I experienced something similar with my sister’s email domain. She’d been doing the catchall thing for a couple of years when all of a sudden someone started a dictionary attack on her addresses using a huge dictionary of common names with random small numbers. Thankfully she was only using a couple dozen names and it was easy to remove the catchall and make the rest valid.
Just finished up cleaning up from that mess (a couple thousand emails) and some idjit spammer starts using the random addresses at her domain on the spam they were sending out. My server was dropping 1,000 to 3,000 messages a day for a week to random addresses at her domain. I’m glad we got rid of the catchall earlier, it would have killed her little ISP if they’d all be forwarded.
To clarify for those non-techies reading this. The Internet was set up with no thought that sites might not be trustworthy. It was originally researchers, mainly from colleges and universities. You are who you say you are. In some cases, that’s good. I can send my geofffox.com mail using my server or Gmail’s or Comcast’s – whichever is more convenient. But, it also means anyone else can say they’re abcvdfsd@geofffox.com – which they do to try and evade spam filters. It’s insidious.