And Then… Silence

As I mentioned previously, some dingleberry spammer decided it would be cool to use my domain to generate random addresses for the From address when sending crap to people from his botnet.  In addition to the “enlargement” products being hawked in the original spam run, I started seeing stuff for “pharma” and Rolexes.  There were two distinct ways of handling the addresses, as well.  The original run used ones of the form “First Last” <madeupcrap -at->.  The later runs (Rolexes, etc) used the same pattern but appeared to use a different domain for the From and instead used my domain for the Reply-To address.  I also observed that all spams that targeted a single domain appeared to use the same address on my domain.

Anyhow, I finally decided to throw in the towel and disable the catch-all on this domain.  Fortunately, it turned out that I didn’t have very many addresses on this domain that I needed to keep.  The majority of my contacts have been done using a different domain, so I was able to disable the catch-all and add the 20 or so emails that I wanted to keep.  Now, any email for a non-registered address will simply be rejected during the SMTP connection, so it won’t get a chance to bounce to me.

Should I have to turn off catch-alls for the other domain I now have a list of valid emails for that domain and a handy script that can read it in and produce correctly formatted forwarding entries.  The only pain will be having to enter the 500 or so addresses into the web control panel’s forwarding page.  I’m hoping I don’t have to do that, though, as I like the flexibility of creating a new address on the fly when needed.  That set of 500 addresses represents over 6 years of e-commerce, newsletters, mailing lists, newspaper registrations, etc.  It was very helpful in that you immediately know that the L.A. Times is the one that sold your address to the spammer, as it came in on that particular address.  It’s also funny when phishers send a PayPal account verification email to your old Gradfinder email address (at least before I canned it, since those bastards also sold my email to a bunch of spammers). 

At over 200 emails per day, I finally just had to do away with the catch-all.  From skimming all the crap that bounced to me, I was a bit surprised to see how many people still use “out of office” autoresponders.  Although on further thought, the original reason for discouraging their use has kind of faded, as spammers no longer seem to care where responses and bounces go and don’t use valid info anyway.  So now the innocent Joe Job victim gets to find out that Geoffroy from some company in France is “absent du 25/08/06 au 15/09/06.”

I also saw a few that required me to validate that I was a human and not a spambot.  Given that it was sent by a spambot, I guess it did its job.  But if I’d really sent a message to such a person, I would not complete a validation form.  I’d just write that person off as someone who doesn’t want email and find some other way to get in touch.

The final irony of the situation, though, is that I started receiving spam at the made-up addresses.  It would appear that somewhere out there someone is running some kind of collection scheme and adding the received addresses to a list of spam targets.

I felt kind of like I was in a giant email-based pinball machine.  long face

Comments are closed.