Author: Florian Weimer Date: To: Alan J. Flavell CC: Exim users list Subject: Re: [Exim] Re: Big increase in bounces addressed to non-existent
addresses
"Alan J. Flavell" <a.flavell@???> writes:
> The overwhelming pattern of these addresses was a plausible name -
> sometimes with underscores - followed by a two-letter suffix, such as
> clarencehastingsqi or sheridan_vo or rgainesgk or jordanpowerskc
You are not alone, deneb.enyo.de receives such bounces, too, but
fortunately at a much smaller scale. Back when I had an active
catch-all address, I could see that they were real bounces, not
callout checks.
Maybe a spammer used this because such callout checks would always
succeed (because of the catchall address and a hidden primary MX), I
don't know. The volume is far too low for a real attack directed at
my mail service, and such an attack typically uses mailboxes which are
actually in use, to maximize damage.