RE: [Exim] A pattern of collateral spam

Jez Hancock Said...

> I'm also having a fine time with just a single domain which I
> no longer use much but still accept mail for a few local
> users on the domain. It appears the domain has been used on
> a large scale in forged From: headers and I'm now seeing a
> massive number of bounces from systems who don't try too hard
> to check how reliable the mail they accept is - a dozen or so
> bounces a minute.

I had the same thing happen to a domain that I had which basically made the
domain useless. There really weren't any users using it at the time but I
knew I was in for some problems when one morning I got a couple thousand
bounced messages coming back from messages the spammer had sent using forged
headers using that domain in them. The bounces were the prelude to what
ended up to be a bombardment.

To make matters worse.. The spam was for ... Anti-Spamming software. There
is no quicker way to piss someone off than to spam them with an ad for
anti-spamming software.. I started actually getting phone calls from
people pissed off about the spam all of whom had no idea what Received
headers were or a clue where mail really comes from.

Since the domain really only had some web stuff attached to it, I made the
decision to turn off all mail support for it and removed the MX record as
well. On the main web page I posted a notice about the spam and directed
vistors to a page that basically explained the story and stated there were
no valid mail services for the domain. That was about June of last year.
About 10 days before Christmas, I was approached by a company that was
interested in the domain for an email campaign... :-) SOLD! Never heard
back if they had any problems using the domain... Was a good Xmas though.