For the past few years I’ve used the @livedigitally domain as my primary email. One method of attempting to curb some spam was by using the site name as the target email address, so I have things like flickr@, sonos@, evite@, etc. Lots of people do this as a simple way of (1) auto-sorting incoming emails, and more importantly (2) tracking who is selling our information to mailing lists. It works well for both needs. I’ve done this so much that I can’t even track the number of emails like these I use…
Unfortunately, some type of spam/zombie system occasionally uses the livedigitally domain to send out thousands of spams to people. The emails cover the typical range of mortgate rates, university diplomas, increasing the size of a body part (or two), or my personal favorite, helping men get over the painful humiliation of not pleasing her good (bad grammar is de rigeur here). The spams come from literally hundreds of different phony addresses such as LizasalonStovall@, DarcypitchstoneCaron@, and others like that.
When the emails go out, lots of people get harassed, and I get a smaller amount of bouncebacks, typically 1500-2500 at a time. I’ve done a bit of Googling on it, can’t find much of an answer as a method to prevent it from happening. So what I want to do is at least stop getting all the bouncebacks. The problem is, I can’t figure out any way to do that, other than turning off the catchall email address I use. Which brings me back to the opening issue, as it requires my use of the catchall account.
Anyone have any recommendations here? I’m open to all sorts of things, including hunting down spammers and hurting them. A lot. But I doubt that’ll happen, so anything a bit more realistic for my pacifist self would be nice.
Turn off the catch-all address, and create an alias for every email address you do want. E.g., flickr => jt, sonos => jt, etc. Of course, if there are important ones you can’t remember, then this won’t work.
I’ve had the same problem with my domains. I’ll sometimes get over 1000 bounce-back emails to may inbox in a single day after my domain was used for spam
I don’t know of any way of preventing that from happening, but what we can do as marketers is do our best to engage customers in other online channels – like through RSS feeds and SMS.
I’ve had the same problem, been using the same practice for years – the problem now is I’m looking for a tool that can scan my Outlook’s PST file (or mbox file – I can supply whichever) and extract out all the “TO” and “CC” email addresses – from this list I can tell what I need and create aliases for them, then turn off the catch-all function.
Unfortunately my search has been thus far fruitless.
Kenny – I found a “manual hack & slash” solution. I set up a subfolder called “not jeremy”, then set up a rule pushing every email that doesn’t have my primary email address in either the To or CC fields into it. Now, per Gabe’s suggestion, I am tracking all the ones in there that are “real” and creating aliases. I figure after a month I should have the ones I ‘care’ about…
I set up some custom rules in my SpamAssassin configuration.
Never had a fake bounce come through ever since 🙂
Hey Jeremy – even though I’ve designed and run mail systems with more spam blocking bells and whistles than you can shake a stick at, and I’ve even run a mail server at home, I’m now at the point (for my personal e-mail) where I don’t the time or inclination to do that any more.
My solution is to use a forwarding service called POBox which has an extensive spam filtering system. I then forward that to my Gmail account which also does a pretty good job filtering out any spam that POBox didn’t catch. Most days I get ZERO spam in my final Inbox (Thunderbird). Oh yes, I’d estimate that in the past 2 years, I’ve had less than 10 false positives (which I was either able to release from a temporary hold and/or whitelist).
The service is cheap ($20/yr I think), so well worth it. If you decide to sign up and try it out, I’d appreciate some referral love: https://www.pobox.com/mason/signup/step1.mhtml?referrer=35095211 😉
Another little tweak you can make would be to set an SPF record in DNS listing approved mail servers for your domain.
Any halfway decent anti-spam tool will support SPF and will use your SPF record to reject all traffic designated as coming from your domain, but not from an approved server.
Here are the docs:
This is the worst season of the year for spam (from the end of summer through the holidays).