For the last couple weeks, my domain has been getting flooded with MAILER-DAEMON bouncebacks. Apparently someone is spamming, and using addresses on my domain as the “From” address. I’m getting everything from “failure notice” to “user over quota” and even “out of office notice.” The addresses used are nonsense addresses on my domain. I use my domain as a catchall, you see. This allows me to set up addresses like mark.foo@example.com
, so that if foo.com
sells me out to spammers, I can just blacklist that address.
I’m using a whitelisting system (BoxTrapper) to add new addresses. So, when signing up at foo.com
, I’d whitelist the mark.foo@example.com
address, and mail to that address would get through. Anything else is probably spam, and has to make it through one of those annoying “prove you’re a human” things. Real humans should never see it unless they’re guessing my e-mail address. Any of the addresses I give to real human beings will be pre-whitelisted.
Still, it appears that BoxTrapper ignores the whitelist/blacklist settings for mail from “MAILER-DAEMON” or “Mail Delivery System,” so all of this crap from spam that other people sent is going into my inbox.
I turned SpamAssassin on and set it to delete the e-mails it catches instead of just marking the subject, and that’s stopped a lot. And I’ve been dutifully marking the messages as spam in Gmail, which is learning pretty well. But still, about a dozen a day are making it to my inbox. Every time my phone vibrates with a new e-mail my girlfriend shoots me the “you’re going to ignore me and pay attention to that stupid thing” look of death (which I can’t say I don’t deserve). So now I’m getting that look more frequently, because of this bounced spam.
I don’t think this is a Joe Job. It’s probably just that I have a 4-letter TLD and it was chosen randomly. So, e-mail spam backscatter. Does anyone have any suggestions for me?