Proper Ways to Dispose of Spam? 119
An anonymous reader asks: "My domain name is being stolen by spammers; they forge outgoing mail using my poor innocent domain name. First, I'd like to plead with mail server administrators out there: please REJECT spam and undeliverable mail. If you reject instead of bouncing then legitimate mail senders will still know there is a problem. Second, do you have any tips for dealing with a flood of spam bounces? Exim is pitching the bounces pretty quickly, but my server is still getting overwhelmed."
In the case of stolen sender addresses, SPF attempts to address this problem but has it been effective?
anyone have a domain where this DIDN'T happen? (Score:3, Insightful)
Good Luck.
Re:SPF! (Score:4, Insightful)
The only thing that did solve it was killing all addresses I don't use and adding filters for the most common bounces.
Re:SPF! (Score:3, Insightful)
Re:SPF! (Score:3, Insightful)
Re:SPF! (Score:3, Insightful)
Spammers don't care about hit rates and neither do the folks that employ them. Who cares if it's 10 people out of 100 that fall for the bait or 10 people out of 100,000 -- it's still 10 sales that they can credit to spamming.
Re:Why the forging in the first place? (Score:3, Insightful)
There's also a mundane reason for it:
This solution expresses itself in both throwaway domains (where the spammer registers it for cheap, figuring they only need it for one spam run) and forged addresses using bystander's domains. Forging is cheaper, since you don't have to register a domain, and while it's illegal, enforcement is rare.
Re:No (Score:2, Insightful)
It's really not that difficult to configure your mail systems to reject instead of accept then bounce. I see this as becoming manditory, similar to how it used to be ok to have an open relay, then over time it became a sin.