Aaaagh spam

[Phil Pennock]

On 2006-12-27 at 10:24 +0000, Earle Martin wrote:
> So I'm getting squillions of bounce messages addressed to <random
> string>@downlode.org. Is there a known strategy for dealing with this
> shit at root? (Preferred solution would be killing the individual
> responsible, but I'm willing to be lenient... this time.)

If you're willing to live with <random_string>@ not being a "real" email
address and not fully reliable and very probably failing address
verification, then yes.

My "catchall" stuff (Exim MTA, if anyone wants the config off-list)
treats the addresses as non-existing if the sender is <>.

For regular email, this is fundamentally broken, but for discard
addresses it's just about workable.  For any address my wife or I care
about, we make it exist.  Cyrus IMAP, create the shared folder and the
LHS with the same name automatically exists too (simple GUI operation in
a tolerable MUA like Thunderbird).  I need to get around to putting a
pretty web interface on aliases.

It's not perfect, both for abusing standards and because some MTAs don't
use an empty envelope sender for bounces, but it makes the situation
tolerable.  Oh, and I also blacklist some particular abused LHSs.

The other option at present is to ensure that you're using a sub-domain
of a registered domain.  The spammers are (currently) only
dictionary-walking and/or joe-jobbing registered domains, not trying to
find sub-domains.  How about @the.download.org ?

-Phil