by a randomly generated email address in my domain. These accounts don’t exist,
but when the mail is returned we get the returned email. How can I stop
The painfully short answer is that you probably can’t. Though there are some
ideas to at least make it a little less painful.
For what it’s worth, you’re not alone. You are so not alone.
Become a Patron of Ask Leo! and go ad-free!
What’s happening is a variation of what’s called a “dictionary attack”
though in this case attack is perhaps the wrong term. Spammers will often search the domain name registry for domains
that they can then assume are real. Once they have the domains, they send their
spam to randomly selected common names or just randomly manufactured email
addresses on that domain. Hundreds of them. Thousands of them. AND they use them
as fake return addresses as well which is what you’re seeing.
It’s very similar to the situation created by certain types of viruses I
discussed in my previous article: Someone’s
sending from my email address! How do I stop them?!.
Most of the randomly generated email addresses miss – they’re not
valid accounts and as a result they get bounced back to the “From” address. In
your case the from address is also a random and invalid address on your domain
and your mailer is presumably letting you know about it.
What to do?
Well, as the owner of several email domains I used to like being able to
have what’s called a “catch all” address – meaning that mail sent to
any address on my domain would get to me. It was a great way to see
who’s using mail email addresses for what purpose by just using some bogus
address on my domain and seeing what email got sent to it.
Unfortunately that also meant that any email address on my domain
was valid and would get to me.
I don’t do that any more. Dictionary attacks like I’ve just described result
in a flood of email to all sorts of random addresses on my domains. I now only
look at the addresses I actually define.
So sadly, don’t use catch-all addresses.
Unfortunately some email addresses should be looked at. Not only my own, but
addresses like “webmaster” are standard ways for some forms of notification. I
do know that many domain owners no longer look at these either due to the
volume of spam. I happen to have a reasonable spam filter which catches about
90% of the spam.
Invest in a good spam filter.
Finally, and probably most relevant to your situation, if a bounced
email message gets sent to an invalid address (because the original “came from”
an invalid address it sounds like your email system is notifying you, or
forwarding those invalid bounces to a known good address. If you can, I’d turn
that off and let those bounces to invalid addresses just disappear.