I have traced mine to a Bulgarian Spammer, and since Bulgaria has signed up with the EU accords on anti-spam, I intend taking this b*st*rd to court.

If Microsoft can do it - so can I!

Rob.

Some Russian spam setup has been using this domain in From:/Return-Path: along with several other domains. They’re advertising a Moscow travel agency and their spam operation. I don’t think it’s a revenge job, they’ve apparently chosen many small domains and just rotate through them. (I found many other copies of the spam on the web with different domains.)

Ultimately there isn’t much to be done in this situation, especially as the spammers appear to have a large botnet. I’ve made that domain as unattractive as possible by using SPF and DomainKeys to indicate it never sends email, along with a mailserver and webserver running at that domain with appropriate messages. (The mailserver rejects all bounces with “We didn’t send the spam, but here’s the telephone and ICQ numbers of the people who did”… that info was in their ad for their spam service.)

But of course the bounces just keep coming in, and probably will ’til the spammers become bored. I don’t care very much, it’s not like the name is particularly important to me–it just sucks that we have to put up with the collateral damage from these parasites.

It would be a really good thing if sites would a) quit !&#$% bouncing spam and b) start rejecting it. Not only do I have to deal with these stupid spam filters’ bounced messages, but also have to wonder if my email’s actually getting through or just silently being dropped.

The basic idea is encoding the envelope sender of your outbound mail. Bounces/autoresponses of that mail will be sent to the encoded address, not the bare address. If a bounce comes to the bare address, you know it was in response to a message not sent through your outbound relays. If it comes to an improperly-encoded address, you know somebody’s trying to pull something…