The trick is to use reject_sender_login_mismatch and blacklist your own doman (with message: 550 send me valid login and password) just after reject_unauth_destination.

For Drew Neilson friend I would reccomend publishing addresses like: friend@grocery.herdomain.tld, friend@library.herdomain.tld and simply remove DNS MX,A entries after the email was compromised.

It was touted as a good solution years ago. But today it’s a really bad idea.

Before large scale spamming with fake return addresses.

This type of spammer hit my girlfriend’s website and started flooding her with emails from her own domain, usually with nonsense . This is a real problem, because she uses disposable addresses at her domain as a (probably rudimentary) way to track and block spammers (so the library would get library@herdomain.com and the grocery store might get groceries@herdomain.com). When someone sells one of her addresses, she simply turns off that address. However, it seems the way around this is to spam tons of possibilities from her domain so she can’t block the domain and there are too many random emails to block all the recieving addresses.

She asked me to help her out, but unfortunately, I have no idea how to stop this. Though we’re both a somewhat tech savvy, but we’re not particularly smart in the area of spam.

Does anyone have ideas on how to stop it? Any help would be really appreciated.

I often get spam that is from or to [random fake name], [realuser]@domain.com, seems to arrive at my address via a BCC a lot of the time. Sometimes I see [real name] [randomfakeuser]@domain.com.

Where domain.com is a domain I have full control of and know every single account on. There are in the order of 40 valid email addresses on that domain.

The content of the mails does not seem to be of a particular theme. Always spam of one form or another. Perhaps there is a particular botnet/service that has this behaviour and a lot of customers using it?