I'm having a serious problem and I'm sure I'm not the only one. I run
a free email service using vpopmail, sqwebmail etc and these spam
$#%#@%$ keep signing up for an account then proceeding to send immense
amounts of SPAM (not through my server, mostly through open third party
relays), I mean tens of thousands of SPAMs with a forged From: address
from my domain. Usually I spot them quick and delete the account, but
that doesn't stop my server from receiving and processing literally tens
of thousands of bounced emails due to these fools forging the From:
address from my domain. If there was a badmailto like there is a
badmailfrom in qmail, that might speed up the denial but currently it
has to process the message, sees that the account doesn't exist, then
it does the double bounce then discards it. Also is this behavior in
compliance with the email RFC's? Should MTAs be bouncing mail back to
me even though it didn't originate from my server? Seems like is a DOS
attack waiting to happen (well it's happening to me, but it could be
done on a larger scale.)
Has anyone found a fix for this issue? Please don't suggest to track
down the spammers and get them to stop forging because that is a cat and
mouse game, I need to curb the entire bounced email issue. Even
something like a badmailto that would immediately just drop the message
if the To: address matched would be great if anyone has hacked qmail to
do so.
Open to any suggestions,
Scott R
