HELP! My domain is being "joe-jobbed"

Discussions on webmail and the Professional version.
Post Reply
fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

HELP! My domain is being "joe-jobbed"

Post by fmaxwell » Thu Oct 12, 2006 1:35 pm

For the past two weeks, I've been getting bounce messages in my catchall address because some spammer is forging random addresses at my domain as his sender address.

I cannot turn off catchall because I have given out hundreds of unique addresses by which I can be reached. Each unique address is prefaced with an underscore and it identifies who should be mailing me on it (example "_Ameritrade@{my domain}"). This way, if a company sells/leaks an address to spammers, I know who did it and can block that address from receiving any more mail.

How do I drop connections for email addresses which do not begin with an underscore AND which are not specifically directed to a particular mailbox in my domain?

jfenwickar
Posts: 14
Joined: Fri Oct 07, 2005 9:19 pm
Location: Fort Smith, Arkansas, USA
Contact:

I would like to know this also.

Post by jfenwickar » Tue Oct 24, 2006 2:40 pm

I use many addresses also and would like to block a defined set of addresses. Is there a method to block incoming email to addresses that do not fit a filter? like _*.mydomain.com

fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

Re: I would like to know this also.

Post by fmaxwell » Tue Oct 24, 2006 4:15 pm

jfenwickar wrote:I use many addresses also and would like to block a defined set of addresses. Is there a method to block incoming email to addresses that do not fit a filter? like _*.mydomain.com
Actually, I think you want to unblock a defined set of addresses and turn off catchall -- which is the same thing that I want to do.

I had really hoped that a feature as simple as what we are requesting could have been added years ago. MailEnable already understands *@{mydomain.com}, so I can't understand why it would be so hard to have it understand _*@{mydomain.com} or *sales@{mydomain.com}. All that it would need to do is check for an exact match first, not finding that, a partially-specified wildcard match, and, following that, a catchall wildcard match.

Then we could set up one mailbox and send everything to it:

Me@{mydomain.com}, postmaster@{mydomain.com}, abuse@{mydomain.com}, _*@{mydomain.com}

If lkjsdlksdfj@{mydomain.com} was specified in an RCPT, then MailEnable could reply with a no-such-address message and the connection would be dropped.

What's really ugly, and it's happened to me, is the spammer dictionary attack, where they try a whole list of words, names, etc. to the left of the @ for your domain (e.g., aarona@{mydomain.com}, aaronb@{mydomain.com}, aaronc@{mydomain.com}, etc.). With a catchall, you can find, hours later, that your connection is saturated and that you have tens of thousands of messages. If you don't find it in time, your server's hard drive will just fill up.

P.S. The spammers are still forging e-mail to look like it came from my domain and I'm still getting bounce messages -- constantly.

Post Reply