26
Condor
5y

It's finally happened. I've used my mail servers for about a year to give out different email addresses on my domain to things I sign up for online, and only used my "actual" email address that received all this email for the whole domain but the single one that I used outbound for private communications.

This worked well for a long time as I could see when spam comes in, where it came from by looking at the email address I designated it. Each company's email would be sent not only from an email address that they choose, but also to an email address that I choose. It allowed me to easily determine where there were problems. For example, on Freenode IRC my vhost happened to make my username@host there a valid email address. It eventually got blacklisted due to too much incoming spam as crawlers started detecting it. Another one was "nickname"@my.domain as I posted it a few times here. Got crawled as well. But it allowed me to easily blacklist each.

I'd never thought my actual outbound email address, my real one, to get crawled though. That would require the mail server of a company I explicitly communicated with to get hacked. But today that happened. I wonder whose it is, but I can't tell.

Time to make my outgoing email bound to a designated email address as well. I want to know which companies this happens to, even if they don't disclose it.

Comments
  • 2
    I'll be using this strategy.
  • 1
    @Condor

    10 years ago or so I was going to offer this as a service to customers for another service I had.

    Domain is killthespammer.com

    Would you be interested in making this a service for the general public.

    Kill
    The
    Spammer
    "See exactly who spammed you and ZAP them"
    Cartoon spacesuit guy zapping a spammer.

    Can you see where I was going with it?

    If interested let me know.. quick weekender project maybe?
  • 1
    @Nanos sshhh don't leak out the plans for 2.0
  • 0
    @rant1ng It sure sounds interesting, but idk what you mean by "can you see where I was going with it"... Zapping spammers with tasers? XD
    But yeah in mail I've long been looking for a shared resource when it comes to spam prevention. At FOSDEM 2019 I saw an interesting talk about it, I believe from someone at SpamAssassin that went into great detail in the mail server technicalities. But as far as I'm aware this doesn't exist yet... Then again, I haven't looked much into it either. But proper spam reduction would be the solution to spammers even doing the mail address gathering in the first place I think. If it gets blocked at the mail servers anyway...

    Would you mind contacting me via mail at $nickname at nixmagic.com? (replace $nickname with my actual name here)
Add Comment