Spam from oconnor.cx
Sympathy for anyone who’s received spam from random-letters@oconnor.cx — some spammer has been using such addresses of late. Basically, this spammer (or these spammers) make up an email address at this domain, and then proceed to put such addresses in the From header of their spams.
This sort of spammer behavior is especially painful for me — I frequently say (to company) that my email address is company@oconnor.cx. In order to keep such addresses working, I basically have to receive all mail to anything@oconnor.cx. Which means that I’ve been wading through many, many “out of the office” messages, SMTP server bounce notices, and the like.
I’ve seen several of the form Gnus-generated-Message-ID@oconnor.cx, so I imagine those ones at least were harvested from Gmane or other mailing list archives out there. This is an old trick.
I’ve just enabled SPF on my domains.
In addition, I've been
adding lots of entries to my virtusertable, to ensure that all known
faked addresses get bounced.
GMail to the rescue
Dan suggested that I prefix custom email addresses with something specific — then it would be simple to reject any address without the prefix.
That would work going forward, but would break all of the existing random addresses I’ve given to people over the years. Since I don’t keep track of them, I assumed I wouldn’t be able to build up a list of the ones actually in use. Or could I?
This is where gmail comes in.
I’ve been running all of my email into gmail for some time now, so I’ve built up a large, easily searchable email archive. I plopped @oconnor.cx into gmail’s search box and went at it. After digging through several pages of search results, I came up with a list of 20 email aliases which should continue to work. I’ve now configured sendmail to reject anything else.
Yay! Thanks Google.