In a recent message Chris Johnson <madoka@xxxxxxxxxxxxxxx> wrote: > On 06 Apr, Dave Barnett <as10@xxxxxxxxxxxxxxxxx> wrote: >> Many spams have a fake 'To:' and/or 'Envelope-To:' header of the form >> [string] at mydomain. I have put some that have been repeated >> frequently in a 'DeleteTo' list. These seem to have been passed from >> one bot to another or to have been harvested from inboxes of infected >> muppets. It is also apparent that they are being used as the 'From:' >> by the bots as I am receiving bounce messages. > Do you mean the sort of address where the hostname is garbled but the > domain name is valid? Exactly. >> [...] Some of these are quite ephemeral, I don't suppose that I can >> do much about those, apart from dropping my practice of using new >> addys for new addressees and enforcing a strict 'AcceptTo' list. > That's pretty much what I did before UK2 did away with the free domain > forwarding they used to do. Effectively, if I knew what addresses I used > that were valid, I could stick a block at the end which accepted anything > that hadn't dropped out through other traps or hadn't been accepted by my > whitelist, and deleted anything else. > My "defaults" file is the last but one file and contains something like > this... > Accept To: = *madoka@xxxxxxxxxxxxxxx* I suppose that that is a good way of creating and accepting bespoke addys, provided that you don't put '.' before the user name, I get a lot of spam like that. I shall give it a try. > Delete To: = *@crashnet.org.uk* That leaves you open to missing 'cc' mail (unless you have taken care of that). ATM I just Defer. -- Dave Keep GMT all year