How I stop spam backscatter rendering email on my domain unusable?
Solution 1:
Simple answer: don't have a catch-all on your domain.
In fact, don't accept mail on your server for accounts that don't exist, full stop. Just reject it outright, during the initial SMTP transaction. This is especially important when you have a front-end SMTP "proxy" server that does things like anti-virus, anti-spam etc, before passing clean(er) emails to an "inner" SMTP server that knows what users have mailboxes (e.g. MS Exchange). Outer proxy servers are often set up to accept email for an entire domain, without knowing which users exist, so they accept mail to anyone at your domain. Only when they realise that the user doesn't exist, they will generate an NDR. This can often be going back to an invalid address too, or to some other innocent victim.
You will also benefit here from not sending out NDRs for spams to invalid addresses on your domain that your "inner" server rejects. I've actually seen ISPs mistake these NDRs for outbound spamming abuse.
Solution 2:
- Don't do *@mydomain -> something. That's a recipe for what you're experiencing.
- Make sure that your mailserver knows what valid users exist, and rejects mail (at SMTP time, not afterwards!) for users that don't exist.
Also, Consider using something like this (postfix formatted) smtpd_recipient_restriction
<> reject_rbl_client ips.backscatterer.org
postmaster reject_rbl_client ips.backscatterer.org
Solution 3:
On the previous posters advice to reject any email at SMTP level that's not a know user: This can be used by spammers to detect whether an email address on your domain is valid.
Of course the alternatives are
- accept the email (bad),
- silently drop it (bad if it's a legitimate mail with a typo in the address)
so it's a typical "damned if you do, damned if you don't" situation that appears everywhere where email is involved...