Lee, sorry to hear about this. As you mentioned, it is still painful, and in some sense is a violation of your online identity and event trust. I think it is helpful to come forward and speak about this, perhaps not from the sense of looking for sympathy, but rather to begin a public conversation of something that is, in many ways, still seemingly taboo.

I hope you will continue to post about this experience, as perhaps together we (all your readers) will learn something about this in the process.

same thing happened to me. For two days I got hit with over 1,000 returned emails. It sucks. You have to wonder why we're so lucky, with a billion email addresses out there.

It's like we were hit with lightning. In a bad way.

I might be going crazy but this is happening to one of my clients. Do you want to compare servers?

Paul

I'm in the same boat unfortunately.

I found switching off "Catch All" on my e-mail domain helped as the address the spammers were using were randomstrings@mydomain.com rather than the small number of actual addresses I use for the domain.

My ISP didn't want to know even when I could provide the IP address of the spammer.

Just to add another me too to the pile. I noticed them a few weeks ago and on looking at the details they were spoofing random addresses from everything at my domain name. As Jamie did, I switched the "all other email" addresses policy to dump them in the bin, rather than forward to my main address.

But, I am still regularly getting a bunch a day that are bounced spams "from me."

Let us know if the SPF works (and what it is, if it does).

We might have the same spammer! It's been happening to me, too, and just over the last couple of days.

SPF is very effective - so long as your DNS servers will support it, and the recipients are using it... there's the catch.

It won't prevent the bounces coming back at you from those who aren't using SPF. If enough people start using it (finally, after being around for 3 years+) maybe it will help cut the spam down.

If you need help setting up your records, let me know.

Happened to me as well. I changed the Catch All, but apparently after a while your domain becomes registered as a spammer.

What you could try perhaps, is to move over to gmail. Their spam filtering is brilliant. I'm going to try that in a couple of days... once I have time!

I share your pain. Just last Friday a similar incident happened. The account that was spoofed was a forwarding account from my main website, and thankfully Gmail's anti-spam features filtered the bounced mails into my Spam folder.
A quick check with my web hosting providing indicated that it was indeed a spoof attack, and they gave me the same advice, that there was nothing I could do to stop the spoofing so long as open-relay mail servers were still about.

Thankfully the bot subsided over the weekend, and I haven't seen any bounced mail for the last few days.
For all the wonderful innovations I read about on the Internet, it's a wonder though that they haven't patched this long-standing issue yet.

While working on other people's computers lately, I've been noticing that there seems to be a surge of these types of emails and also a ton of "undeliverable emails." They ask how could I send these emails, I wasn't even awake at that time.

I explain that they could be in someone's address book that has a virus on it.

It doesn't make it any better, but makes me like working on my Mac.

Scott

I started getting the bounced emails from "my" email account a couple of months ago--on my Mac. Now, I'm no longer getting bounced emails, but I am getting a load of emails sent TO my (real) account, FROM "my" (hijacked) email account. Most are advertising "enhancement/enlargement" products, but some are for Rx meds and other garbage.
Does anyone know if my email account was easier to hijack because I use Microsoft Entourage? If I'd used a mac.com email address, would this not have been a problem?
Thanks for any input/advice,
Pam

Me too, the most frustrating part aside from lack of control is how long it took to find a olution in part at least. Thank you so much.

I have found it interesting as I have about five sites and 20 odd domain names but it happens to just this domain and started almost form the time I moved it to its own server? Go figure, just coincidence. Thanks again

the site is realy cool.

it seems to happen periodically, probably because, for years, my email wasn't cloaked on my site or blog. This time it's jewlery. It's an awful situation. But it seems temporary. they go on to the next stolen email in a week or so. sigh