My New Year Present...

I suppose it was, as the character Agent Smith from the Matrix Trilogy would say, "inevitable" that the cyber-criminals and spam gangs would become rather peeved with me; constantly reporting the latest Storm Worm or other notable spam run...

..and so it came to pass that on the 2nd day of January 2008, they unleashed a massive spam run in which they spoofed the From: address in the e-mails to make them look like they had come from one of my registered domain names.

You can see the result of this action, in the first traffic graph below (the red line is the inbound traffic):



Within the first hour of this attack, I had received almost 5GB of spam bounces, as well as notifications from mail scanning systems and also failed delivery notifications and the odd e-mail from recipients, some telling me to do thing that are anatomically impossible, or at the very least illegal or immoral ;-).

To put this latest 'Joe Job' attack into context, the following traffic graph shows the bigger picture (the red line is the inbound traffic):



As you can see, I also suffered an attack on the 27th of December, although that one was more intense, it was significantly shorter.

I'm still seeing the occasional spike, but nothing like the persistent attack lasting almost twelve hours, before I finally got it under control.

To minimise the possible impact of any future attacks, I've beefed up my 'bounced mail' handling filters, these can be enabled within seconds of a new attack starting.

So, once more here's a plea to those of you that run mail servers. Please, please don't make innocent parties suffer by bouncing back obvious spam to the address listed as the from address. Almost all spam sent nowadays uses spoofed [stolen] e-mail addresses. The 'Bad Guys and Girls' NEVER see these bounces, so why send them, just delete them instead!

Maybe I should start a campaign to get mail server products to remove this functionality, as I can't believe I'm alone in wishing for this feature to be removed or disabled?

What shall we call it, "The Campaign For Real Mail"? Or have you got a better suggestion?