Blocking Messages With Fake Addresses

June 22nd, 2006 (SpamSieve)

If you have your own domain, you may receive spam messages sent to addresses that don’t actually exist. The spammers guess at some common user names, hoping to get through. The best way to block these messages is to configure your mail server to block them with a catch-all rule. That is, messages sent to your actual mailboxes are delivered, and the catch-all rule ignores or bounces all the other messages so that you don’t have to download and filter them.

Aside from the addresses, these messages are similar to other spam, so SpamSieve will learn to catch them (if it isn’t doing so already). Nevertheless, you know that messages sent to fake addresses must be spam, so it can be satisfying to block them all by creating a blocklist rule in SpamSieve. Set the Header to “Any Recipient” and the Match Style to “Matches Regex.” The Text To Match will be a regular expression that matches all addresses at your domain, except the ones that correspond to your user names. If you just have one account, use a regex like:

^.*(?<!^you)@domain\.com$

You can add additional addresses by prefixing each with “|^”. For example, to block Apple addresses that don’t belong to a co-founder, use:

^.*(?<!^sjobs|^woz)@apple\.com$

or:

^.*(?<!^sjobs|^woz|^rwayne)@apple\.com$

Some people also receive messages from these fake addresses. In this case, you could use “Any Address” instead of “Any Recipient” as the Match Style. However, keep in mind that it might be normal to receive messages from addresses like mailer-daemon that don’t match any of your account names.