The relentless flood

Freshly relocated to the new hosting provider, my domain didn't have Spam Assassin turned on at first, and the spammers didn't seem to have any problem tracking my domain to its new home. I activated Spam Assassin around noon Saturday. In the ensuing 12 hours, I received over 1350 spam e-mails. Spam Assassin caught over 1250, with no false positives; the remaining messages fell below the threshold.

What the spammers are doing now borders on a distributed denial-of-service attack. Since people are being more careful about putting full e-mail addresses where the spambots can harvest them, spammers are now taking known domain names and matching them with a long list of possible usernames, hoping to hit a working mailbox. While it's good to see Spam Assassin's accuracy and effectiveness, it's disturbing to think how often the SMTP server is getting hit and to think how that may be interfering with the delivery of legitimate mail and the overall performance of the server. However good my spam filters are, the mail server has to handle every single message just to find out i it's legitimate.

For the first two years or so of batesline.com's life, I took advantage of the "catchall" e-mail account. If I had to give an e-mail address to register for a website, I'd make up a username, but wouldn't create a POP3 account for it, knowing that any e-mail -- mainly periodic ads -- to that address would wind up in the catchall mailbox. Now these legitimate e-mails are swallowed up and almost unnoticeable in the volume of spam I receive. The "catchall" account is almost useless, and I've had to create a forwarder to redirect e-mail to each of those registration addresses to a mailbox.

If I had been keeping up with the latest news at the Spam Huntress' blog, I would have known that it was time to give up on catchall e-mail. I see intriguing mentions of a way to reject spam before it even reaches the mail server....