It looks like my domain name has been picked up by some spammer's.
My domain name starts with an "early" letter and is nice and short, so it probably caught their attention.
Now, what's happening is that they are forging mail from my domain and submitting it through SMTP servers that aren't doing authentication. So now, I'm getting all sorts of bounced messages.
Seems to me that a couple of things could be done to help alleviate this sort of spamming:
- All SMTP servers should require authentication
- All SMTP servers should only take mail for their domains
- Spam scanners should block messages that weren't submitted through a SMTP server that matches up with the domain name
- Spam scanners should NOT return undeliverable messages, it just chews up more bandwidth.