Apparently somebody has chosen to spoof my e-mail address to send spam. How do I know this? Well, my mailbox is bulging with “delivery failure” notifications; about a dozen in the last hour, and I’d be surprised if the rate doesn’t increase overnight. Not really what I wanted to be dealing with when I’m under a deadline, even self-imposed. :(
The spams advertise an online accessories shop, which has been registered on about half a dozen domains, all registered on March 31st, all by one person using a Chinese address.
In case anybody’s here because they want to complain about receiving one of these spams, it’s not my fault; I hate spam as much as anybody else; the criminals have just stolen my online identity to throw people off their track (and this can easily be verified by those who know how to inspect the spam’s e-mail headers).
For everyone else.. does anybody know of an effective way to avoid this problem in the future? Has anyone had success with things like SPF or Sender ID to actually keep spammers from spoofing your identity? For right now, all I can think to do is to set up a procmail rule to throw away the delivery failure mails, and wait for the spammer to move on to some other victim…