TW Atwater writes "My wife and I run a small Mom and Pop business and we have a website and email accounts. I set up a catch-all account to trap misaddressed messages. It also works well for one-shot submissions to sites that demand an email address.
Now, for the second time my catch-all email account was flooded this morning with notices of rejections and undeliverable email from dozens of ISPs. In every case the rejected email was from a non-existent account. The headers indicate the origin of these emails is in Poland, and (no surprises here) the subject is Viagra.
Aside from the feeling of having been violated, I worry that if this happens often enough I may find my domain blocked as a SPAM source. Also, I will eventually have to explain to clients that we are not advertising Viagra.
I've run nmap on my router and computer and am confident that the messages are not being run through my box. My hosting is with GoDaddy.
The question for Slashdot is how can I protect myself from having my domain name hijacked by SPAMMERS? Is there anything that can be done about the nitwit ISPs who don't bother to check if the SPAM actually came from the domain in the return address before they contribute to the useless information cluttering up the internet?
My signature is missing."