I've been getting these also. In regards to the complaints from people I can only hope the mainstream media runs a story on this, i.e. the fact that the person in the From: field didn't necessarily send you the spam.

These spoofed spam emails have been around for a very long time.

Turn off the catch-all temporarely. I used to have this "on" as well, until I got hit like that too. Now I just keep it "off" at all times. There are really not that many people that make mistakes anyways. I don't think I had a single email sent to one of the invalid addresses.

If you really do worry about people making mistakes, then create aliases for the most common mistakes.

dick cheney :)

This is not the old classic spoof email. This is something new the spammers are trying IMO. They are sending 1000's of spam to a single domain in the TO: field, not 1000's of spam in the FROM: field.

I can't see what can be gained by doing this. All the are doing is sending 1000 spam messages to me. If I read the first one I'm unlikely to read the other 999 so it seems a waste of resources.

---

Good point about turning the catchall off. But I'd have to ensure the messages are not bounced back.

This is what is called a dictionary spam attack, where it tries a list of names in combination with a domain, so not a new thing, has been around for years. Usually they would target an ISP or service such as hotmail with it, but maybe they have broadened their scope.

Well it's new to me. Maybe it's a technique that the spammers can now do due to newer / faster technology.

But it seems such a waste of spammers time because what is the chance that widgets.co.uk has an employee with an email address of azumi212.

One thing it could is a different way to identify legit email addresses. Let me run this by you:

Spammer sends out an email to thousands of addresses at a single domain.

The intention is to identify those which do not bounce. If a bouce is received due to 'user not known' then it makes sense to assume that a message which does not bounce is a valid address.

They are probably running a script to wait for bounces and to remove those addresses from the database. After a week any addresses which were not flagged as bounced must be genuine.

Nice try but clearly they are not getting bounces from a catchall address! Thus I can expect this kind of stuff day after day :(

This is getting way out of hand now. I've had about 10,000 overnight.

All the spam messages are stock ramping so there is no website to get shutdown.

Anyone know who is the kingpin behind these stock ramping messages?

Is there some kind of class action against this / these persons that I could assist with?

I had a similar issue when there was German political spam being spread by compromised zombie machines.
I disabled the catch all for a while, and manually set up forwarders for all addresses that I wanted to receive e-mail for.
Then after a while I set up the catch all again to point to a "bucket" e-mail account that I check every so often.
You could report them to to an agency that deals with investment spam (see [banspam.javawoman.com...] if the moderator decides this url isn't allowed sticky me and I send you the url and e-mail address)
however I wouldn't expect fast results in getting them shut down.