This morning, I took a look at my mail server logs to see if yesterday’s changes had caused any unexpected issues, and I’m happy to say that all appears well. I also took a few minutes to analyze the logs a little bit, and here’s what the past 20 hours has brought:

don't send email to these accounts; they don't exist!
  • In 1,202 minutes, 16,605 messages were attempted to be delivered to nonexistent accounts on my server, for a rate of one message every four and a half seconds.
  • Those 16,605 messages were addressed to 915 unique (and still nonexistent!) email addresses.
  • By far, the address bore the brunt of this, with 759 of the addresses living there; no other domain had more than 60 or 70 false attempts.
  • The most popular fake email address is one that’s never existed, and doesn’t make much sense at all; it received 461 attempts. (The top 10 list is in the graphic to the right.)
  • As you’d expect, generic “webmaster” email addresses are popular, accounting for 225 of the attempts across all the domains I host; “postmaster” and “mail” are a lot less popular than you’d think.

All in all, I’m glad to have made the configuration change, and my mail server seems to be operating under quite a bit less load as a result.


I suspect what happened is that when you were initially accepting mail for anything at your domains, a spammer ran a dictionary attack on a domain and recorded what was accepted and what wasn’t. Since you weren’t rejecting right off, everything passed, so they all got added to the database.

• Posted by: eric on Oct 20, 2006, 12:46 PM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!