I will write up a more formal blog post about this, but thought the crew here might like this.
I have recently become inundated with spam that is of the form [email protected], where WORD1 is a subset of WORD2, and every single domain is parked at godaddy.
So, I now reject with a 450 every email in that format. Obviously I have to whitelist many domains, since many legitimate emails also use that format.
In addition to blocking those emails with a 450, I have written a set of scripts that inspects the postfix log every 5 minutes, looks for the 450 status code, grabs the domain name, and curls the domain. If it finds the domain parked, it adds a 521 line to blocked senders, rebuilds the map, and reloads postfix.
Super slick, and now fully automated.
Obviously this won’t work for all domains – it only works for ones that are obviously parked – but it will cut way down on my spam.
I’ll post the code soon, and will post a link to it.