Protecting Your Small Domain from Spam Hijacking?

Black Cardinal asks: "I have a small domain which I mostly use to post family photos and some software. I also use it to manage a few e-mail addresses that my wife and I use. A spammer recently hijacked my domain name, using it to construct fake return addresses for sending spam (without actually cracking my host account), and caused a flood of undeliverable mail messages to be sent to my domain hosting service, which promptly suspended my account. At the moment it looks like I may never be able to have any @gelhaus.net e-mail again. What can I and my domain hosting service do now to protect their incoming mail servers and my account from this kind of attack, and how can I protect my small domain from this kind of hijacking and allow me to keep it running?"

"My domain hosting service, CubeSoft, has been a good host for my domain for the past three years, and they have been very helpful in re-enabling most of my account, but at the moment they don't want to re-enable my e-mail because of the flood of returned spam coming in (30,000 messages per day). Since the return addresses are all invalid (e.g. 'nonexistent_address@gelhaus.net'), I would think it would be simple to filter out all messages that aren't specific ones I've set up (e.g. 'valid_address@gelhaus.net'). I can't believe my domain is the first to have experienced this problem. It would be a tragedy to have to just shut down my domain because of this. CubeSoft says there isn't any way to prevent it because there is nothing that stops a spammer from using a fake return e-mail address. What have others with small domains done to protect themselves?"

You have the Michael Bolton problem

[utahjazz]

You need to change your domain name. Obligatory "Office Space" quote:

Samir: You know, there's nothing wrong with that name.

Michael Bolton: There WAS nothing wrong with it. Until I was about 12 years old, and that no-talent-ass-clown because famous and started winning Grammys.

Samir: Why don't you just go by Mike, instead of Michael?

Michael Bolton: No way! Why should I change it? He's the one who sucks.

Re:Use SPF to protect against "Joe Jobs"

[anthony_dipierro]

If everyone uses SPF, it will cut down on spam and joe-jobs.

Of course, if everyone would stop spamming, it would also cut down on spam.

It's a good idea, but SMTP without SPF is far too integrated into our lives to eliminate any time soon.

Eureaka!

[rylin]

It's simple really!
All you need to do is get a *really* long domainname.
For instance, would you expect any spam to originate from llanfairpwllgwyngyllgogerychwyrndrobwllllantysilio gogogoch.com?

I think not!
Yet I'm sure there's at least a postmaster account running there (and surely a real account or two, even if just for fun's sake).

Re:get your ISP to change your MX record

[Xunker]

Then how will legitimate mail arrive?

That still exists?

here's what you do

You hunt the spammer down like the dog that he is. Find yourself some "shady" characters to go pay him a visit. If he's in another country, that's even better. It's usually easier to find shady people in places like russia and china, and then, if you get busted for orchestrating his beating or death, it's harder for the authorities to do anything to you.

Even better, you could find out who he is, and then start sending letters in his name to major organized crime members demanding money or taunting them. Make a half-assed attempt to hide his identity, then it will look less suspicious.

Yeah, I'd definitely have someone whacked if they did that to my domain.