>> to non-mail domains is significant. I have at least one host name >> that was never a mail domain, but since it used to appear in usenet >> headers it gets over 30,000 spams a day, every day. > >I'm not convinced you've identifed causality ... only correlation. The causality is that its name was scraped out of a zillion usenet archives. Much of mail it gets is to addresses that are actually old message-id's. Other hosts that don't have names don't get hit at all. > I suspect that many spam sources routinely 'scan' for open port 25s >and send mail .. I haven't seen that in an extremely long time, and I log the port 25 connect attempts to non servers on my network. It sees plenty of port 25 attempts, but they're all to the scraped hosts and stale MXes. Spammers have gargantuan spam lists and use the regular MX/A lookup, sometimes using very stale precached MX lists. > For your web mail, make the right headers so that a reply will > work. Or arrange to have the mail depart from a valid mail server. Um, I've been doing that for rather a long time. That's unrelated to the scraped address problem. R's, John _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf