Has anyone else out there in IT corporate world had your company domain spoofed in s-p-a-m emails? Then you get the tons of bounces if you have a catchall address set up. Somebody has been using the ACME email domain for their s-p-a-m-i-t-y s-p-a-m s-p-a-m campaigns for a few weeks now and we started getting tons of bounces due to the thousands of invalid addresses they have in their blasts. Please read on..... (I might be able to use your help).

These s-p-a-m-m-e-r-s must be sending these messages (about 25 distinct subjects so far) to a ton of people if we are getting tens of thousands of bounces. The subjects are mostly stock tip crud, I wonder if the tips are for real stocks or not, we don't dare click on the URLs. And we certainly are not stupid enough to respond to some of the Yahoo throw-away email addresses noted in the messages. And these penny stocks they reference do actually exist (YPIL, SCRE, WYSK).

Our tech folks did look at the headers of many of the messages sent, some of the bounces include the original message. It looks like they are using forged IPs as well so the origin is hard to track. We have contacted some cyber crime contacts here in our state to help but no luck with a response yet.

We use Sender Policy Framework (SPF) so at least email servers that check for that will know the s-p-a-m is junk mail. My worry is that our ACME email domain might get on a few whitelists. Anyone else had their corporate domain abused like this? Anyone have other techniques to address this?