I did some studying of some of the 100,000+ emails I received and determined two things:
1. One spammer sent the same message to at least 100,000 people with my email as the reply-to address, as well as spoofed the name of my mail server in the email headers (the IP does not match).
2. The spam originated mostly from Japan, but sometimes Brazil. I know the ISPs that were used, and I know the dial-up nodes he/she was on when it happened.
The question is, what can I do? I’d like to turn the account back on, but I’m sure that I’ll continue to get bombarded with “Cannot deliver” messages from the mail servers this person is assaulting. Also, I could see some mail server admins directing some misplaced anger towards me.
Looking at the email headers makes it quite obvious that the email did not originate from anything I control. and that my email server was not used as a relay to bounce email from Japan to the intended victims. The only email I am now getting is the “Cannot deliver” messages, which technically speaking isn’t spam, but is still killing my server.
Can I, or should I go after this person?