Now and then we get emails every second with a random subject and random sender address.
The subjects look like
ÀO¼Ú¥þ²y¶°¹Î
ºë·Ç¦æ¾P
¹Î¤¶³Ò¶°«n
ÃÀ®w³]p¤¤¤ß
and the senders look like
hfedcefg43ca at mydomain.com
dbaagijk47bd at mydomain.com
wyzsqp22xwvv at mydomain.com
npxz13stu at mydomain.com
where mydomain.com is our own domain. Meaning someone spams us with a from address using our domain name (everyone can do that) and sends thousands of emails to a specific account on the same domain. There is almost no content in the mails, only further cryptic characters.
What sense does that make? There is no viagra or html advertisements in there. How to block that?
If they are spoofing your domain in these emails, so they seem to come from your email domain, then you can try and prevent this using an SPF (Sender Policy Framework) record in your DNS.
An SPF record allows you to specify which servers are allowed to send mail for your domain and so should help stop these spoof messages.
An SPF record would look like:
This will indicate to the receiving server that the only server allowed to claim that it is mail.domain.com is that with the IP address registered in the A or MX record for mail.domian.com, email from any other IP will be rejected.
Microsoft (unusually) have a good wizard here for creating an SPF record for your domain. Once you have the content of your record you would set it up as a TXT record on your DNS server.
There are a number of other methods that could be employed to help here such as:
There are many more techniques that a good anti spam service may implement, and if spam is a serious issue then you may want to invest in one of these, however SPF is a cheap easy option that you can try, it may make a big difference.
With the information you've given it's only possible to give very general information. Greylisting (or graylisting, depending on where you are) will go a long way to stoping this sort of thing. Better yet, install a proper spam filter. I use MailCleaner, although there are plenty of others to choose from. As for the first pasrt of your question, "what sense does it make?", only the originator can answer that.
This is a problem I had to deal with several times in the past. These "attacks" originate from bots which, in turn, utilize compromised email accounts in many legitimate email servers. Then, all these legit SMTP services try to send the emails to your own server.
The recipient's address seems to be random. At this point, I am not sure what they try to do, discover legitimate email addresses or just try to choke and cause problems to the destination server. I tend to believe that they try to discover valid email addresses.
The fact that almost all the email addresses are invalid, usually makes your server to respond with a 550 error code. Despite this fatal error code, many of the originating servers keep trying to resend it, thus adding more unnecessary traffic.
Unfortunately, there is no way to block all this traffic, because you have to accept the connection from the originating server and at least check some of the envelope headers in order to decide whether to accept the message for further processing or not. So, the only thing you can do is to configure your email server to:
Well, I wrote this in a fast pace. The general idea is that there is nothing you can do to prevent this traffic.