I have a mail list: email@example.com (names are changed to protect the innocent)
maillist has seven user emails associated with it.
I believe that I am a victim of a DDOS attack.
Someone was sending out a massive email campaign using an aliased email account where the recipients believe it was from firstname.lastname@example.org
When all of the receiving email domains sent back their non-response, no-user, or other denial for delivery, it all came back to the mail list address, which then duplicated across the seven emails.
Has anyone ever suffered this before?
How do you protect against this, when your server is not sending the outbound emails, and someone is masquerading their email as your own?