For several months now my logs are showing an attempt to send mail to a non existent account. There are variations to the account name, but always the same 'root' name:
As an example:
There are literally thousands of these in a 24 hour period, and they seem to stay 1 step ahead of the RBL's.
The IP address and 'from' address which the messages report to be sent from are not fixed and I rarely see more than 2-3 delivery attempts in a row using the same IP or from address. I'm sure this is a scripted 'abuse' as the logs show from 100 to 200 attempts within a 30 second window to this root name and the IP and from address change every 2nd to 3rd delivery attempt. unfortunately, we do a significant amount of INT'L business and I can't block CHINA and RUSSIA
It appears to be either a dictionary attack or we are the backscatter victim for this campaign.
Although they are not getting delivered and we just drop it, I'm curious as to how others may have implemented a remedy to this. Any advice appreciated.