Problem
A number of our AD distribution groups have recently been receiving spam from outside our network. These distribution groups are open to receive mails from outside of our network as we work with a number of third parties, so need to make them available to those groups.
I'm guessing that the mail addresses are guessed by a brute-force-dictionary style of attack; e.g. as we have fairly predictable email addresses such as MicrosoftDynamicsAxUsers@MyCompany.com; so by running through a dictionary of system names and appending our domain and the word Users, they'll find a number of valid email addresses; then if anyone clicks a link in those mails, that mail address is confirmed as being valid and can be logged / if a delivery failure message is returned to the sender they can log the address as invalid.
I should note that we have a team dedicated to our mail infrastructure; I'm not part of that team, my only involvement's due to one of my system's groups being in the affected list.
Potential Solution
To avoid this, I'm wondering if we should amend our addresses to something non-obvious; i.e. have the distribution group named 'MS Dynamics AX Users' have the underlying mail address '06c5b0e2-8c36-43fd-841d-c527672f250f@myCompany.com'.
Questions
- Has anyone else seen this type of issue before / come up with any good solutions for it?
- Does my suggested solution look sound, or am I just making our mails less user-friendly whilst not getting the benefit I'd hope for.
