Email spam had reached more or less a steady state for me for a while, but things have suddenly escalated in the past couple weeks:
Anywhere from once every few days to two or three times in a day, I'll get approximately 2500 pieces of spam in an hour.
They're not actually spam per se. They're backscatter: a spammer has sent out thousands upon thousands of spam messages to other people, but has used kith.org addresses for the return addresses. In this particular case, the usernames at kith.org are generally all of the form human-first-name + random word + second random word, such as "louellaenumerabletyranny."
Many of those spam messages presumably reach their intended targets. But some percentage of them get bounced by well-meaning mailservers and autoresponders. And since the return address is @kith.org, the bounce message goes to kith.org, to be delivered to the nonexistent username. So what I'm really receiving isn't so much spam, as 2500 bounce messages in an hour, for spam I didn't send. And the only way I can be sure that they're not bounces of a legitimate message of mine hasn't gotten through is to visually examine the To line of each. (Because I have a lot of different email addresses, so it wouldn't work to just search for the bounces with a To line that contains my real address.) Fortunately, Eudora's spam filter eliminates about 95% of the messages, but I still end up having to go through up to a couple hundred in a day.
So of course what I really need to do is what most sensible people already do, which is to have Pair's mail server automatically throw away all mail that isn't addressed to a known-good valid kith address.
But for something like ten years now, I've been operating under the assumption that any username at kith.org will reach me. So I haven't been careful about keeping track of what email addresses I give people and organizations that want to contact me.
A couple months ago, when I first thought about doing this, I ran some automated tools over ten years' worth of email and created a list of all the email addresses that had ever shown up on mail in my mailbox. For various reasons that seemed like good ideas at the time, I wanted the From addresses as well as the To addresses. The result was a list of well over 20,000 addresses. And although I could do searches to find certain kind of addresses (like all the ones that started with "logos"), there were a great many that I couldn't think of a good way to sort through other than examining them by hand.
So I set the list aside and didn't deal with it. In the past couple weeks, spurred by wave after vast wave of spam, I've been going through it again--but I've still got about 4,000 addresses left to go. (But that's down from 15,000 two days ago; the end is in sight.)
I probably should've just looked at the To addresses for a first approximation, and figured I would lose a certain amount of mail. But at this point, I've done enough work on it that I want to continue.
I'm not actually sure that Pair's filter works the way I want it to, though; for example, if mail comes to a mailing list that I'm on, rather than directly to one of my legitimate addresses, will it get thrown away? I'll need to do some experiments to find out. Not really something I want to spend a lot of time on, but at this point I don't know how else to avoid drowning in backscatter.
Of course, if the spammers decide to start sending out thousands of emails from my actual address, this new approach won't work. Not sure what I'll do if that happens.