I have been getting a number of "failure notices" in my mail queue and my amateur sleuthing via DNS report found this particular spammer has two NS servers as well as a bank of mail servers. My thought was to blacklist the NS IPs, however, that did not work. My next step is to blacklist their mail server IPs but there are a number of them so what would be nice is to just blacklist the entire block that corresponds to their mail server IPs (208.76.251.38 thru 208.76.251.50). I see that blocking a range of IPs was requested for ASL 2.0 but I could not find any reference so I just added 208.76.251 to my ASL blacklist hoping it will take care of the range.

So I guess my first question is am I thinking about this correctly? and secondly is their a better way?

Thanks much

I would highly suggest you turn off email responses for bad email addresses. It's a lot of overhead for something that is typically 99% spam anyways. A clogged mail queue doesn't do you any good.

Agreed, thats a great step. Also check out the zen.spamhaus.org RBL, and greylisting.

Gents:

Thanks for the reply. However, I have read this forum extensively for similar issues and employed all of the recommendations (at least the simple ones) to prevent failure notices stuck in the queue. Of course I have set Plesk to reject all non-existent email. I am also using qmail-scanner and ART spamassassin. The IP addresses for this particular spammer are not listed in the spamhaus RBL.

One thing that I did notice in the email header is that the spam gets an SPF Pass which baffles me. I have checked my spf record several times and it seems ok, but maybe not.

Thanks again

The spammers are smart enough to create SPF and DKIM records these days, so dont put to much effort into investigating that part.