Hi,

I think hat happens is this (correct me if I’m wrong):

Some PC(s) infected with mydoom has your Email/Domain-Address stored somewhere and sends out infected Mails with your address (and/or a ficticious address in your domain) as faked sender adress (see mydoom descriptions)

then you get the answers from Mailserverscanners that suppose the infected mails come from you

There’s not really much ou can do about it easily:

  • setup filters that filter out ANY replys from mailservers due to invalid adresses/viruses (risky and difficult)
  • setup filters that filter out ANY replys from mailservers due to mydoom/viruses: would probably only work, if you could analyse the mailtext and/or header for occurences of “mydoom” and its alias names, or at least for the usual attachment names used by mydoom