Well, the weird thing is, I changed the username to which the form gets sent to one that forwards to another address entirely (still hosted on Dreamhost, of course), and I was still getting spam at the previous address, apparently from the same spammer.
Then I took the form off the page completely, and still got spammed.
How’s the spammer doing that? Using a cached version of the page?
I’m a bit sickened, as this address that I was using with that form was a totally clean address that never got any spam at all until I started using the DreamHost formmail system.
Had I anticipated that spammers might use it against me, I would have created a series of throwaway addresses and would change the address whenever the spammers found the form.
But as it is now, my beloved address appears to be nearly compromised, and if this spammer figures out that he can put that username he has together with my domain name, the floodgates will be open and that account will be useless.
I’m very sad about it.
So, lesson learned, good people of DreamHost, if you are using the formmail DreamHost provides, don’t use your regular email username in it.
Here’s what I’m going to do from now on…
Create a series of usernames like this (copy & paste comes in handy), followed by a space and then my real email address:
… and so on.
I’ll use the Automator program on my Mac to generate the username part of the list and that which follows.
I’ll copy and paste that list into the bulk editor for forwarded email, and then use the username part of the first address as the username in my form.
When I start getting spammed at that first address, I’ll change the username in the form to the next one on the list, and delete the first one.
The spammers will be sending to a non-existent address. Fudge 'em.
It’s going to be a hassle, but I can’t think of a better solution at the moment.