Help! My domain has been hijacked by a spammer.

The fact that bounce messages are pouring into your catch-all from non-existent addresses almost 100% means that you either don't have proper SPF/DKIM/DMARC configured, or they're set up only formally.
What I would do step by step:
1) Check SPF - it should clearly specify which servers are allowed to send mail on behalf of your domain. And make sure you use -all, not ~all, if you're confident in your configuration.
2) Enable DKIM -- sign all outgoing emails.
3)Set up DMARC with at least a p=quarantine policy, and ideally move gradually to p=reject.
4) Check your domain in Google Postmaster Tools - you can see your reputation there.
5) If your IP is "burned," you might want to temporarily switch to a third-party SMTP provider (SendGrid, Mailgun, Amazon SES) while your reputation recovers.
6) Disable catch-all (or at least reconsider using it) - it often just helps spammers.

One more thing: if you're hosting email on your own server without proper monitoring, Google and Hotmail can put you in the "gray zone" very quickly. From experience, sometimes it's easier to migrate to a reliable email provider than to fight deliverability issues manually

I agree with contacting your email service and
if they do not fix this, I would move the whole
operation over to someplace more secure.

This is time-consuming and inconvenient but
sometimes it needs to be done.

hi! This is a common problem. I think you need to change your approach, set up mailing tasks, and see if that helps

Hi,

I guess ideally you want to try to establish how the compromise happened and close off that entry point (apologies if you already have).

contact your registrar right now and file an abuse report.

check your DNS records to see if anything got changed, and change every single password you have, registrar, hosting, email, all of it. turn on 2FA everywhere.

once you get control back submit a reconsideration request to Google because any spam content on your domain will wreck your rankings. also make sure your registrar lock is enabled so nobody can transfer the domain out from under you.

not good whover ure registrar is report to them my first call would be

Classic case of someone spoofing your domain to send spam - Google picked up on it and now flags everything from you.
First thing to do is set up SPF, DKIM and DMARC records if you haven't already. Then check your domain's reputation on Google Postmaster Tools and MXToolbox to see if you're blacklisted. If you are ,you can submit a delist request to Google - it's slow but it works.
Also consider disabling your catch-all mailbox, it just makes things worse.

Same happened with me.
Clicked on some mail and then it happened. I also searching for solution.

Have you tried email marketing on that domain before?
Have you tried changing the mail server or your web hosting provider?

My name is Asif and Running a web hosting business called Midway Host for 9 years, we see all kinds of issues like these. I would love to fix your issue for free, reply to this thread or mail me at realasifn@gmail.com