Is A Catch-All Address Worth The Spam?

wildzeke writes "I plan on switching Internet providers this summer to get a faster speed. Since losing an email account is the biggest pain when switching providers, I decided to pay the extra money to have email for the domain I registered. One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not? On one hand, it may catch important email such as admin, or postmaster or simply mis-typed user name. On the other hand, the catch-all will open the flood gates to spam who will send to [all user names in the world]@domain.com."

No brainer

[tarquin_fim_bim]

If the mail is from an intelligent human being they will generally conclude from the returned mail that they have erred, and readdress it accordingly. In the event of any other outcome you are probably better off not receiving the mail.

Re:No brainer

Having worked end-user tech support, I think you're overestimating the intelligence of the average email user :)

You'd be surprised at the sheer volume of users who invert a couple of letters or add a space in the middle of the address, and then *insist* that it's spelled correctly, and something must be wrong with our server for not delivering the mail properly to some random domain (not hosted by us). And yes, if they don't believe us over the phone we get them to forward the bounce message to us so we can confirm that.

So, if the concern is old Mrs. Pepperpot isn't going to remember the proper address to type and may in fact enter it into her email address book incorrectly, that's actually a pretty fair assumption.

Re:No brainer

[tarquin_fim_bim]

I've had more than one IT Manager specify to me that their email address is 'lower case', so I stand by my original post.

Re:No brainer

[studerby]

I don't think it has anything to do with intelligence, per se. I've seen an MD/PhD with an annual reseach grant total of $100 million struggle with this; I had to go to train his office manager on how to update his mail aliases, 'cause the mail client he liked was funky. If it wasn't in his alias list, and therefore clickable, he'd fubar it about 10% of the time and force the manager to fix it right now , 24/7, and he never understood anti-spam obfuscation (his staff filtered his incoming email for him).

His time was very valuable and he just wanted it to work.

Of course, the odds are good that nearly 50% of the people out there are of below-average intelligence, so any plan has to deal with both ends of the bell curve.

Re:No brainer

[geminidomino]

I agree. I bought my own domain as well, and I turned on a catch-all address (called "spamtrap") specifically TO catch spam. That's all it does catch. If someone types your address wrong, they should be smart enough to figure out "55x No such User" (or whatever the error is) and double-check the address. Anyone saying "random" spam is far less than targeted probably doesn't run a mailserver and watch the dictionary attacks mount up in the log file. "adam@domain", "anthony@" all the way up to "zachary@" (not to mention the various permutations of aaabbbccc, etc...). Unless you're trying to track where the spam is coming from (by reading recieved: headers, not "From:" lines), a catch-all address is nothing but a spam-catcher.

Re:No brainer

[Atroxodisse]

Most users are pretty dim, but even if you get their incorrectly labeled mail in your catch all you are likely to have to deal with them in order to find out who they were looking for and to correct them from using the incorrect address over and over. You can only put up with forwarding their mail for so long. I would bypass the catch all address. The only actual benefit of NOT having the catch all is that the spammer's server will have to handle all the mail that is bounced back and possibly slow its output of spam. One can hope anyway...

Re:No brainer

Well, frankly I *would* consider that as a measure of intelligence (at least to some degree).

For instance, if a user:

- has used a computer for a number of years (by the sounds of it the very same applications for that same time)

- depends on using the computer for important work

and still can't use it properly (and won't take the time to actually *learn* to use it properly - eg, basic typing/clicking skills), I consider that an intellectual defect.

It's like any other field - if you depend on a particular tool, you have to be able to actually use the tool properly or you'll mess things up repeatedly. And if you do mess things up on a regular basis, that's no one's fault but your own.

Think of all the "valuable time" he has wasted by simply not learning to use his tools.

Re:No brainer

[Scarblac]

I may be totally mistaken, but I thought that using a catch-all address means no "55x no such user" errors are sent anymore? There is such a user, and it's mapped to the catchall address.

Re:No brainer

[matth]

What's wrong with this? Some UNIX systems are case sensative about e-mail and johndoe is NOT the same as JohnDoe@domain.com

Re:No brainer

[Celt]

Agreed, most users are dumb as shite!
I have to deal with them everyday

"why can't I have a space in my e-mail address" or "I tried to access the website address user@domain.com and it did'ent work"
sigh...

Re:No brainer

some of us like spam, between the buns, yeah my buns, with mustard and ketchup...

Re:No brainer

[tarquin_fim_bim]

That's as maybe, RFC 822 suggests otherwise, with a couple of exceptions.

Re:No brainer

[stephanruby]

Having worked end-user tech support, I think you're overestimating the intelligence of the average email user :)

I don't think it's a question of intelligence. Sometimes, the answer to a problem is so simple, some people just can't see it.

Re:No brainer

[pegr]

I've had more than one IT Manager specify to me that their email address is 'lower case', so I stand by my original post.

IT Management... Where the less you know, the further you go! (I guess it's because you can "relate" better with the average 1D10T...)

Re:No brainer

[macdaddy]

You are correct. A catch-all gives a valid user where otherwise there wouldn't be one. Thus no DSN is sent. Using a catch-all with a domain in which its sole purpose is to collect spam and has no other valid use (like a couple of my domains) is great. Using a catch-all on any domain with other valid email use would actually causes violations of the RFCs. If a user fat-fingers an address and sends it to nillgates@microsoft.com instead of billgates@microsoft.com then you are required by the RFCs to return the appropriate DSN. With a spamtrap domain your intention for that domain is to have all addresses be valid and you do take action on that mail. Thus I don't believe that would violate the RFCs. However using a catch-all on a domain with valid email traffic is a violation of the RFCs IMHO.

Re:No brainer

I agree. I have a personal domain and a catch-all email account with my ISP. Twice in the past three weeks, the spam (I've enabled my ISP's server side spam filters) I've had to dump everything out of the mail account. In one week I was able to accumulate 9000+ spam emails and go over my 50MB disk limit by 100%. Everyone one of the spam messages was to "some random name"@mydomain. The other problem with this spam is that so much of it is loaded with image files so that it can get past the spam filters. This means that you end up eating a lot of disk space (or your isp does) when this stuff starts to pile up.

I figure that if something important from a real person bounces, they'll call.

Just my .02

Re:No brainer

[mindstrm]

Violate RFC? Gimme a break.

I own foo.com. I want ALL mail to foo.com, with a few exceptions, to go to a different mailbox. This is not a violation; it is the same as if I set up a quadzillion email aliases pointing to one box.

Re:No brainer

[mindstrm]

To further back that up.. not implmeenting everytihng mentioned in an RFC isn't generally a violation. THere are plenty of parts of TCP/IP that are not used on the internet, or disabled. same with other protocols.

If I decide that in my domain, there are no invalid addresses, then the concept of an invalid address becomes irrelevant, and there is no need to implment it.

Re:No brainer

[macdaddy]

If a person fat-fingers an address and it is sent to the wrong user on your system you are required to send a DSN. Have you never read the relevant RFCs to administrate a mail system? That should be a prerequisite before being allowed to join the Internet community as a mail administrator.

Re:No brainer

[uberTr011]

Try working tech support for an ISP. People are fucking retarded. They don't even try to solve their own problem(s), they just blame the ISP.

"I opened cool_screensaver.exe and my computer crashed. It's your fault for not filtering the connection".
"My monitor says 'No Signal', is the server down?"

Ugh, those tech support horror-stories are all true; I swear.

Re:No brainer

[utopyr]

Ha!--a few years ago, acustomer wrote to me, asking that his e-mail address in the database be corrected to the proper case mixture--his sysadmin had told him it was important--I responded to his address, all lower-case--"If that is true, you are not reading this." His reply was gracious.

Re:No brainer

[Condor7]

The only actual benefit of NOT having the catch all is that the spammer's server will have to handle all the mail that is bounced back and possibly slow its output of spam.

Very few spammers use their own servers. I would bet that none of them provide a valid server name for bounces or replies to be routed to.

Re:No brainer

[devilspgd]

"I opened cool_screensaver.exe and my computer crashed. It's your fault for not filtering the connection"

Followed by their next call, "your filters are blocking screenshot_of_plain_text.doc which I zipped into an EXE"

Re:No brainer

[Christopher+Cashell]

Would you to elaborate as to which 'UNIX systems' you might be refering to?

Particularly as this is contrary to common e-mail message standards (see RFC 822, among others).

I know I personally have not come across any non-broken SMTP servers that are case sensitive.

Re:No brainer

[ericspinder]

Well, frankly I *would* consider that as a measure of intelligence (at least to some degree).

I wouldn't, a plumber uses a pickup truck everyday, but he might not know how to fix it, but he's not talking about a blue collar guy, but a manager, probably a bureaucrat. Chances are if he ever did anything 'geeky', it's been at least 10 years since he did it.

still can't use it properly (and won't take the time to actually *learn* to use it properly - eg, basic typing/clicking skills), I consider that an intellectual defect.

I kinda agree, but what's not in question is the 'pointy haired guy's' clicking or typing, but his ability to use mail aliases, most likely because there are two separate mail systems, one internal and one external and due to regulations the two are not connected ($100 million reasearch budget sounds like a gov't agency). Which would make it a little more complicated than the 'normal' setup, but of course, I am mearly guessing and may be completely off base.

Re:No brainer

[bluekanoodle]

A long time ago, I worked for a tech support call center that handled a variety of clients including one of the major PC makers. We also had another client that was an ISP, and all the calls were handled down the hall. Sometimes you'd get customers who called their ISP (down the hall) who would inform them that the problem was with their computer and to call the manufacter, (us) who would diagnose the problem with the ISP. Poor sap's were stuck in an infinite loop!

Even worse, even if you ran into those customers who had been given the run around, and you knew exactly what the problem was, you still couldn't help them if it didn't pertain to your particular line of support. Management would listen in on your calls and if you went outside your support boundaries, they would bitch you out.

All that mattered, was that you took a certain amount of calls per day, and the only way to get that quota was to keep the calls short.

Re:No brainer

[kickus_assus]

Wrong answer. Say you where to setup an email server for a company that relies on email for new customer contact. Lets also assume the company figures these people are sometimes poor spellers or just plain stupid. But they still would like to take their money from them. They want anything that resembles a lead to end up on the sales managers inbox. This is can be a good reason to have a *@yourdomain.tld

Re:No brainer

[SoupIsGoodFood_42]

If I send a letter to you, and it's addressed like this (pretending that the following is your address):

Joe Sixpack
Street, City etc...

You'd expect to get it.

If I sent a letter, but with the name in any of these variations:

JoeSixpack
J Sixpack
Joe T Sixpack

You'd still expect to get it, right?

Now do you understand why people are telling you it's spelt correctly, when infact there's an extra space in there?

Perhaps it's the original designers of the email systems we use, who's intelligence has been overestimated. Because they made addresses far to easy to get wrong.

Now, as a web designer. I understand why these things are that way. But many--including intelligent--people don't understand these little technicalites. Because the expectations of other things in life has taught them differently.

Re:No brainer

[mangophreek]

I recently (thursday) ordered a 17" Powerbook from Apple over the phone. My first name is Marko and is an ucommon spelling with a K. I own the domain my e-mail is in, and the e-mail is my first name@domain.com.

The Apple CSR did check the spelling of my name, but his subconcious got the best of him and he wrote marco@domain.com. Had I not had the catch-all activated I would have lost all the order and shipping information (especially since most of it was shipped that night) thinking Apple was being slow. With the catch-all I was able to call them back to make the correction, rather then noreply@apple.com getting it bounced back.

Catch-All is a good thing. My random spam is low to zilch, but the spam to my main account is moderate.

Re:No brainer

[paz5]

With my catch all address (that is now off) the biggest problem was not receiving spam its self, but receiving error reply's sent back to my domain when someone was sending out random spam with the from feild being a random address from my domain. I tried getting it stopped and tried appoligizing to people that actuly got the spam and asked to be taken off the list, however the sheer number of them forced my to just get rid of the catch all address.

Re:No brainer

But many--including intelligent--people don't understand these little technicalites. Because the expectations of other things in life has taught them differently.
Look dude, life is full of variations.
They should get the concept once they are told that emails do not and cannot have spaces.

Re:No brainer

I use the catch all account on my domain so that I can assign accounts to everyone I have a do business with. If I register at sunglasses4u.com I give the sunglasses4u.com@mydomain.com that way If I start receiving a lot of spam addressed to a particular account I have a better idea of who sold me out.

Re:No brainer

[mysidia]

It's not true that catch all is necessarily a violation of any RFCs.

Simply put the situation with catch all is that any possible user exists.

If you accidentally sent your mail to nillgates at yahoo.com instead of billgates at yahoo.com; chances are "nillgates" is also a valid user.

Hence no delivery error occures, and it's perfectly fine.

The MTA isn't required to read minds and determine if the user made a typo. Only to act based on whether the destination mailbox exists are not.

And of course, for catch all... every legal mailbox does exist.

Certain addresses like postmaster@ have to work and have to go to a human, but there's no requirement that ppostmaster@ be considered a typo: after all, the user can exist!

Re:No brainer

[Atragon]

Sure...but what about a phone number? Say your number was (321) 987-6543 would you expect 321987654 to work? What about 3129876543? I don't think so. Or what if you addressed it to the wrong zip/postal code? Or to the wrong street address?

Re:No brainer

No, no, what I meant was, the user says "I'm trying to send an email to joeblow@yahoo.com and the server gives me a bounceback saying 'unknown user'. I *know* that's the correct address."

So, my response is, "OK, are you sure you typed *exactly* joeblow@yahoo.com? No extra spaces or characters?"

"Yes, I'm sure, there must be something wrong with your server."

"Well, that error usually means there's either a typo in the email address or the user has actually changed their email address."

"I'm sure that's not the case, it's a problem with your system."

"OK, well, forward us the bounce message and we'll take a look at exactly what it says."

And, 90% of the time, the bounce message will say something like "joeblow?@yahoo.com": user unknown. Most MTAs put a "?" in place of a space when sending out, so it means the user actually typed "joeblow @yahoo.com". It has nothing to do with the user assuming it would get delivered with an alternate spacing of the name, it was a typo that they repeatedly didn't acknowledge even when staring at the thing for a long period of time. This happens a lot, which is why I said if the submitter thinks that's going to be an issue a catch-all would be a good idea (so that an email sent to joeblow?@yahoo.com would still get delivered). In fact, usually I ask them if the bounce message shows a "?" in the email address somewhere in the message, and even if it does, they usually say it doesn't.

Re:No brainer

[RedBear]

As you have just demonstrated, having a PhD/MD does not equate to intelligence. What a PhD often equates to is mere perserverence shown by the fact that someone trudged through 7-10 years of some sort of schooling and wrote a hundred page thesis with mostly complete sentences. Now, after accomplishing that, this person you've described (and many like him) has a framed certificate on his wall and a complete inability to learn how to properly use a tool that he uses every single day. This is the very definition of moron, someone who can't learn.

But probably the main problem with folks like him is that after going through 7-10 years of schooling he is now "educated" and therefore doesn't need to listen to you or anyone else or take 5 minutes to learn how to do some minor thing correctly the first time. He's got that framed certificate on the wall and his "office manager" to keep him in this "educated" frame of mind for the next 40 years. Doesn't matter how smart you are now or were in the past if your mind is closed to further learning.

If his time was so valuable he would spend an hour sometime and sit down and learn to use the tool, rather than continually breaking the tool and asking someone else to always be there to fix it.

Of course, none of this precludes the fact that 90% of the time the software could be made easier to use in the first place. But it doesn't mean a PhD is a genius. Most of them are just consistent hard workers, and there's something to be said for that too, no matter what their intelligence level.

Re:No brainer

It's not that the designers of our email system were underinteligent--quite the contrary, I think. They designed a system that does what it does, and does it well! Billions of emails a day are testament to that.

The problem with making email delivery agents "inteligent" as you say, being able to discern certian patterns and act accordingly is an excedingly difficult problem, both in the time to develop it, and it the computation that would be required. On a domain that handles twenty thousand users, for example, trying to find a mailbox with some stupid variation of "Jack E. Dumbfucker" would require many many times more computation, per user. Add to that the fact that any given email service probably handles a dozen people by any common first name, and probably as many by any common last name, and it becomes excedingly hard.

Back when email was first conceived, it was meant to be used on relatively slow machines by modern standards, between a relatively few number of people--mainly between government and educational instutions.

Why is it too much to expect people to have their facts right? You have to send postage to the right address, or at least to the right city and zip code (if you're lucky USPS will try to find you, but probably only if it's very urgent--like a draft)... You've got to dial the right number on the telephone, otherwise you're likely to encounter an person, whom rightly dosen't give a flying fuck about you.

If my grandma can get it right 99% of the time, anyone can. Stop making excuses for stupid and lazy people.

Re:No brainer

[beaverfever]

I don't think it has anything to do with intelligence, per se. I've seen an MD/PhD with...

Lately I've been grappling with what "intelligence" constitutes and have very much learned to appreciate that intelligence should never be overestimated.

I've been working at a fairly large hospital for a while, and one of the tasks I've had assigned to me is to burn CDs for one doctor in particular. His laptop with a note naming the file to be saved and a blank CD gets dropped on my desk, and I burn the CD using the burner installed in his laptop. There is absolutely nothing wrong with the laptop - he simply will not or cannot learn how to burn a CD himself. This cannot be a case of his time being too valuable for him to do it himself - just the walk to my office takes longer than the time it takes to burn the CD.

I see a lot of similarly retarded behaviour from a lot of doctors here.

Re:No brainer

[eyeye]

Even plumbers should be able to detect when they have spelled something wrong.

Re:No brainer

[amRadioHed]

As mentioned by others, RFC 822 does specify case sensitive addresses. This only makes sense since it is legal (though dumb) to specify two different users on a machine with names only differing by case. Applicable execerpts from the text:

The only syntactic units which requires preservation of case information are: ... - local-part, except "Postmaster"

addr-spec = local-part "@" domain ; global address
local-part = word *("." word) ; uninterpreted case-preserved

Note: The reserved local-part address unit, "Postmaster", is an exception. When the value "Postmaster" is being interpreted, it must be accepted in any mixture of case, including "POSTMASTER", and "postmaster".

Note: This reserved local-part must be matched without sensitivity to alphabetic case, so that "POSTMASTER", "postmaster", and even "poStmASteR" is to be accepted.

Re:No brainer

[SplasPood]

I have a customer who has complained on *3* separate occasions that they cannot email sales@randomdomain. When we inform them that they need to have a top level domain on there they *insist* it worked before.

After 3 or four emails/calls they finally get the point. Until a few weeks later when it starts again.

Argh.

Re:No brainer

[SoupIsGoodFood_42]

A phone number is not really like a mail address. The problem is in the name: E-mail address. This believes some people to think that it acts in a similar way to a normal to a postal address.

A phone number is different because people know that phone numbers are usually a certain length. As you know, even phone numbers can be formatted differently and still have the same effect: 321 9786543, 321 978-6543, 321 978 6543, 321 9786 543, (321) 978-6543, (321) 9786543, 3219786543. Give that to a human to read, and they are smart enough to figure it out. Most software should be smart enough to figure it out. I know my cellphone treats +64211234567 the same as 021 123-4567.

The wrong zip or post code? Of course not. But what has that got to do with my point? Or could it be that you have missed it?

BTW. I playing the devil's advocate here. I'm not suggesting e-mail addresses should be vauge like postal addresses, but that to many people, they have a logical reason be believe to the contrary.

Re:No brainer

[ericspinder]

wow, a smart-ass one line comment.

My trouble is that I put a fair amount of effort into finding my voice in a particular statement. I am not a particularlly good sepllar in the first place, but I do nake an effort nat it. Combind that with a fat fiinger, and sometomes, I set my self up for spelling Nazis, who (I believe) disagree with my posts but are too lazy to actually write something to add to the discussion... The literary equivalent of a hit-and-run, and after a quick look at you past postings seem to be the "master of it". Go craw back under your bridge, and leave the postings to those of us who actually try to add to the discussion, rather than ones who try to prove their superiority at ever turn.

Re:No brainer

[GregWebb]

E-mail addresses aren't supposed to be case sensitive but can be, occasionally. However, most servers aren't.

If you're behind a case-insensitive server, any will work. If you're not it won't. Personally, I always use all lower case just in case.

So, you were both right but his approach was guaranteed to work whereas yours was merely almost certain to work.

Re:No brainer

[Orthanc_duo]

Ahh, but that's not a good anology. A plumber may not know how to fix a pick up truck, but they sure as hell know how to use (IE drive) it.

Someone who is using a computer for work on a daily basis should know how to use the computer properly. That includes the likes of typing an email address without mis-spellings (or checking it to find them) most of the time.

Re:No brainer

[Weirdofreak]

When you address a letter, the name you put on it (I'd assume; never tested but it seems the intuitive way for it to work) makes no difference at all to where it goes. It's there merely for the convenience of the people living in the house. You could just write the house number, street name, city and zip/postal code and it would arrive - possibly less, I have very little knowledge of the way these things work. In that way, the name you put on it works like the subject of an email - it's there simply so that anybody looking through can tell who it's for without reading it. Some people share accounts, in which case you put the name in the subject line, and if you mis-spell it they should be able to work out who it's for.

If you mis-spell a street name in an address, it might still arrive or it might not, depending on whether the intended address was clear enough. However, that's done by humans, who are (for the most part) infinitely smarter than computers - and if you get the number wrong, it doesn't have a snowball's chance in hell of getting to the right place, because both of them, in all probability, will exist. If the postman knows where Ms. Eileen Dover lives, he might figure out that it was meant for her and not her neigbour, but again, that's human reasoning.

Re:No brainer

[Albanach]

I've had more than one IT Manager specify to me that their email address is 'lower case', so I stand by my original post.

Seems quite reasonable. RFC 821 says:

For some hosts the user name is case sensitive, and SMTP implementations must take case to preserve the case of user names as they appear in mailbox arguments.

The only email address required to be case insensitive is postmaster.

Re:No brainer

[TastyWords]

Hasn't anyone figured out what "catch-all" accounts he doesn't want to be spammed?

the most frequent "dictionary attack" of all: postmaster, abuse, etc.

After all, who wants to sort through those inboxes for legitimate email?

chuckle.

Re:No brainer

[TastyWords]

Perhaps you are referring to the riddle:

Q: What do you call someone who finishes at the bottm of his class in medical school?
A: Doctor.

For those unfamiliar with some of the eponymous terms, the Peter Principle says, "Everyone rises at least one level above their competitive skill level." IOW, whereever you end up, you should have been at least one level below that. (and the evidence tends to support this.
The simplest example? I could ROT 13 an answer in a couple of sentences for you to guess but it should be obvious: PHBs. They have to come from some place(!)If you've been around one in particular and watched them achieve the lofty position, them since they were in position(s) before that. Somewhere along the line they were in a position which matched some part of their skill set. Then someone saw how efficient they were in that job and jacked them upward, and *poof*, PHB Level 1.0.

They reach a point where they can't go up, won't go down[1], even at another facility, and aren't capable enough to move laterally, current company or elsewhere.

As a professor of mine pointed out about twenty-five years ago, they're at the apex of their profession (their own skill-levelwise), waiting for the next 10-20-30-40 years to pass by so they can retire. Mostly because they've clogged the ladder and frequently taken training in a field which "had a job waiting for them when they finished". That is one f%cking sickening thought for the tech industry: "The requirement in the USA will be 600k each year for the next ten years...blah, blah, blah". Lots of positions for people to take classes and get a B.S. because that field is like a siren song...God, what a scary thought. It's bad enough now.

[1] Okay, I played a straight line there...I figured if I didn't say something most people wouldn't have caught it.

Re:No brainer

[danielrose]

I don't think it has anything to do with intelligence, per se. I've seen an MD/PhD with an annual reseach grant total of $100 million struggle with this;

I don't see an MD/PhD as a measure of intelligence or common sense. I have seen too many university students to know better.

Re:No brainer

[lahi]

It is absolutely amazing how people can refer to a standard when they obviously have either not read it or not understood it.

Chapter 6 concerns itself with address specifications.
The syntax in paragraph 6.1 specifies:
addr-spec = local-part "@" domain
local-part = word *( "." word ) ; uninterpreted, case-preserved

So the local-part is UNINTERPRETED and has its case PRESERVED, presumably to allow case-sensitive handling locally. Moreover, the use of a "."-separated list of words does not imply any structure imposed or recognised by SMTP, it is merely a conveient way to avoid quotes in a large number of cases ("... such occurences carry NO semantics.").

The exception is the local-part "Postmaster" which is required to be recognized using any mixture of case.

So SMTP-servers are not case sensitive, but case preserving when it comes to the local part. The delivery or non-delivery of a message to a recipient however, is a local matter, and SMTP doesn't care about what happens, and whether case-sensitivity is used for this.

It just so happens that local mail systems these days are not case sensitive, although I believe the broken SVR2.2+some bsd+some SVR3/4 based A/UX system I used in the early nineties might very well have been.

(Quotes typed manually from the copy of RFC-822 which I printed out in about 1991 or so. Yes, about the same time some Berners-Lee guy made a few grave mistakes which would end up as the mess we now know as WWW.)

-Lasse

Re:No brainer

I *think* the parent was referring to the office manager repeatedly mis-spelling/mis-typing e-mail aliases but insisting that something else is broken.

Re:No brainer

[3247]

And, 90% of the time, the bounce message will say something like "joeblow?@yahoo.com": user unknown. Most MTAs put a "?" in place of a space when sending out, so it means the user actually typed "joeblow @yahoo.com".

This actually is the user agent's fault: If the user enters an email address like this, it should automatically correct it to ``joeblow@yahoo.com''.

Actually, ``To: joeblow @yahoo.com'' is legal in message headers -- the extra space is not significant. But it is not legal in the envelope for use by MTAs. The correct way to have ``joeblow '' as a local-part would be ``"joeblow "@yahoo.com'')

Re:No brainer

[eam]

> a plumber uses a pickup truck everyday, but he
> might not know how to fix it

Yeah, but I'd be worried if he didn't know how to apply the brakes. I think the question is being able to *use* the tool, not *repair* it.

Repairing a software tool would involve breaking out your disassembler, looking at the code to find the bug, and implementing a solution. I don't expect any user to do that any more than I would expect a driver to be able to repair a car engine.

Using the tool would include configuring it to your needs. For the plumber's truck that would be adjusting the drivers seat, steering wheel, and mirror position. If you can't see anything behind you in the rear-view mirror, then you should know how to adjust the mirror before you pull out of your driving space.

If you don't know how to set the options on your software, maybe you should RTFM before you start using it.

The main difference between the "average" user and the "computer literate" users seems to be that the "average" user can read, but the "computer literate" user actually does.

Re:No brainer

[mshurpik]

I have an idea for stopping spam: Dont sign up for any.

Its a no-brainer rite?

Heres a tip: Computers only do what you tell them to do.

I have 4-5 active email accounts, and only one of them is spammed, because I left it that way. I run no anti-virus, no spyware blocker, and I used Internet Exploder quite a bit until recently. The other day I ran Ad-Aware, just to make sure, and all I found were some data miners. No active processes, no malware, no popups. I also installed Spybot's TeaTimer registry alarm, and fortunately it went off once because I wasnt even sure it was working.

In other words, *nothing* is changing on my computer. My email load is like 0 messages/day, and if I want porn or garbage I sign up with my spammed account, get the password, and then never look back. Does this help?

Re:No brainer

I suppose being a Slashdotter, you have no idea how users generally react to a message indicating an account does not exist.

They call support and report a problem with (a) all email going to the domain or (b) that e-mail is down. Very rarely, one of them has the sense to forward the e-mail with the question "what does this mean?" Out of curiousity, I once tracked all inbound SMTP error reports for a week. Every one of them generated a help desk ticket.

Re:No brainer

[ericspinder]

Ok, your right, it is weak, but then again, it wasn't my basic point. To a certain extent I did misread my orginal post's grandparent post, but upon getting a good night sleep, I see that post and yours with a greater bias, which allows for a more direct response...

I consider myself very good with computers (some people have even called me a Guru; but I wouldn't go that far). I don't spell very well, I am slightly dyslexic so spelling sometimes is a real challenge, does this make me stupid? According to you I should even be allowed to use a computer (or at least send email). I use the auto complete funtion in my email (in particular at work) almost every time I use it and I only have about a dozen people I regualarlly contact. I can only imagine the number of contact someone who is in charge of a $100 million dollar research budget would need on a daily, weekly, monthly basis, if I had an assistant whos job it was to make my job easier, I would tell them to be sure that I am able to quickly access these contact, why would I want to spend large amounts of time seaching though a contact database?

Quite frankly, I don't like this particular posting of mine very well, honestly way to many 'I's, it doesn't 'sit' well with me, but I do believe that my basic point is complete. I find it hard to justify spending any more time on a repley to a one line post, in particular, one with such (I believe) an obvious bias (you see I'm not even running this though an spell checker; I am sure my spelling of 'obvious' is wrong;).

Re:No brainer

[peawee03]

I work front-line tech support, and I've had someone explain to me 7 times in 5 minutes how they're a Professor Emeritus of fuss-'n'-bubbles while I'm trying to explain to them how to enter a web address into their browser.

"Alright, sir, now see the big blue lowercase "e" on your desktop? Yes, double-click that. With your mouse, yes. The button on the left. Sir, I know you're a professor emeritus..." Pretty much the only quote from that support call I remember.

I suppose for those in the high-end deep research fields (like my abovementioned professor), they might be afraid to admit to not knowing something "as simple as that", them with their PhDs. For most doctoral programs, the knowledge base requires depth, not width, of knowledge, so they often forgo learning new things to learn more about what they need to. Also, many of these people grew up when using a typewriter and correction fluid was the spiffy-high-tech way to go. I suppose they're just being like any guy who feels inadequate, but more in a educational, rather than... *ahem* physical sense.

Re:No brainer

[tigress]

Joe Sixpack in VA, or Joe Sixpack in PA?

Even when it comes to snailmail, small errors can result in things being sent way off course.

Re:No brainer

[hammock]

Back at Slackware 9, Pat altered adduser to reject usernames that were not all lowercase, citing the case-sensitivity of usernames, and case the case insensitivity of MTA's.

Re:No brainer

The first perspective I haven't seen mentioned is the fact that its your job to support these "managers" that won't learn...give them a break and help them out! And, the other fact is...its probably YOUR fault for not giving end users proper documentation, training, etc on how to use their tools (email, address books, distribution lists, etc).

And the third thing I've noticed, is that usually these managers are bringing in the money for the organization (projects, products, etc) HENCE, they really don't have time to be worrying about some tiny problem that just won't let them put in the right email address that could cost them $$$$ million $$$ is insane. It SHOULD be working or you better help him/her, because you're supporting him/her to make that million dollar project come true so that you can continue getting your paycheck....else you might all be out on the street!

Re:No brainer

[Krusty+Da+Klown]

It works until someone else gives your email address away. "Send this to a friend" buttons, e-vite services, etc. are just waiting for your "pristine" addresses to come to them.

Re:No brainer

No. You are a moron.

Assume your domain name is jones.com and your secret email address is john@jones.com. Suddenly, one day, you may be getting email to a@jones.com b@jones.com c@jones.com etc.

The grownups are now discussing whether the risks of having a "catchall address" to which all these are sent is worth the the benefits of such an address.

Responses like, "it hasn't happened to me yet so it isn't a problem" are not really useful to anyone.

Re:No brainer

[mindstrm]

Correct.

But when I, as the owner and administrator of the mail server, decide that ALL addresses are going to be a valid user, delivered in any number of methods of my choice, then there is by definnition no such thing as an invalid user, therefore I'm not required to send anything.

If you are going to argue against that.. you really need to re-think how to interpret RFC's...

Re:No brainer

[spudgun]

the Number of times the Phone attached to my modem line at work rings ......

and then after the modem answers , and they hang up , it rings again....

sometimes 3 or 4 times, once someone tried for 3 hours. (I put it off the hook after that)

If they Won't check a phone number, they Won't check an email address.

Re:No brainer

[macdaddy]

I would agree with that as long as that's the sole use for the domain. I think that's a great use for old unused domains (or people like us that want to collect spam to benefit from it). I have to wonder now about something else, but related. Do the authors of said RFCs consider typos in the domain or tld portion to also require said DSN? That would be an interesting question. If so then perhaps they'd view catch-alls in a dim light. Say I owned goober.com and used it as a catch-all. Someone else (maybe a famous company) owned gobber.com. Someone typos mail to joe@gober.com with joe@goober.com. Should me MTA return a DSN? I'm not sure. The address is valid on my system. If both domains were used for real mail and both had the user "joe" no DSN would be sent. It's an interesting question. I wonder what the answer would be.

Re:No brainer

It's not worth his time ($150/hr) to learn how to do something he can get you to do for free.

Re:No brainer

Hmmmm. Thanks for dragging me back on the topic of domain administration. It's worth pointing out that I *have* a catch-all account in my setup. It catches the occasional web password and then sits idle for months collecting junk.

I guess what you are saying is that if mail doesn't bounce off a domain, then that is a signal to wardial. So the spammers are wardialing domains AND usernames? What is the size of the namespace on that?

It's also worth pointing out that I have a few Yahoo addresses, and according to you they should have been wardialed by now. Perhaps this "grownup" disussion you're having is about something that - like I said originally - isn't an issue with proper administrative methods.

Re:No brainer

[shepd]

> It's not worth his time ($150/hr) to learn how to do something he can get you to do for free.

If you'd bother to read his comment, you'd notice that it takes longer for him to get the other person to do the work than for him to do it himself.

The learning curve involved with this is practically zero. We're talking 1 minute. That's about $1 or $2 at $150 per hour. Cheaper than a short stack of CD-Rs.

Re:No brainer

[kevmit]

Are you trying to meet your client's needs or trying to force your client to meet your needs?
I would suspect that his unwillingness to learn how to burn a cd has nothing to do with a lack of intelligence on his part, and much more to do with your unwillingness to find creative ways to help him see the value of devoting the time to learning this new skill.
Oh, and before all the AC trolls come out screaming about the doctor's personal responsibility to learn how to do this on his own...keep in mind that, from HIS viewpoint, that's simply not his job OR his area of expertise. In his world, that's why you're there. Is that viewpoint wrong? Maybe / Maybe not. Is that viewpoint retarded? Hardly. In fact, he's only doing what you've trained him to do.
Retrain him.
I mean, seriously, given the time and inconvenience it takes this guy to lug all his gear to your office, then come back and get it all the next day, how hard would it be to "sell" him on a short little fun and non-threatening impromptu training session on EZ-CD Creator?
Even assuming a worst-case-scenario where, after being clearly shown the personal advantages of knowing how to perform this task himself (without, btw, the standard Slashdot anti-training technique of first being made to feel like an idiot), he still chooses not to adopt the new skill...why not go the extra mile, script the backup operation and give him a desktop icon that performs the task for him? Either way, you come out looking like Engineer Scottie.

Re:No brainer

[ccandreva]

RFC 822 has been obsolete since April 2001. The current document is RFC 2822.

Re:No brainer

[tarquin_fim_bim]

If a 'Request For Comment' could ever become obsolete, your insightful observation on the subject would be what exactly? The sentiments included therin are no longer valid? Nope. The time has come that this technology is no longer used? Nope. These original thoughts have been surpassed by better ideas more adaptable to circumstances unforeseen at the time? Possibly. Even so, does this negate that which has passed before? Nope. Does your comment have purpose? Nope. What the fuck is your point??????

Re:No brainer

[tarquin_fim_bim]

I really don't see what your problem with understanding this issue. You have even highlighted the main parts of your confusion with caps. IT IS A LOCAL ISSUE. If it is an issue at all. An incompetent SA may have a Dave and a dave, and a DAVE for that matter but it will be him that will have sort the mail that goes though any software other than his own that doesn't differentiate. Does anyone have to deal with the real world around here?

Re:No brainer

[DoctorFrog]

It's also possible they'll conclude that they wrote down your email address incorrectly, or that you've switched ISPs - especially if you've changed your email address a lot in the past.

One big advantage spam-wise about having the domain catch your names is that you can assign arbitrary addresses to login sites. If I want to check out meatlego.com and they want an email address, I just enter meatlego@drfrog.net.

If meatlego sell or lose that address to a spammer, I just blacklist that particular "Addressed to" address and don't ever receive anything from meatlego, their spammer friend, or anyone else the spammer passes that address onto.

Re:No brainer

[DoctorFrog]

and then after the modem answers , and they hang up , it rings again....

sometimes 3 or 4 times, once someone tried for 3 hours. (I put it off the hook after that)

It's more likely that someone tried to send a fax to your modem line. Even the dimmest human being is likely to give up in boredom after less than three hours even if they don't cotton on that they're dialing the wrong number. A fax machine is not going to get bored, and many older & cheaper ones won't give up until you manually cancel the transmission.

Re:No brainer

[spudgun]

no, I heard voices the first 3 or 4 times......
after that it might have been faxes

No big problems here

[andyrut]

Buying your own domain is a smart move. As long as you keep paying for the domain, your e-mail address can travel with you, even when you change ISPs.

From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address. I get only a few junk e-mails to "webmaster", "postmaster", and other generic usernames. A far greater portion of it is addressed to the "real" e-mail address I use that's been plastered all over the web for years and years.

Judging only from my inbox, it would seem that spammers are more likely to use lists of known e-mail addresses than trying to guess valid usernames for a domain. My advice would be to use the catch-all address and just wait and see if spam becomes a problem. Turning off the catch-all wildcard, if need be, is a very simple operation.

Re:No big problems here

[Frisky070802]

I'll echo this experience. I get a little mail to webmaster and such, which I auto-direct to my spam folder. I haven't had any occasions for dictionary attacks to lots of names, probably because it's a personal domain that doesn't attract so much attention.

If I ever run into trouble, I'll simply identify the valid emails explicitly and put everything else into spam.

Re:No big problems here

That is, until the DSL provider you host your domain on decides to block port 25 because someone else on your ISP was spamming or relaying spam. :|

Spammers ruin it for everybody.

Re:No big problems here

[toonerh]

Right after registering a domain, you'll often get a few spam's hawking hosting services, ect. Verisign (no flames please!) does allow you to opt out of their bulk sale of whois data - although why are they doing it in the first place?

Also for $9 a year you can buy a redirected e-mail address that changes every 10 days that appears as your whois contact.

Re:No big problems here

[Best+ID+Ever!]

I get only a few junk e-mails to "webmaster", "postmaster", and other generic usernames.

Most of the junk I get comes to the email address that's listed in WHOIS. That accounts for probably 99% of the spam I get, since I don't post my real address anywhere.

Re:No big problems here

[syrinje]

I can vouch for the desirability of the domain name portable email approach too - I finally got myself a domain and use it to provide portable addresses for my family using email forwarding.

The good thing is that email forwarding is free from most registrars. Some support only a limited number of specific email address forwards while others allow an unlimited number, so shop around for a good registrar....it is an educational experience to read about the Verisign evil emipire for example.

I would recommend that you turn off the catch all option (or at least set filters in your mail client to weed out mail to any address you havent specifically configured). That way you don't habve to stay up all night wondering if you need bre??t or pe??s enlargement depending on your sex. Of course, you are more likely to receive spam on the email ids that you leave sprinkled around in the mandatory registration pages - so use a different email address for that - instead of your permanent one. Or just get the Mozilla plug-in to bypass registrations.

Of course that means you lose out on some really entertaining spam - the best I have ever received offered to teach me everything I ever wanted to know about septic tank cleaning systems. Now thats a cathartic experience... :)

Re:No big problems here

[morcego]

Same thing for me. I have 4 domains with catch-all addresses, and I can't remember when was the last time I was a victim of a dictionary spam attack.
Anyway, make sure you have some good spamfilter in place, and hook a few address (webmaster, and common names like john@ that you don't use) directly to feed it.
Lets face it. We need spam protection. And if it is any good, having wildcard addresses on your domain won't give you any extra problems.

Re:No big problems here

[Shinsei]

Well.. I can imagine the catch-all idea would definitely not be a good idea if you have an isp that enforces some kind of bandwidth limit to your account.. I guess it would depend on the domain name though.. But you could easily get a few MB of traffic per day wasted, just because you got a lot of spam..

Re:No big problems here

[Oloryn]

From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address.

My experience doesn't match. I've got my own domain, hosted on my home computers. I don't use a catch-all address, but my mail logs show anywhere from 400 to 1200 emails daily bounced because they're addressed to invalid email addresses. Roughly 80% of these come with an envelope from address of (null, supposed to be used only by bounce messages). Because spammers are sometimes known to use as an envelope from address on spam, I can't be sure that these are all bounce messages. I am pretty sure, though, that they represent either spammers using a dictionary attack on my domain, or spammers using @mydomain> as a From address for that spam. And the other ~20% are pretty well for sure dictionary attacks on my domain.

Now, I'll admit that while I'm by no means a big-time anti-spammer, I have done my share of reporting spammers to their ISPs and posting on nanae. It's possible that I've gotten on a list of 'known anti-spammers' that spammers use for generating spam from addresses, just for harrassment potential. My experience may apply mostly to those who go beyond filtering in fighting spam. But it is another data point.

Re:No big problems here

[SydShamino]

Yes, I agree. I have my own domain, with all default mail going to a "junk" folder.

You should start out by sending anything for "sales@domain.com" or "postmaster@domain.com" straight to bit bucket hell. I get plenty at those addresses, usually of the sort trying to sell me things to improve the visibility of my web business (I have no web business).

The most important part, though, is being able to -make up a new address for each person you give one to--. This is VERY important. If you buy tickets online, use "cinemark@domain.com" or whatever chain you use. If you give an email address to a restaurant, give them "tgifridays@domain.com", etc. This way, you can receive confirmation emails, coupons, etc., for as long as you want to, but if they won't abide by their removal policy, or if you get spam, you can shut them off and know exactly where it came from.

The same is true when you give your address out in person. It is harder to give out an obviously "made-up" address to a real person, but it can be done. Just use a random string of numbers and letters that means something to you, but looks like an old-style email address to them, i.e. "qrt045@domain.com" for the lady at the morgage office that said she would email you the paperwork.

I have yet to need to block an address that I've given out in this way, but I like having the flexibility to give out unique addresses to everyone without having to make 1,000 hotmail accouts before hand.

Re:No big problems here

[Pembers]

Judging only from my inbox, it would seem that spammers are more likely to use lists of known e-mail addresses than trying to guess valid usernames for a domain.

My experience so far has been the opposite. I got my own domain about four months ago and put my website there. So far, the only address at that domain that I've publicised on the web has been webmaster@. To date, this address has received only one spam. (To be fair, I think most spammers filter "webmaster" out - my old ISP let me use webmaster@username.domain. That was visible for about six years, and that got hardly any spam either. Other addresses that have been visible on the web have been spammed mercilessly, to the point where I've had to tell the server to drop anything sent to them.)

Anyway, my point was that within about a month of my domain being created, I started getting spam to sales@. A month after that, they started trying info@ as well. Seeing as I had never used those addresses in any way, and had no plans to use them, I felt no compunction in auto-forwarding them to uce@ftc.gov.

So, I use the catch-all address. I find it useful for the usual trick of telling any company that wants my address that it's company@my.domain. I don't have to do anything else to allow the mail through, but if I start getting spam to that address, I know who sold it (or who got hacked). This hasn't really been a problem for me, though. Maybe I'm just paranoid about giving out my address in the first place.

Re:No big problems here

[utlemming]

I orginally purchased my first domain name for email reasons. It proved to cut down on spam significantly. I went from recieving about 20-30 spams a day to now just the occasional virus messages. The only problem that I ran into was that I purchased a .org address, and well some people were putting .com. So I had to buy .com too. But it sure is nice having the portability and knowing that you own your own address. The other problem that I have had is that the WHOIS information is used by spammers. The email address that I listed in the WHOIS information gets spammed by the likes of people offering website logo crap and offers for CIALIS or whatever that impotence drug is called.

Re:No big problems here

I do something similar. I had to sign up for some website (I can't remember which), and of course used the "Do not mail me anything" check box. This went to a unique email address which I kept open long enough to opt-out of that websites mailing (despite telling them in the first place not to email me). Now I just have that email forward to uce@ftc.gov automatically. Maybe it will do something, maybe not, but I tend to get quite a bit of spam on that address.

I'll let someone else deal with it.

Re:No big problems here

[kevcol]

I run my own mail server and host my own domains, the oldest domain being 7 years old. I read my logs and many (not all) of my domains are dictionary attacked several times per hour, every hour of every day.

Re:No big problems here

[Rob+Riggs]

If you run your own SMTP server, you can use mailbox aliases as described in the mail addressing FAQ.

Re:No big problems here

[alienappliance]

I've had to shut off my catch-all, but not because of spam, but because of spoofed return-email addresses someone has been sending out with my domain name. My INBOX would be filled with bounce backs from email addresses some spammer was using that we're live anymore. He/she didn't have to deal with the bouncebacks, but they cause my mailbox to overflow. Shutting off my catchall address eliminated the boucebacks because the spammer wasn't using my "real" email address, just some made-up name at my domain.

Re:No big problems here

[dobedobedew]

I'd like to add that I also run my own domain, and have done no such anti-spam advocacy, but I still get the dictionary attack spamming attempts quite frequently.
BTW, I have done quite a bit of anti-spam work. It's just face-to-face and not on the net where it would be visible.

Re:No big problems here

[AndyChrist]

What we NEED isn't spam protection. What we NEED is public executions of a few spammers. Or barring that, some psycho vigilante, a Spam-Punisher or something, to fucking GUT a spammer and leave a statement written in the fucker's blood as to who they were and why they were executed.

Spammers need to be turned into (real) Spam.

That's the only thing that will stem this. You're not going to get them to pay to send mail. You're not going to get them to obey some toothless ban with no testicles.

The only solution is to make the risks too high. And that is to hunt them down across borders and fucking eviscerate them.

If I can get some funding and immunity to do this with impunity, I will volunteer.

Re:No big problems here

[stephanruby]

...and in case you don't want to get your own domain, you can still do the same thing for free if you get yourself a spamgourmet.com address.

Re:No big problems here

[macdaddy]

Your advice is insane. Any person with any experience with mail administration would know better than to use a catch-all address on a domain with valid uses. Please stop giving out bad advice to people that don't know better.

Re:No big problems here

[Grant_Watson]

"You should start out by sending anything for 'sales@domain.com' or 'postmaster@domain.com' straight to bit bucket hell. I get plenty at those addresses, usually of the sort trying to sell me things to improve the visibility of my web business (I have no web business)."

You (and the others who advocate this) should be aware that you are violating several RFCs by breaking postmaster. See, in particular, RFC2142:

...if a given service is offerred, then the associated mailbox name(es) must be supported...

Re:No big problems here

[macdaddy]

Advice can not get any worse than this. Postmaster and Abuse are required mailboxes. They are not optional. RFC 2142 mandates their use. This isn't some new requirement either. That RFC was written in 1997. People who violate this RFC will find themselves in a blacklist at a very aptly-named website: RFC-Ignorant.Org. A very fitting name for a very ignorant group of people.

Moderators, please moderate the parent down for being a fool giving fool's advice.

Re:No big problems here

[shird]

are you sure all those bounced messages arent from mail worms forging from addresses? Probably about 80% of my mail is from 'mailer daemon - your message was infected' or 'we tried to deliver but failed' type messages, from domains Ive never sent mail.

Aside from those, I get virtually no spam, or at least it gets filtered quite reliably.

And I just have a regular yahoo account.

Re:No big problems here

[jrockway]

Are you a two-year-old?

Spam is annoying. Spam is trashy and "unethical". But it's not worth killing someone over.

Just get a new email address. I got a new one and don't get spam anymore (the gmail one above does get spam, though...)

Every time I post this, I get modded down (slashbots hate spam, I guess... I'm pretty indifferent myself), but I'll say it again. I actually think spam is a good way to motivate ISPs to upgrade themselves. If their mail servers die every few days because of the load spam inflicts, they upgrade their servers. That means new features (or more uptime) for you! Bandwidth is the same way... spam uses a lot of bandwidth so the Big ISPs have to upgrade their links. And they aren't doing the bare minimum (when you've dug up the cable, you're going to put more than you need down... digging is expensive, fibre is cheap), they're adding more bandwidth than they need. Which means that slashdot loads faster (or your movie downloads faster). That's a good thing.

Just don't give your email to anyone who asks, and you'll avoid spam. I hear putting numbers in your username helps against dictionary attacks (jrockway in in a dictionary, but jrockw2 isn't).

In closing, please have a drink of your choice and relax a bit. No need to get worked up over spam. And if a gmail invite would calm you down, I'll give you one :)

Re:No big problems here

[Antique+Geekmeister]

I see a lot of alphabetically generated spam. I'd actually use the invalidly addressed mail to create an email blacklist for those IP addresses that send it, a blacklist with an expiration to allow misaddressed email to eventually be re-addressed and later go through.

Re:No big problems here

[tyler_larson]

From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address.

The same was true for me until a few months ago. My tactic was, whenever I needed to give out an email address, it would be their_company_name@my_domain. If I started getting spam to that address, I'd know who was to blame for selling me out. I could also just blacklist that address.

Then, very recently, after my domain started getting popular on google, I started getting spam sent to a whole ever-changing list of random names @my_domain: cunningham@ dennis@ schmidt@, etc. Something on the order of 300 pieces per day. It's very clear that this is all from the same spammer, because it's always the same product: software. And the content of the email always follows the same pattern: chunks of web pages pulled at random to fool the spam filters, followed by something like: "N0r-t0n S0ftw-are 0-n Sa1e T0d-ay".

He uses a huge variety of mail servers all across the world. I'm thinking of blocking email from all Non US/EU IP ranges, though I could probably just install a filter a basic lameness filter that check for too many zeroes in the message body :)

Re:No big problems here

[Smartcowboy]

There is no law asking you to follow RFC. Killing the "required" mailbox is like putting your firewall in stealh mode. It don't follows the convention but it only harms the bad people. The mail service is made in a way that helps spammer. It's severly broken IMHO.

Re:No big problems here

[josh+crawley]

What are you going to do, send the RFC police to rape them in the ass with their big black rubber truncheons? Seriously...

Re:No big problems here

[Goo.cc]

You're right. My problem now is that I keep coming up with new, cooler domain names that I want to use.

Re:No big problems here

[mark-t]

There's no "law" against blacklisting someone for simply failing to follow an RFC either... the choice is yours.

Re:No big problems here

[macdaddy]

If they want people to accept their mail then they'd best play by the established rules of the Internet. I reject mail from domains that don't conform the the RFCs on all my mail servers. Don't you?

Re:No big problems here

[Daniel+Dvorkin]

No one individual spam is worth killing over. But the sheer volume of spam, honestly, I think is. If a few gory public murders would mean that I and every person I know could stop losing several hours per day of our lives deleting spam, talking about spam, dealing with the fallout from missed legitimate messages that got deleted as spam, et bloody cetera -- well, I'm for it.

Re:No big problems here

[bizpile]

And if a gmail invite would calm you down, I'll give you one :)

You know, I've been a bit on edge lately too. I'd take one. my email

Re:No big problems here

[killjoe]

Since that RFC was written before the advent of spam they should change it. I got tired of getting hundreds of spam to postmaster@mydomain.com and simply shut it off. If anybody blacklists me then fuck them.

They are ones that are ignorant. Blindly following an RFC that ignores the reality of what is happening today is the height of stupidity. Blacklisting somebody for not doing it just plain moronic and asshololic behavior.

But then again there is no shortage of assholes on this planet are there.

Re:No big problems here

If they want people to accept their mail then they'd best play by the established rules of the Internet. I reject mail from domains that don't conform the the RFCs on all my mail servers. Don't you?

YOU MOTHER FUCKER I WILL KILL YOU WITH ONE PUNCH IN YOUR FUCK HEAD

Re:No big problems here

[cfuse]

Spam is annoying. Spam is trashy and "unethical". But it's not worth killing someone over.

Kill'em all, let God decide.

Re:No big problems here

There's no law against blacklisting the blacklist and anyone using it either.

Perhaps others should make a blacklist to blacklist sites that use frivolous blacklists

Re:No big problems here

[klausner]

Well I've experienced another variant on this form. I have a domain where I have also used addresses like company_name@mydomain.com when I didn't trust the recipient not to sell the address, or where I wanted to ID the source for other reasons.

So I can't turn off the catchall on my domain. Even with an RBL filter at my registrar, I still get tons of crap. In the last month, spam has gone from ~300/day to 1,800/day. Most of it consists of 4 to 8 identical messages addressed to random names at my domain. It comes from all different source addresses, but presumably from many spammers as there are lots of different products being hawked.

I wish I could find a filter that would handle dupes that I could run as a POP proxy. Otherwise I guess I will have to set up my own mailserver, instead of using my ISP's.

Re:No big problems here

[tgrigsby]

Sorry, but believe it or not, I've been pissed off enough to feel the same way. No, it's not worth killing someone, but it sure is fun to imagine getting my hands on the f****r that spam attacked my catch-all domain with over 5000 messages a day.

And in real life, if I *did* get a hold of him.... well, I might not kill him... maybe....

Re:No big problems here

[japa]

Are you trolling?

I actually think spam is a good way to motivate ISPs to upgrade themselves. If their mail servers die every few days because of the load spam inflicts, they upgrade their servers. That means new features (or more uptime) for you! Bandwidth is the same way... spam uses a lot of bandwidth so the Big ISPs have to upgrade their links.
One simple question: where do the ISPs get the money to do the upgrades? Who pays for that? (Oh, that was actually 2 questions..)
Getting more bandwidth because there is lots of spam doesn't mean you get to enjoy faster connections. It means you get more spam faster.

Just don't give your email to anyone who asks, and you'll avoid spam. I hear putting numbers in your username helps against dictionary attacks (jrockway in in a dictionary, but jrockw2 isn't).
I also heard that time machine helps agains spam. You go back in time, before any spam was ever mailed and remove all the usenet postings you've made with your own address so that spammers in future (from that point, past in present point) will not harvest it and put it to millions CD where it will stay forever.

And to the original topic: I stopped using catch-all address on the very monday I had some 90k messages waiting my inbox.

Re:No big problems here

[rew]

With the addition of: If you sort it into a special mailbox, you can quickly walk trhough it with a: "Most if this is spam" attitude. Then if you catch the odd "this shouldn't have been in there, you found someone who misspelled your name. Or you gave out @yourdomain, and they are sending you a legit update. If that happens you can inform the sender in the first case, or add a rule to sort the message differently in the second case.

Re:No big problems here

[r0xah]

Sorry, but I had heard of the requirement to have a abuse@ and postmaster@, but never knew of the rfc-ignorant.com site. Whenever I went to the site I found how flawed your post actually was. There is NO requirement to use the rfc standards and there is also NO blacklist. The rfc-ignorant site only compiles a list of sites that do not comply to the RFC standard. Nobody has to have those email addresses unless they want to. NO REQUIREMENTS. Read your own linked website before you go posting bogus information.

Re:No big problems here

[killjoe]

What do you do? Email postmaster and see if bounces before you accept the mail? Since your link is not actually a blacklist how do you determine if the domain is RFC compliant or not?

Re:No big problems here

[Jesus_666]

Kill'em all, let God decide.

Good idea. If we kill each and every human on the planet we have a 100% chance of stopping all spammers. Who cares about a few false positives?

Re:No big problems here

[Jesus_666]

I also heard that time machine helps agains spam. You go back in time, before any spam was ever mailed and remove all the usenet postings you've made with your own address so that spammers in future (from that point, past in present point) will not harvest it and put it to millions CD where it will stay forever.

Alternative solution: Use multiple, dedicated mail addresses.
Use one for mailinglists (maybe more than one, depending on the number of lists). This one should be kind of safe. The same with actual e-mail correspondence: One address, should be safe from spam for quite some time.
Use multiple disposable addresses for stuff like fora, Slashdot, etc. Once one of these addresses starts receiving more spam than you want it to, kill the account and replace it with a new one. Never give one of these to someone who might mail you, only to registration forms and the like.

Re:No big problems here

[Jesus_666]

Since your link is not actually a blacklist [...]

It is not?

Re:No big problems here

[Tim+C]

I guess I must just be lucky. I've had a domain, complete with "catch-all addressing", for about 4 years now, and I get maybe a few dozen spams per week. Almost all of those, too, go to an address I was foolish enough to use in plain text on kur05hin a couple of years ago.

I am anti-spam, but not particularly vehement about it. I can imagine thought that if I were getting that many mails, I'd probably be howling for blood...

Re:No big problems here

I got tired of getting hundreds of spam to postmaster@mydomain.com and simply shut it off.

So basically, because you are an inept mail admin, you take away the only address through which I can communicate with the mail admin. I tire of a lot of social rules too, but I accept them as a basis for communication.

FYI, if I didn't extensively use blocklists, I'd get about 500 spams a day at my postmaster address. Currently about 1 a week gets through, and that ip-address is immediately added to my private block list.

Blindly following an RFC that ignores the reality of what is happening today is the height of stupidity.

If you don't like the RFC, then join the appropriate woking group of the IETF and get it changed, but don't change the rules of the game unilaterally, and then expect me to play along. There isn't a magical place from where RFC's appear, they are thoroughly discussed in the working groups and on the mailing lists.

Blacklisting somebody for not doing it just plain moronic and asshololic behavior.

From my point of view I'm blacklisting a moronic asshole who thinks he gets to decide which rules to obey and which to break.

Which he gets to do. On his own fucking intranet.

Re:No big problems here

[lachlan76]

So, ummmm.......If you feel that way about spam, what filter program do u use? Because it sounds really, really, really good, if you don't want to gut the general spamming population, that is.

But I will accept that gmail invite ;)

Re:No big problems here

[lahi]

But what would they do if someone submitted that site to itself?

-Lasse

Re:No big problems here

[macdaddy]

Actually that's how most are found. Some aware person sent a message to postmsater or abuse at a given domain and it bounced with some error that indicates that it's either not a valid mailbox or that it won't be read by a human. Usuaully this happens during the practice of spam LARTing. You take the full headers and body of the message that indicated that the address was invalid or wouldn't be read by a human and you submit it to the RFCI folks either via a web form or via email. They'll examine your submission, confirm your claim, and blacklist the domain in the appropriate places. No (that I know of anyhow) goes out looking for domains to blacklist at RFCI. They just stumble across them in the course of their normal activities.

Re:No big problems here

[macdaddy]

So as someone who claims to be a mail admin you're saying you don't want to use the estalbished method of contacting mail admins to be used on your server? How else do you expect mail admins to contact you? Do you want them to jump through hoops and search your website for new contact information? Sure postmaster gets spam. All postmasters get spam. Cry us a river and deal with it like every other responsible mail admin out there. It's something we just put up with because doing with it unacceptable. There are reasons we have RFC-I. Your attitude and those that share it are the main reason.

Re:No big problems here

[macdaddy]

Alan Ralsky, is that you? Ernie Haberli, is that you? No wait, I know who you are, you're Scott Richter. Hi Scott. I knew only a spammer could possibly say so many stupid things in one post. Yes Scott, it really is inconvienent for you when we anit-spammers quickly forward all your lovely little spams to postmaster @ the provider whos poor customer was compromised by your little ope proxy viruses and unknowingly let you spam via their computer. Yes, that is inconvienent. Wouldn't you love it if no one used postmaster or abuse or any other standardized mailbox to contact mail admins around the globe? Why your spamming might be able to go on for a day or two before we determined few could find a way of contacting the right people--that's if we can get through the various levels of BS at any one given company to actually get to the mail administrator. There there Scott, don't cry. I know it's been tough on you. That's too bad though because this accepted practice just isn't going to stop any time soon. There is hope for you though. Get ahold of the zone files from rfc-ignorant.org. They compile lists of the really ignorant people that can't seem to comprehend what a RFC is and how to use it. You should be able to spam freely from those ignoramuses since they obviously aren't very compotent mail administrators. Been nice talking to you Mr. Scott Richter, spammer.

BTW, you're intentionally inciting a DoS attack on the RFCI folks. Don't you know that's illegal? Maybe you should just step away from the computer now before you really get yourself into trouble.

Re:No big problems here

It's not just asshole behaviour, its a very valid method of blocking the spam that you also obviously have problems with. To refuse access from people who are either ignorant or from choice refuse to follow age-old conventions of the Internet.

Sorry you find it annoying, you'll have to find some way of dealing with it. To turn your own words back on you, theres enough anti-spam software around so you have no excuse for not using it. Certainly the Internet should not throw away such fundamentals just to make your life easier when there are valid solutions that just take a little effort. This is an online community, to take part is a two way process that involves more than just plugging in cables and installing sendmail.

And I concur there is no shortage of assholes, which is why we need those blacklists.

The assholes are the spammers, not the people fighting against them. Maybe blacklists do mean that going online takes more effort, but to say that is the fault of the blacklists is incorrect (I won't use the word ignorant as my intention is not to inflame, although millions would).

Re:No big problems here

[Frisky070802]

Attacked via email? Or are you referring to other things like web vulnerabilities? I'm surprised. Your domain isn't aol.com or msn.com by any chance? :)

Re:No big problems here

[killjoe]

I am none of those people.
I am not a spammer.
I am all for blacklisting spammers.
I subscribe to more then one spam blacklists.

There is nothing wrong morally or legally with blacklisting spammers.

There is something dreadfully wrong with blacklisting people who are victims of spam. I am a victim of massive amount of spam coming to my postmaster@ and abuse@ email addresses so I shut them off. If the bastards decide to blacklist me then I will simply forward the email postmaster@rfc-ignorant.org and abuse@rfc-ignorant.org. At that point I will be fully rfc compliant right? They should love that!. What's the difference if I dump the email to /dev/null or forward it to them? I am not going to read it either way right? Ooops maybe the RFC states that I have to actually read the email that comes to those addresses.

"BTW, you're intentionally inciting a DoS attack on the RFCI folks. Don't you know that's illegal?"

Really? Illegal? Please point out the law to me so I can educate myself on the matter. In the mean time I still suggest people forward their postmaster@ and abuse@ email addresses to postmaster@rfc-ignorant.org and abuse@rfc-ignorant.org. They apparently love spam. As you said they are providing a handy list of servers to spammers.

If it turns out that what I am advocating is illegal then I will gladly retract my call and ask people not to forward my emails over there. In fact I will change my signature to ask people not to forward their email to postmaster@rfc-ignorant.org and abuse@rfc-ignorant.org and make sure I post in a thousand newsgroups to get the word out. I just hope the harvesters don't harvest those email addresses that's all.

Re:No big problems here

[killjoe]

"So as someone who claims to be a mail admin you're saying you don't want to use the estalbished method of contacting mail admins to be used on your server?"

That's exactly what I am saying you moron. When I had them turned on I never read them anyway. All I ever got was hundreds of spam and neve once did I get a legitemate email.

"How else do you expect mail admins to contact you?"

I figure if somebody wants to contact me they can do a whois and give me call. every hear of a telephone? I hear they are pretty fucking handy these days.

"All postmasters get spam."

Right. that's why the RFC requirement is bullshit. Nobody reads those emails. The RFC should be changed. Until it is then I am forwarding my emails to postmaster@rfc-ignorant.com. Since I know that address will always be there and since I know they themselves don't ever read the email what difference does it make right?

"Cry us a river and deal with it like every other responsible mail admin out there. "

I am dealing with it. I think I have a very nice and elegant way to comply the RFCs while avoiding spending money, CPU cycles and time on spam filtering.

"There are reasons we have RFC-I. Your attitude and those that share it are the main reason."

The RFC needs to be changed. It's five years old and that's an eternity in internet years. Dogmatic adherence to antiquated ideology is a BadThing (TM). Remember Osama Bin Laden? He too advocated a dogmatic adherence to antiquated ideology.

Re:No big problems here

[macdaddy]

Unbelievable. What the hell does that RFC being 5 years old have to do with it? RFCs 821 and 822, by far two of the most used RFCs ever, were almost 19 years old when they were revised. 19 years old! What did you think of those while using them? Was that a catastrophe for you? I stand by what I said. We have RFC-I for people just like yourself. Do you let this disregard for stands contaminate your other work? If you as an admin worked for me you wouldn't last very long. Unbelievable.

Re:No big problems here

[macdaddy]

You're arguing just to argue, aren't you?

Yes the RFCs do require a human to read the mail to abuse and postmaster. Why would they require the addresses to be valid if they didn't require them to be read?

Illegal? Certainly. You're asking people to DoS someone else. How about we put that in different terms. You're asking people to shoot at someone. You're asking people to trespass on someone's property. You're asking people to cause physical harm to someone. See how it parallels? Of course inciting someone to DoS someone is illegal. Do I know which law you're breaking? If I had the time to memorize law books I'd be making a lot more than I am now.

Have you ever been a member of the anti-spam community (that includes being a responsible mail administrator that supports or uses anti-spam resources)? You said earlier that you're using blacklists. These blacklists are created in part by using the postmaster and abuse mailboxes you wish to abolish. I gaurantee you if Exodus, Spring, or MCI terminated their postmaster or abuse addresses they would find themselves at the brunt of a negative PR campaign the likes of which you only see elsewhere during presidential campaign years. They would also find themselves on blacklists for choosing to not play by community standards and established rules. You want to reap the benefits of these efforts and yet you want a critical part of the process to be eliminated from the RFCs. Isn't that rather hypocritical? If I as an admin get spam from another provider's customer or if I notice unusual things from that provider entering our network via email I'll give that provider a heads up via email. I won't go hunting and pecking through their website for another address to send cmoplaints, LARTs, and general heads up messages. I won't pick up the phone and waste my company's or my own money on long distance and my extra time to try and explain to some tier-1 script reader that they have a problem and need to address it. The person responsible for the mail system is the person or group of persons that read postmaster. The person or group responsible for abuse complaints read abuse. That's the way it works. Yes you can perform AV checks on both. Yes you can tag spam messages for what they are. You can't delete the spam of course because you could be deleting spam forwarded in complaints. The point is there are ways of dealing with spam on established role accounts. We (the responsible admins of the Internet community) do it. Is it unreasonable to ask you to as well? This isn't that complex of an issue.

Re:No big problems here

You're just foaming like a fucking psychopath because in your tiny little BoFH "I-run-a-domain-I-have-a-big-dick" universe you can't imagine someone not acquiescing to your tyranny of RFCs. In another life you would probably be a US Postal Service employee; you'd probably rise to the rank of running a city post office, then bring an SMG to the office one day and start blowing away patrons while ranting about ZIP+4 barcodes and proper state abbreviations.

Re:No big problems here

YOU ARE FUCKING FIRED

Re:No big problems here

[RobertB-DC]

Postmaster and Abuse are required mailboxes. They are not optional. RFC 2142 mandates their use. This isn't some new requirement either. That RFC was written in 1997.

In other news, .com is the approved TLD for commercial entities. .net is reserved for organizations that provide connectivity services essential to the operation of the Internet, and .org domains must only be assigned to not-for-profit organizations. Enforcement of these rules is essential to the smooth running of the Internet, and violators will certainly be blacklisted within an inch of their lives.

Yep, it's great living in 1997.

(Sorry if it seems I'm piling flames on a fire that's already burning just fine... it's just that your post contained such tempting kindling!)

Re:No big problems here

[killjoe]

" Unbelievable. What the hell does that RFC being 5 years old have to do with it? "

Can't you read? Spam was not a problem then it's a problem now. Some RFC are still valid no matter how old they are, other ones are no longer viable. This is one of them. Until rfc-ignorant can stop spam from coming into my postmaster account I am forwarding my postmaster email to postmaster@rfc-ignorant.com.

Got it? It's simple.

"Do you let this disregard for stands contaminate your other work?"

Fuck yea. I have designed dozens of web sites that are not standard compliant. My boss told me to. It was the only way to get the web site to look good and work in IE.

"If you as an admin worked for me you wouldn't last very long."

You apparently have a two bit operation and I would not want to work for a jihadist narrow minded bigot like you anyway.

Re:No big problems here

[killjoe]

"Yes the RFCs do require a human to read the mail to abuse and postmaster."

Wow. Who is going to come over to my place and watch to make sure I read all that email? How does rfc-ignorant determine the violators of that requirement and blacklist them? Ooops maybe they are not that much of a stickler for standards. Maybe they just blacklist people who violate some parts of the standard and not others.

"You're asking people to DoS someone else."

No I am not. rfc-ignorant is blacklisting people for having that email address active. In that case it's their responsibility to stop spam from coming those addresses. I am simply forwarding the email to them so that they can contact the spammers and have them stop sending spam to my postmaster address.

"You're asking people to shoot at someone."

Wow. I didn't know forwarding email was the same thing as murder. Amazing.

"You're asking people to trespass on someone's property."

Wow. I didn't know forwarding email was the same as trespassing. Isn't forwarding in some RFC or something?

"You're asking people to cause physical harm to someone."

Wow. I didn't know forwarding email actually caused physical harm to anybody.

"See how it parallels?"

I guess I don't. You think forwarding email is the same as murdering somebody. I really don't think it is.

"I gaurantee you if Exodus, Spring, or MCI terminated their postmaster or abuse addresses they would find themselves at the brunt of a negative PR campaign the likes of which you only see elsewhere during presidential campaign years."

First of all BULLSHIT. Second of all they have the resouces to deal with billions of spam they get.

"They would also find themselves on blacklists for choosing to not play by community standards and established rules."

The rules are stupid. They rules were written before spam was invented. The rules need to be changed. This is not the bible, this is not the constitution. It's a stupid fucking RFC. Change the fucking thing to reflect the reality of what is going on in the ground.

"Is it unreasonable to ask you to as well? "

I submit that it is indeed unreasonable. Unless you want to take responsiblity of eliminating spam from my postmaster account and making sure only legitemate emails arrive there don't make me turn it on. If you force me to turn it on then I will be happy to forward them to you so that you can deal with it.

It isn't that complex of an issue.

Re:No big problems here

[dago]

So, you won't mind to give your domain/IP adresses to be submitted to rfc-ignorant ?

Re:No big problems here

[macdaddy]

Spam was not a problem in 1997? Where were you in 1997? Where ever it was you must not have had an email address. As for your other reply, well hell, I just don't know where to start. I seem to be having a circular discussion though that's back again to where it's started. So I don't think I'll start it rotating again. Have a nice day.

Re:No big problems here

[macdaddy]

Actually, I take that back. I will respond to your reply with a point and a request. First the point. Spam far pre-dated that 1997 RFC. Apparently you weren't using email until after 1997. Secondly the request. Please submit your domains to RFC-I so we responsible administrators can easily distinguish your domains from those with responsible administrators. If as you say you have no problem with people blacklisting you then you should have no problem submitting your domains. Let me make it even easier for you. Here is the link to postmaster @ yourdomain. Here is the link to abuse @ yourdomain. Good bye.

Re:No big problems here

[killjoe]

"Spam far pre-dated that 1997 RFC. "

really? How big of a problem was it back then? Did you get three hundred spam messages a day? I didn't think so.

"Please submit your domains to RFC-I so we responsible administrators can easily distinguish your domains from those with responsible administrators."

No need to. I am now fully RFC compliant because I have enabled my postmaster account and forwarded to postmaster@rfc-ignorant.com and abuse@rfc-ignorant.com.

See ya.

Re:No big problems here

[killjoe]

" Spam was not a problem in 1997? Where were you in 1997?"

No it was not a big problem for me. Today it's awful and getting worse every day. why don't the fucks at rfc-ignorant blacklist spammers instead of people trying to avoid spam?

"s for your other reply, well hell, I just don't know where to start."

Start with this. Have you ever produced a web site that was not rfc compliant? If so why?

sometimes the reality of the situation is that you have to ignore standards. Apparently the jihadist fucks at rfc-ignorant.com can't get that through their thick skulls.

Re:No big problems here

[sirshannon]

I had the same problem with one of my domains. Every 5 minutes, Outlook would check my email and I could tell I had new mail. There would be between 10 and 50 new emails and I would watch them come into my inbox and then Outlook would route them all to the junk box. I was getting over 1000 a day, all to random addresses in the form of [firstname]@[domain.com], all for the same domain.

They weren't exactly spam, though, they were virus/worm emails.

I eventually got tired of the letdown when all my new emails were sent to the junk box, so I turned off the catch-all.

This has not happened to my other domains, so I still have catch-alls for them. I use site-specific email addresses when I register for things (like nyt@[domain.com] when I registered at newyorktimes.com, amazon@[domain.com] when I registered at amazon.com) in order to track who sells/gives away my email address.

Re:No big problems here

[TwistedSquare]

Illegal? Certainly. You're asking people to DoS someone else

As I write, in the UK DoS is not illegal. I suspect this is also the case in many other countries. I have no idea about the US, but that's just one country in the mix.

Re:No big problems here

Personally, I always thought standards were there for a reason... to standardize stuff.

If your website isn't standards compliant, and you did it so it would "look good in IE" then my best guess is that you didn't have a clue what you were doing, and/or didn't want to put forth the extra effort to do it correctly.

I'm guessing the latter, considering your RFC stance.

Re:No big problems here

[Oloryn]

are you sure all those bounced messages arent from mail worms forging from addresses?

No, of course I can't be sure, as they're bounced, and I never see them. With the apparent connections between worm writers and spammers nowadays, I'm not sure I'm inclined to make much difference between the two. And whether it's actual spam or worm bounces, junk is junk.

Re:No big problems here

[killjoe]

Try this.

My boss made me do it because he did not want to alienate 90% of his customers.

RFC compliance is fine and dandy if you are running a hobby site but when it comes to making money you do what you need to.

Re:No big problems here

[SydShamino]

Dude, that's stupid as shit. Hello? 2004? Spam? I don't give a crap about someone trying to contact me via an email address that is publically available. If they care that much to reach me, then can send me a letter - my physical address in the domain registration is accurate.

Your shouldn't worry about that

[toetagger1]

If you use a spam filter, you sould not have to worry about it. You are not exposed to more kinds of spam, just more instances. And since spam filters currently have no issue with volume, you should be ok.

Re:Your shouldn't worry about that

[rd4tech]

Hmmm.. interesting thought, is there a threshold limit of emails over which your statement hold true?

Re:Your shouldn't worry about that

[toetagger1]

why don't you post your E-mail addy here, and that should be good enough of a try!

Re:Your shouldn't worry about that

[fd]

Well, except for the time required to download it all. I use POPFile which is filtering 99.66% success rate but I still have to download 250 spams a day.

Re:Your shouldn't worry about that

[Cesare+Ferrari]

Except your mailbox overflows when you are away on holiday for a couple of weeks because of the volume of spam. Cesare

Re:Your shouldn't worry about that

[kjamez]

i have spamassassin run via kmail filter locally on a dual pII/350, and the load on both processors jumps to 98% for each email recieved. I recieve upwards of 200-300 a day, mostly to my legacy address (13 years running), but have been recently attacked with [random]@domain.com dictonary attacks. i just didn't want anyone out there claiming a bayesian spam filter has no 'issue with volume' ... i'm considering using fetchmail to grab all my mail and using cron to run the filter on it at night ... thank god the pII/350 is just in a closet somewhere and i don't actually use it for anything BUT email ...

conditions

[TedCheshireAcad]

just be glad you're not asdf@asdf.com.

Re:conditions

[Liquidity]

I think foo@bar.org might get even more.

Re:conditions

[VistaBoy]

I'm use noneof@your.business for filling out forms.

Re:conditions

[Ryan+Huddleston]

support@microsoft.com seems to do quite nicely :-)

Re:conditions

I usually use something like registration.sucks@domain.com where domain.com is whatever site I am trying to get into.

Re:conditions

[beacher]

While you're getting your own domain, use that to your advantage and sign up on websites so you can track if they sell email address lists

Extract from today IRC session.. names changed accordingly

[IRCer1] hrm, looks like ajc.com got hacked
[IRCer1] getting bounces for spam with ajc@(domain_removed) as the return address
[IRCer1] only place i've used that email address is ajc.com
[IRCer1] so either they sold their mailing list
[IRCer1] or got hacked by email harvesters
[IRCer_2] i'd call they sold it

Re:conditions

[smeenz]

Quite:

http://asdf.com/asdfemail.html

Re:conditions

[john+barleycorn]

me@my.net may be even worse. ive been using that one on web forms for years (along alot of other ppl probably). not to mention all the references it gets in examples of all sorts of things on the web.

Re:conditions

[Edward+Teach]

Think about poor bob@bob.com

Re:conditions

[blogeasy]

ok@ok.com seems to get a lot too.

Re:conditions

[studerby]

test@test.c_o_m probably sees a lot of action like this.

Re:conditions

i.am@satan.com is one of my favorites.

Re:conditions

billg@microsoft.com is better.

bayesian filter is your friend

[elucubra]

set it up, but make sure you have a good bayesian filter to weed out the crap.

Re:bayesian filter is your friend

[xcham]

Exactly. SpamAssassin will do the trick.

Re:bayesian filter is your friend

i prefer bi-asian filters.

bounce?

if anyone really emails your domain, and it bounces, won't they figure it out?
Seems like a useless feature.

spammers should be shot

read the title. FP?

Re:spammers should be shot

you fail it.

Really ,

[rd4tech]

I can't understand some people, sometimes spam makes so exciting reading...

Re:Really ,

[lphuberdeau]

You must recieve a lot o p0rn emails to find it exciting.

I just get everything filtered on server side spamassassin ;)

Re:Really ,

[phalse+phace]

You wouldn't happen to be this guy, would you?

Re:Really ,

[d34thm0nk3y]

no kidding, if your work monitors web access and you REALLY need a porn fix just sign up for a few of those "free offers" you see so often on the net....

No

Doesn't matter, the only stuff sent to other addresses is spam

now if you want to know how you got the e-mail, based upon what email address they used, then it's helpful

Isn't that the POINT?

[SuperRob]

What does it matter if it opens you up to spam. It's a catch-all account right, isn't that what it's supposed to do?!?

yeah..

[khrtt]

..and don't forget to send the spammer's IP to the spam blacklists automatically.

Spam eh?

[Agret]

Maybe you could set one of those up and use all the spam detection software you can find (i.e. Spamcop) i'm sure other people will post the URLs to some spam detection software which you can run on your server. That way you get to reduce the ammount of spam that you have to sort through while searching for legit emails. Most of the spam these days is ovbious spam like Subjects which make no sense and often have lots of spelling errors in the body. Beacuse of this you can detect spam by hand quite easily too.

Anti-spam should still function

If your catch all address forwards to your personal mailbox, your antispam solution should still filter the junk no matter where it's sent. In fact, you should probably be able to ratchet up the spam rating a bit for anything which is not sent to your personal account, and give yourself a bit of a head start...

I do it

I do it. I've found that although a lot of spam gets sent to that email, people aren't going to just send adsflkjes3542@domain.com an email. Randomly guessing email doesn't get you a hit. Most spam kings purchase emails. Why? Because they need valid emails.

You're opening your gates to nonvalid emails, but that doesn't seem to be a threat. As stated earlier, no one wants nonvalid emails.

Here's one way to get the most from it

[quinxy]

As someone who has been using a catch-all account for years, and has enjoyed the benefits and suffered the consequences, I would suggest you do it (though not without some warnings and recommendations). I do receive a fair amount of SPAM for accounts which have never existed on the system. I have also endured several periods when some SPAMmer referred to fake accounts at my domain in the return-to of the SPAM they were sending out (they were not using my mail server, they simply made up random usernames for my domain). Since they were random (both the names they used and the content of the SPAM) it was impossible to easily filter out. That sucked. I would receive hundreds of bounce messages per day. Ultimately I was able to make it stop by writing a script to post every bounce message I received through to the support form on the websites being advertised (modifying for each of the three or four sites which were involved), making the normal "cease and desist" legal threats. It seemed to work, since the SPAMs did stop soon after (presumably those sites complained to the SPAMmer they employed), and the SPAMmer no doubt moved on to some other fake accounts. Bastard. One of the best features of the catch-all is that you can totally control to whom you give out your "real" e-mail address, as well as track who is using the e-mail addresses you are giving out. For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering). You'll be able to receive that sites mail until you either don't want to, or until you see that they have abused the privilege of e-mailing you. Often I will see six months after registering to some site, I start getting tons of SPAM from the e-mail I gave to that site, and I can then simply block that on the mail server, bouncing them or sending them to /dev/null (via aliases, for example). This is the greatest strength in using catch-all addresses. To mitigate the danger I mentioned previously of fake usernames, one should (though I am no sendmail expert and don't know how) set up a rule that any incoming recipient address must correspond to an existing account/alias, OR the catch-all structure you want (the whole PREFIX.SITENAME@yourdomain.com). Q

Re:Here's one way to get the most from it

[epsalon]

Can you e-mail me and/or post the scripts you used for the bounces. I'm in the middle of being joe-jobbed for random addresses on my domain. I'm trying to filter these for spam content, with varying levels of success.

Oh, and don't use the default address posted above (It's blackholed). Use quinxy AT alon.wox.org. Thanks.

Re:Here's one way to get the most from it

[HardJeans]

Or instead of sending it to /dev/null, simply forward it to the customer services email address of the site you signed up for. So every time a spammer sends email to example@yourdomain.com, it gets forwarded to customerservice@example.com Give them a taste of their own damn medicine.

For my take on spam visit www.levijohnston.com/spam.htm

Re:Here's one way to get the most from it

[quinxy]

As I mentioned at the end of the post, I haven't implemented the PREFIX.SITENAME_YOU_ARE_REGISTERING_FOR@YOUR_DOMAI N filtering. I just don't know sendmail/procmail/etc. well enough to make it worth my while. If anyone who does can tell us how, please do!

If you were talking about the bouncing of known abused addresses, then that's super easy, just add a line to /etc/aliases (assuming UN*X), sending anything received for that account to /dev/null; ideally this would be done by some other script, a catch-all management one, as this approach doesn't bounce the mail, giving the impression that the account is valid.

But, the occasional retirement of virtual addresses has been good enough for me for years, the other thing I propose would be the "real" ultimate solution, to prevent the negative things I have experienced.

Q

P.S. - Sorry I made the post a bitch to read, posted it HTML formatted instead of plain text (there were line breaks in there!).

Re:Here's one way to get the most from it

[edesio]

I think you can do even better than this. Use valid user e-mails for your domain and feed the catch-add address to train spamassassin what is spam :-)

It works great!

Re:Here's one way to get the most from it

[quinxy]

Sadly, anyone likely to abuse your account is a little too clever for that. In my experience, in every situation where I have been SPAMmed, or my address mis-used, there was no e-mail address to forward to. The accounts in the domain record were false (any e-mails would bounce), and the websites would have NO e-mail addresses on them (in only one case did I find one that had it, and mails to that address bounced). How odd that they wouldn't want to give out their valid e-mail address? The only mechanism was to use the "contact us" style forms that they would all universally have.
Q

Re:Here's one way to get the most from it

[Hobadee]

I second that.

I think it would be really useful to release that under GNU GPL. I know it would be of use to many people. If everyone did that, it would actually be a way of slowing/stopping spam. It would create time/bandwidth costs for the spammers. (Spammers spam because benifit outwheighs cost.)

Re:Here's one way to get the most from it

[panaceaa]

You should consider not capitalizing the word "spam". I couldn't bother to read the rest of your post after I noticed you were doing it. It just makes you seem out-of-the-loop, plus Hormel has said they would prefer people to spell it "spam" anyway.

Re:Here's one way to get the most from it

[epsalon]

If the domain has a bad e-mail contact, try the owner of the IP block. If it's also junk data, try a traceroute and the owners of the intermediate links (the ISP of the IP block owner). One of them is bound to have an anti-spam policy.

Re:Here's one way to get the most from it

[jesterzog]

For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering).

I've been doing this for several years now, although while still being reasonably careful about whom I give my address to. To date, the only site that I've personally noticed has leaked my address has been real.com, who leaked the address that I filled in before I was allowed to download the player several years back. It figures.

A lot of my other spam seems to go to my direct ISP account, which I presume resulted from a dictionary attack at one point. I have a three letter username, so it wouldn't be too hard to locate with brute force.

The main risk that was pointed out to me about what you're suggesting -- and this hasn't happened to me yet -- is that you run the risk of ending up on the same spam lists multiple times with different addresses. Most spammers will presumably be smart enough to weed the dupe addresses out of their list. But if you have a variety of addresses that get out, and once an address is on one list it'll probably propogate to all of them sooner or later, then you could end up getting every spam lots of times.

You can still filter them and if you're happy to do that then I guess it's okay. Personally I have a moral objection to filtering, even though I've had to resort to using it in the past year or so. Even if I can filter most of the spam, I'm still getting hammered with the traffic and I'm still paying for it. Up the line, my ISP has to charge me more because they have to deal with countless amounts of spam. As far as I'm concerned, the sooner we figure out a reliable solution to remove the spamming incentive (beyond simply filtering as much as possible), the better.

Re:Here's one way to get the most from it

[quinxy]

Point well taken, 'spam' it is.

Re:Here's one way to get the most from it

[attobyte]

I do this with aliases. I guess it would be easier to come up with email addresses on the fly if you used the catch all but I dont receive any spam and I just remove the alias if it gets out of hand.

Re:Here's one way to get the most from it

[Balinares]

I am having the exact same joe-jobbing problem, and it seems I'm not the only one. Do you still have the scripts used to post the bounces to the support form of the spamvertised websites? I think many of us would be vastly grateful for them. Thanks.

This is what I do...

[flamechocobo]

I just write mail back. It's rather funny when you get a reply from the spammer. That isn't automated.

Re:This is what I do...

[Jesus_666]

Especially if you're sending your mail to some poor guy who has been joe-jobbed.

Nay I say!

I'd say that people will have a harder time remembering 'just put down anything you want @mydomain.com' than telling them specifically send it to 'joebob@mydomain.com'. Thus that kind of cancels out the advantage, and still leaves you ripe for spammage.

Incidentally, first post (albiet it's probably been taken by the time I'm done typing this...)

Nope

[Inominate]

Not at all.

The ideal setup is to have several addresses.
One for close friends, associates, individuals and people who the address is sent to privately.
A second address for mailing lists, and any kind of public posting.
And a third address for anything guarenteed to end up in you getting spam. (Website signups for instance)

Then you simply drop it into three different folders. This method combined with a good spam filter can eliminate virtually all spam.

the whole /point/ of a catchall address is spam

[luge]

It is great. You never have to worry about giving out an indiscriminate address again. Signing up for a fantasy league on cnn/si? I used cnnsi@mydomain. cnnsi sold it and now I get several hundred spam a day there. And I can trivially filter and nuke them, with the added bonus that I know never to send them my business again. amtrak has amtrak@mydomain, I get all the mail from it, and can easily track that they have never violated their TOS. It's the greatest thing- I heartily recommend it to anyone who can.

Re:the whole /point/ of a catchall address is spam

[Mirlyn]

This is exactly what I do, and what I've been doing for two years now per recommendation from another friend. I can't suggest this strongly enough.

If it ever gets violated, add that address to an account with zero or small size limit and let it bounce back to them.

I get less than a half-dozen pieces of spam per month. Most are to the address I put in the whois information (whois@domain), followed closely by sales@domain, info@domain and webmaster@domain, none of which were intended to be valid addresses anyway.

Re:the whole /point/ of a catchall address is spam

[Zocalo]

Alternatively you could also flip that on its head and proactively add new accounts as required, which is what I do. So, if the scumbags at "Foo Corp." decide to sell my email address, I simply delete the "foo@mydomain" entry from my aliases file and both the spammer and Foo Corp. just get a User unknown from the MTA. It avoids all the pain of having a catch-all address and as a bonus it makes sorting email into folders a snip because "To:" is always unique and relevent!

Re:the whole /point/ of a catchall address is spam

[KingJoshi]

I do this as well. I used to have an email address from MailBank (later changed to NetIdentity). They buy up domains with last names so you can do firstname@lastname.com. They started off charging $5 a year for email and now it's $25/year. I got fed up with it and bought my own domain name.

Best move I did. I have greater control over it and feel more security about it as well.

There is a free DNS service held by ZoneEdit. If you only use it for one domain, it allows free email forwards, web forwards, etc. It has about all the services I could ask for (except hosting) for free (assuming you don't go over a quota).

I have emails redirected to my gmail account as well as comcast (which also hosts my personal website). I could host this on my own computer or elsewhere and I have a lot of freedom to do what I want.

And as the parent said, being able to create email addresses on the fly allows you to catch businesses that sell your email address, or find out where the spammers mostly target (and as another poster said, Slashdot is worst of all the ones I've created). It also makes it easier to filter with gmail and do searches and so forth.

I know I'm being mostly redundant as others, but I can't emphasize enough how valuable this is, especially to a computer geek. And I'm only paying $7/year for all this! I can't mod the parent up any more so I just want to re-iterate the value of catchall addresses and owning your own domain name.

Re:the whole /point/ of a catchall address is spam

[mnmn]

I did the same a while ago. My email registered with eBay is ebay@myname.name etc. You can add all valid addresses to /etc/mail/access.db and return a message to the rest user doesnt exist. You can then dynamically adjust that list whenever adding or removing hostnames to the email address. For instance resume@myname.name is treated with priority.

For some reason its a whole lotta work and recently Ive just been using one basic email. You just need to stay on top of things.

Re:the whole /point/ of a catchall address is spam

[luge]

This is a good approach, and the one I'd use, /if/ I had an easy admin interface to add accounts. But most don't (and it certainly sounds like the questioner on the original question doesn't.)

Re:the whole /point/ of a catchall address is spam

[droleary]

I used cnnsi@mydomain. cnnsi sold it and now I get several hundred spam a day there.

Are you sure they sold it, or were you merely a target of a dictionary attack (the dictionary being domains)? Same will go for amtrack@. All a spammer has to do is decide it's a significant enough domain to add to a dictionary and, BAM, you're getting spam there without any kind of TOS violation on Amtrack's part. Common word domains like amazon@ have long been dinged, and it is foolish to blame the company for your own poorly thought out system.

If you really want to use a catch-all to track who sells your address, you have to use a hash or something else that you keep entirely secret and is not easy to guess, like c66915c4ff6a27e5f3aac08f58130ba9 for . . . guess who! :-) Otherwise you're just adding to the abuse that the spammers are dishing out to you.

My own experience with a catch-all is that you're safe until you're hit by a dictionary attack, and then it never stops. I have domains with next to no traffic and a catch-all is fine, but in the last year I've had two of them get hit by dictionary attacks and after that each domain gets an increasing stream of spam attempts, currently around 1000/day. That's bad enough that I shut off the catch-all for the one I don't really use it with. The other one keeps SpamCop full.

Re:the whole /point/ of a catchall address is spam

[davidstrauss]

Alternatively you could also flip that on its head and proactively add new accounts as required, which is what I do.

Another approach that requires less maintainance is to have a subdomain for each person. Set a catch-all for that subdomain to forward to you. Every time you give out a new address, give out XXXX@subdomain.example.com. It will, by default, go to you. If any problems arise, you can redirect that address to the bitbucket. The advantages of this approach are that 1) you don't have to create a million aliases (assuming most sites are responsible with your info), 2) you don't have to dig through a catchall, and 3) most sales@example.com spam never gets sent to subdomains.

Re:the whole /point/ of a catchall address is spam

[Zooze]

I do this too. What's really amazing is that, not only are there good businesses like Amtrak that don't violate their TOS, but there are also lots of businesses that ask for my address and then never use it. I've got aliases that haven't received any mail at all since I created them (sometimes for years). With businesses so eager to get customers, it makes me wonder why they would ask for my email address amd then not send me anything at all.

Re:the whole /point/ of a catchall address is spam

[infolib]

We need a standardized protocol for creating/redirecting mail addresses. Then mail clients (or other desktop programs) could implement this. There's a lot of people using their own domains now, so sooner or later it some free-software-hacker should scratch his itch and do it.

In a word...

[diogenes57]

No

Re:In a word...

[Dwedit]

With a bounce, legimate users on the forged reply address get annoying false notifications about spam/viruses.

Re:In a word...

[NanoGator]

"In a word... No"

Thank you for being as insightful as a flip of the coin.

Re:In a word...

[geekoid]

well, I created several email address for my domain, and anything that goes to one not on my list gets sent to the bit bucket.
Works like a charm.

Re:In a word...

[Vellmont]

Not usually. Unless the receiving computer accepted the mail it's up to the sending computer to decide what to do with the mail at that point. The virus software isn't going to bother to send the bounce message, and neither will a spammers software.

Re:In a word...

[w0ss]

Well I can say u don't always get a "prompt" bounce from a mail server. I sent an email to my current GF in FEB of 2000 I never heard from her I was bummed out. I then saw her like a month later she said she never got it and we set a date then(we have been together since). In July of 2000 I got my bounce back and sure enough I had typoed it. Sad thing was I worked for the ISP and had root on the box. I looked at what the problem was and it was our ghetto mailserver, it was so overloaded it stopped proccessing bouncebacks. WTF but at least I got the girl.

Re:In a word...

[diogenes57]

In this case, simple is better. If enough "no"s are heard the poster will realize the utter ridiculousness of his question.

Re:In a word...

[anticypher]

Maybe.

That's one word. Not a good idea on its own, but it can be made to work. It just takes some time and effort to build up defenses.

There are a few dozen common email addresses certain spam search software tries on every domain. ceo@, sales@, marketing, admin, info, etc. If you have control over your MTA, you can set it up to reject these addresses before the spam takes up too much of your bandwidth. If you have control over the whole machine or network, you can set up automatic IP blocking for a short period of time when you think there is a dictionary attack under way.

Beyond that, if you take the time, you can block certain IP ranges known to be the origins of 50% or more of spam. *.comcast.com, *.cn, *.kr, *.wanadoo.fr. This will cut down on another large percentage of spams.

I run a large number of wildcarded domains, some are legitimate, others are just used as honeypots to blackhole certain spam operations at the borders of my AS. It takes some effort to maintain, and to keep an eye out for problems, but the effect is a large reduction of the worst spam. Still, I get dozens of spams per day past my filters, but no where near the 200 to 500 per day without.

the AC

Do It

[the+eric+conspiracy]

Then every time you sign up for something create a new email address. Thene you can figure out who is selling your address, filter out that particular address, and so on. It makes managing your email and filtering out spam much easier.

lots of spam

[kyknos.org]

i get lots of spam to my catch all address - lots of names form some dictionary probably. but you can switch the catch all adress off if shit happens.

I gave it up after a year

[killbill]

I fought it for a year or so, coding up custom filters, using spam assassin, you name it, and finally just gave up and blackholed it.

Spammers are trying dictionary attacks against domains to try and guess live accounts. I would get 500+ copies of the same message to made up names in alphebetical order a day.

That being said, I have since gotten on the Gmail beta, and just forward all my mail there now. It has a far better spam rejection rate then anything else I have tried, so if you forward all your mail to a google account and let them try and sort out the spam, it would probably be usable (and maybe even helpful to them to train their filters).

Re:I gave it up after a year

[earthforce_1]

I would suggest creating a valid email account with a name that is easily hit with a dictionary attack, aa@mydomain.com or something like that - but wouldn't normally be used. Any email which lands here is bound to be spam, and can be immediately be added to your spam filter, so it won't show up in your real mail.

If you want to get nasty, you can use it as an automated script to look for an "unsubscribe" or "remove" address inside the mail arriving here, and if one is found, have it send them a response with a 1 megabyte attachment a few dozen times over.

Re:I gave it up after a year

[Farmbubba]

I had one domain where a spammer was "fishing" for names to spam, and thought that every name they tried was a valid e-mail so they spammed every name. (this domain only had 3 emails and the 1 catch all) They ended up sending 30,000 spams a week to all of the e-mail addresses they thought they had found! It doesn't matter if your spam filter is 95% good, that would still be 1,500 spam getting though.

Spam ID ..

[Manip]

On the other hand if you leave the * account on, you don't need to creat a new account eact time you need one. I for instance only have one account on my mail server and that is the postmaster this allows me to invent e-mail addresses on the fly.

With this ability you can make an e-mail address for each use of your e-mail for sites and forums like Slashdot@Domain.com and if you start getting spam at that address you can quiet happily block it via the filter.

I'm too lazy for that

[baywulf]

I type a@b.com

One Person's Experience

[Rob+Carr]

One of the options provided is to make one of your email accounts a catch-all account.... The question I have, is this a good idea or not?

I have one of my e-mail addresses configured to catch all the "bad" addresses as you are talking about. There is an extraordinary amount of crap that account gets every day. It really isn't worth it, especially if you have the admin and postmaster addresses dump to your primary mail account.

mr_you_only_know_this_one@mydomain.com

so, if you get spam on this specific address you know where to complain.

Re:mr_you_only_know_this_one@mydomain.com

[cicho]

I've been doing this for over a yea, since I registered my own domain. Whenever I subscribe to a newsletter, buy software etc, I always use a unique address (if the zine is Foo, I subscribe to it as foozine@mydomain). Obviously I was hoping to find out who the slimeballs are that sell my address.

Strange thing, they don't! I have never received a single spam to an email address registered in this way, and though I haven't kept count, there's at least fifty of those. Maybe I'm just dealing with exceptionally honest people, I don't know. I only get spam to the actual email that's posted on the website, plus the usual tricks such as webmaster@domain. And the greatest amount of spam by far comes to the (separate) address I post as on usenet.

Re:mr_you_only_know_this_one@mydomain.com

[Sexy+Bern]

Same here. I use "orders.amazon@..." and "orders.ebuyer@...." and none have ever been abused.

I've had one for years...

[ConceptJunkie]

...and I get very little spam (maybe 10 a day) directed to anything@mydomain.com, whereas my regular address gets around 150-200 a day. Thank goodness I have Postini and Thunderbird.

I say go for it, because you can use filters to direct different addresses to different folders, which can be useful.

Yes

[Saeed+al-Sahaf]

As a geek, I run my own mail server. A "catch all" that goes to /dev/null is great.

Re: yes

Not really.. Its better for a server to *reject* (with an appropriate code such as 550) messages that it isnt going to deliver, than for it to accept them and throw them on the floor.

Spam drones will just ignore the 550, but real mail servers will return the message to the sender, who will then realize their mail didnt get through.

If mail just disappears, then neither the sender or the recipient realize it.

Also note: accepting the messages, and then sending a bounce (cough, qmail), is not really a good idea either - then your server queue gets clogged up with messages trying to bounce to invalid addresses - it should be rejected as soon as you realize its addressed to an invalid address - which should be immediately after the SMTP "RCPT TO", and with a '550 No such user' - and no spammers dont bother using this to validate addresses - it isnt worth their time.

Re: yes

[Saeed+al-Sahaf]

Spam drones will just ignore the 550, but real mail servers will return the message to the sender, who will then realize their mail didnt get through.

If it'sreal mail that I want, it gets to me. If not, I don't care if you know that I didn't get it, it's trash.

I don't send all the snail mail spammers nice little post cards telling them I didn'tread their crap.

Re:Yes

additionally, nobody gets your email when you post it on the web.

Re: yes

[OneDeeTenTee]

It's too bad that this can't be exploited to get your name off spamlists.

Use server side filtering and if the message scores 99.44% spam send a 550 code.

It would be a load on your server until the address got off the spamlist.

No.

[keiferb]

If you're worried about missing e-mail to 'important' accounts, just forward them to your real address. Don't bother with the catch-all. In fact, if you have the option, have it black-holed rather than bounced.

The best way to go would be to start with the catch-all, and once you get fed up with it, disable it. You'll feel a real sense of accomplishment when you see how much spam you stop.

It doesn't really happen

[mabinogi]

I've had a catch all address for over 4 years now...and whilst I get a fair amount of spam to that domain (just over 100 messages a day), the majority of those are to one real address I used years ago - and haven't used since. The rest is either to the main address I use, fairly standard guesses "sales@", "info@", "webmaster@", etc...or to one or two addresses that spammers seem to have made up, but have stuck. one of them is a misspelling of my name, another is "tressia" which I have no idea where that came from. But I definitely don't see "all usernames in the world"@mydomain

Re:It doesn't really happen

Bwahahahaha! You will now. You have given us your domain! Let the spamming of cumulo-nimbus.com begin!

Re:It doesn't really happen

Ok, just out of interest, how is this redundant?

It's almost a yes / no question, surely either every post stating an opinion is useful, or anything beyond the first 2 is redundant?

Overrated I could understand...but redundant doesn't make sense...

NO!

[MongooseCN]

I tried this with my email account, just in case an important mail went to another address. The day someone decided to spam *@mongeese.org, I killed that option. Some spam bot prefixed random names to @mongeese.org. Needless to say I ended up with around 300 emails one morning. All with the same bodies but different email addresses. I'm suprised it wasn't more than 300, I figured a spam bot would try sending to more names than that.

Re:NO!

[cicho]

"I figured a spam bot would try sending to more names than that."

It wasn't a bot. Rule #3: Spammers are stupid.

Been there, done that

[FrenZon]

I run several catch-alls on my domains for several years, and I've never been spammed at [all]@[domains].com. However, just last week all my domains were hit by an email virus that did a dictionary-based attack. While it was all still caught by my spam filter, my spam filter is client-side, and after downloading 18200 emails, I decided it was time to shut down the catchalls.

The only thing I really had to do was notify my friends, who are long used to typing whatever they want into the username section of the domain, tailored to whatever it is they want (eg boywhowillfixmycomputer@, bikemechanicmanwhowillalsofixmycomputer@ etc).

Re:Been there, done that

[mnemonic_]

:shens:

Re:Been there, done that

[lewko]

The only thing I really had to do was notify my friends, who are long used to typing whatever they want into the username section of the domain, tailored to whatever it is they want (eg boywhowillfixmycomputer@, bikemechanicmanwhowillalsofixmycomputer@ etc).

The worst thing is when your so-called friends figure out for themselves that you have a catchall set up, so you start receiving emails to pigfucker@yourdomain, grabass@yourdomain etc... and it's not even spam, it's from your friends!

I now use the free http://www.spamgourmet.com/ for my disposable addresses and highly recommend it.

Re:Been there, done that

[Meostro]

The worst thing is when your so-called friends figure out for themselves that you have a catchall set up, so you start receiving emails to pigfucker@yourdomain, grabass@yourdomain etc... and it's not even spam, it's from your friends!

I've used to to my advantage: people are fascinated when you tell them "sure, you can use whatever you like! Send me a message at youmagnificentbastard@example.com, i'll get it."

I've actually gotten some really good ones that way, creative people trying to come up with better and better addresses to bother me with.

Re:Been there, done that

[lewko]

My friends who worked it out did the same and the results were amusing.

Bear in mind though that if you don't manage addresses that reach you, you may limit your opportunity to do various spam filtering later.

Dictionary Attack

[jaredmcook]

Just wait until the spambots launch a dictionary attack against your domain...

Re:Dictionary Attack

[Proc6]

Use a mail server that has a tarpit. Mdaemon, for example can be setup so say a half dozen SMTPs to invalid addresses from the same IP in a 60 second window puts up a 10 minute ignore on the IP. If they plan on dictionary attacking you, it will take them about 90 years to go through a good dictionary list of names as they wait out the time-outs.

Up your spam by a factor of 100

[shoppa]

I see continual dictionary attacks against the domain names I own. When it happens I put the IP address of the spammer in the filter, but this only works for a short while because they're always moving around.

In my limited experience, most of the dictionary attacks come from IP's that traceroute back to Singapore. Just blocking all incoming SMTP from Singapore IP's would be smart but I don't know how to do something like that.

Re:Up your spam by a factor of 100

Hit http://blackholes.us/ and look for Singapore in the left hand column.

set it to bounce

[ufs]

I set it to bounce such emails... it makes the spam less effective and a valid sender would realize a typo and resend the email with correct address

Yes

[Skynyrd]

I do that, and I also use a dummy account for each new place I have to register (such as newyorktimes@mydomain.com). That way, I know who sold/lost/traded my address, and if I start getting lots of spam to it, I can actually create that account, and have all mail sent to the trash at my hosting service.

Yes, it's worth doing.

Yes. I use this approach

[AwesomeJT]

I don't have any more of a problem with spam than I already do. I have a special account that is the catch-all and I filter the most on this account. Other accouts setup at my domain have les restrictive filtering -- which are email addresses for trusted friends and family. With the catch-all, I assign every company I do business with a unique email account in the form of: businessname@mydomain.com -- what is nice about this approach is that I can basically know who sold my email address to spammers by reading the "to" email header. If I start getting lots of spam addresses to bigonlinestore@mydomain.com -- well, I have a fairly good idea who sold me out -- and I can effectively filter a large chunck of spam by blocking anything addressed to bigonlinestore@mydomain.com.

From personal experience, this seems to be working well. I only get a handful of spam sent to random addresses at my domain.

Other folks may have different experiences, but this is what I have found and I usually get 500+ spams daily accross my personal domain email accounts.

Speaking from experience

[Bradee-oh!]

I have a catch-all address at my domain. YES, there are huge amounts of spam. BUT, it is definitely worth the trouble IMHO, and here's why.

1 - most of the spam seems to come to 5 or 6 addresses only - admin, root, sales, webmaster, etc etc. That's cake to filter out straight to trash.

2 - The convinience of being able to sign up for random websites with a different address on the fly is great. For example, signing up on ebay to buy something and using the address "fromebay@mydomain.com" means you KNOW that only one person in the world has your email address so you know who to blame if spam starts coming in, and it is also a piece of cake to automatically filter those ebay emails straight to an ebay inbox, for example.

3 - Not as significant as my first 2 points but still a nice perk in my setup is that I'm able to create email addresses for family and friends on the fly and just setup my own server to split the addresses out into their own inboxes.

So if you will be running the server(s) yourself over slow dsl or cable, the volume of spam MAY be a concern to you. I get about 600-700 spams a day to the common webministrater addresses I mentioned, but it's no concern to me because I don't run the incoming email server and my dsl is more than fast enough to d/l them in a few seconds.

But in any other case, I'd say it's well worth it! And on a slightly different note, I have been very impressed with the honesty and adherence just about everywhere has to their privacy policies regarding email addresses. over 2 years of using my system with about 50 "from@domain.com" addresses, only one of them screwed up and got the address on a spam list somehow - cancelling my account with them and filtering those spams straight to trash solved the problem.

Re:Speaking from experience

over 2 years of using my system with about 50 "from@domain.com" addresses, only one of them screwed up and got the address on a spam list somehow - cancelling my account with them and filtering those spams straight to trash solved the problem.

Who was it that sold your address?

Re:Speaking from experience

[herrvinny]

I've been running a catch all domain email for about 3-4 years now. Yes, it is a definite plus to give out personalized emails (ebay@, slashdot@, etc) so you know who sold your email address.

One tip: Blackhole anything going to info@yourdomain.com. Info has been taking far too much spam lately, at least for me (and I've never given it out).

Re:Speaking from experience

The convinience of being able to sign up for random websites with a different address on the fly is great. For example, signing up on ebay to buy something and using the address "fromebay@mydomain.com" means you KNOW that only one person in the world has your email address so you know who to blame if spam starts coming in, and it is also a piece of cake to automatically filter those ebay emails straight to an ebay inbox, for example.

An oft-quoted but misguided belief. Given that spammers DO try dictionary attacks, the likelihood of some random spammer emailing you at "ebay@yourdomain.com" and you blaming the wrong person is fairly high.

Re:Speaking from experience

[SagSaw]

2 - The convinience of being able to sign up for random websites with a different address on the fly is great. For example, signing up on ebay to buy something and using the address "fromebay@mydomain.com" means you KNOW that only one person in the world has your email address so you know who to blame if spam starts coming in, and it is also a piece of cake to automatically filter those ebay emails straight to an ebay inbox, for example.

If the service allows you to set up an alias file, its even easier. Whenever I need to enter an e-mail address into a web-form, I simply add an alias, typically the website name. If I start getting spam to address, I remove it from the alias file.

Re:Speaking from experience

[Zooze]

Since you mentioned eBay specifically, I'll share my experience with them. I set up aliases for each of my eBay accounts. It seems that eBay adheres to its TOS, but the problem is that they necessarily give my address to the other eBay user I'm doing the transaction with. Many of those people are OK, but a significant minority of them seem to either get viruses or simply use eBay to harvest addresses for spam. I know this because as time goes on, I receive more and more emails at those aliases (not from eBay.com, but from the schmucks I must have done business with on eBay).

Fortunately, eBay seems to be working on this problem. Their announcement on July 16 says they will soon allow sellers to answer potential buyers' questions without the seller having to reveal his email address. It's about time.

No catch-all problems

[GrouchoMarx]

I've been running my own mail account off of my own domain for about 2.5 years now, and I don't regret it. I do have the catch-all set to dump to my personal account, and it's not been a major problem. Most of the spam I get is addressed to a "real" address (either mine or one of my older accounts I have forwarded to me), and there's a lot of that, so the amount I get from the catch-all is negligible.

In practice, actually, most of the spam-related stuff I get is mail bounces attempting to a random address with a faked from line of 63745624573@mydomain.com (or something like that). I really should look into implementing SenderID, but that would require hosting the server myself on a my dynamic IP instead of letting my web host take care of it. :-)

Re:No big problems here - not correct for me

[sprior]

From my personal experience I've been getting a LOT of spam lately which is addressed to "made up" addresses at my domain. Either an awful lot of people lately have been giving out fake email addresses at my domain or spammers are somehow making them up from reasonable sounding usernames that never existed at my domain.

See if you can flip it the other way 'round

[Sycraft-fu]

My webhost (which is where I do my e-mail) is the same way by default. It's catch all, then you just deny the addresses you don't want. So I used to do it like that. If an address started getting SPAM, it got on the ban list.

Well between the new viruses and SPAM tactics that try random first names, that wasn't at all working. So I flipped the mode. Now NOTHING gets forwarded, excpet for ones I specify. This means I have to go add a new forward before giving out a new e-mail to a compnay whereas before I'd just make one up, but it works just as well. If I get SPAM to one, I just shut it down and am done with it.

If they'll let you do that, it should work well for you.

I agree

[poptones]

And the worse offender I have so far is the slashdot@ address I setup here. Not that slashdot sold it of course - it's just been mined by every spammer on the block since a story submission was accepted. Lesson well learned there!

I've gotten maybe a dozen spams with "made up" to: fields. I think the OP is over-analyzing all this.

Re:I agree

[Rick+Zeman]

And the worse offender I have so far is the slashdot@ address I setup here. Not that slashdot sold it of course - it's just been mined by every spammer on the block since a story submission was accepted. Lesson well learned there!

22 minutes is my record between when a story I submitted got posted and the first spam rolled in (matter of fact, I got spam before I knew it was posted). It seems that the 419 scammers continually trawl slashdot because initially all of the spams I've gotten have been them. I post 'em with sdn@mydomain incrementing n with each story posted. Unfortunately, I learned the same lesson you did with my first slashdot submission. I had to kill that alias....:-(

Forward to different accounts

[jnguy]

I currently forward all registered domain emails to my regular email which I check almost hourly. All of the rest are forwarded to, either another account, or something like Gmail. Works for me.

Charge for the spam

[Sebby]

Since you'll be having your own domain for mail, and if you actually run the mail server that receives it, I would simply put in the server-to-server communication a condition that any spam is subject to a fee, and to not send the mail if they don't agree with the condition.

Then, when you get spam, just send them a bill.

When they don't pay, I'm sure you can get a judgement against them. Hell, you could probably put them on a list of dead-beat spammers and get them arrested eventually!

Antiviruses

[NMerriam]

Spam really isn't the biggest problem i have with the domain mail -- as others have said, most spam will actually go to the addresses you actively use.

Use an email service that offers server-side spam and virus filtering and it'll be nothing to worry about. I use Fastmail.fm, and they use spamassassin and some AV service. It's great, cut down about 95% of the junk I used to get, and it's TOTALLY geek-friendly so you can customize it however you want or turn it off if you are a masochist.

The thing that is annoying are all the "error" messages i get from email servers because some virus attached some randomly generated name to my domain when sending out copies of itself. I can't very well automatically delete mail bounce messages, so i have to actually LOOK at those to make sure it wasn't something real.

Use the catch-all

[legLess]

I've had a catch-all for years and I like it. I get a bit more spam than otherwise, but the thing I like is the ability to filter incoming mail based on how it's addressed. If I buy something online I always use $company_name as the address: "newegg@domain.com" for instance.

The catch-all means that I get this email. After I filter for spam, I have all mail sent to my primary, real, address put in one folder, and everything else in another.

You can filter by sender too, but this reverses the problem. As it stands I can proactively filter on my primary address instead of playing whack-a-mole by sender.

Namezero...

[outz]

I pay Namezero $25 a year for my own domain... it comes with 3 (or so) pop3 accounts and unlimited email alias's along with a "catchall" alias... I use it all the time when registering for a site aka slashdot@mydomain.com. If the spam becomes too much, and it's just on that paticular address... i know who sold me out and I simply setup an alias via Namezero called slashdot@mydomain.com and forward to to the sites administrators email address.

Re:Namezero...

[outz]

Oh, and i also forward my catchall@mydomain to my gmail account... their spam filter isn't perfect, but it's better than anything i've put together.

I made the wrong choice

[cdyson37]

I had a catch all account set up on both my domains, and I was recieving up to 4000 spams a day before I had had enough and switched it off - I don't care how good your filtering is - when the spam:legit email ratio is that high it's difficult to trust, and for that matter is a waste of bandwidth - Yahoo's POP3 server would also tend to fail if I had to download more than 200 at a time anyway.

You don't want a catch all email address - the only time it's ever been used by a human being was when they thought it would be funny to include some of the message before the @, etc.

Use a +* alias instead.

[Pig+Hogger]

Use a +* alias entry instead. This way, you still have a catchall, but it only "works" with the start of an address, and if the spam becomes unbearable, you can junk it totally and start afresh.

In a word...

[Vellmont]

is this a good idea or not?


No, it's not a good idea. Looking through my mail server (and other mail servers I administer) I've seen A LOT of attempts by spammers to harvest email addresses by just trying a lot of common names on the domain (and some strange not so common addresses). If you had a wildcard address, you'd get all that spam to that box.

With no wildcard email address if people miss-spell a name on your domain, they'll get a prompt bounce message (and they'll probbably figure out the miss-spelling). With a wildcard they'll never figure out the miss-spelling, and may continue to use that wrong address.

There's also the problem of auto-generated virus bounce messages from other peoples servers. Most viruses lie about their from address, and can even make up a @yourdomain.tld. If you had a wildcard all those erroneous "you sent a virus" messages would go to your wildcard box instead of just bouncing.

Unless you want an account that's deluged with spam and like wading through it every so often on the off-chance someone sent a message to admin or postmaster, I'd not create a wildcard box.

A littel change

[obli]

Every time someone would ask for your Email adress, you'd just come up with a new one, that would be kickin' rad in my opinion.

And also, it would be interesting to see if people actually use your domain as a dummy mail (considering it's a fairly easy/funny domain).

Give it a try

[phalse+phace]

All I can suggest is to give it a try for a while (couple of months, a year) and see what happens. If you get a ton of spam and no important email, then turn it off.

When I had my catch-all account, I rarely got any spam, and that's probably because most spammers won't really bother with trying to send you something at afhg329087dsfljifd90hlg@domain.com or whatever.

Bayesian filtering is your friend

[div_2n]

Thunderbird is amazingly powerful at filtering spam after some training. It should help cut down on the hassle.

They are afraid of it too...

Just so you know, that e mail address wont work....

http://www.asdf.com/asdfemail.html

Just dump non-existent users

[kstumpf]

I think it's best to just reject mail addressed to non-existent users during the SMTP transaction. My outside relay uses Postfix's relay_recipient_map to validate all recipients before relaying inside... anything not matching gets rejected with a 550. This saves my content filters (amavis/clamav) alot of work since we get TONS of spam to non-existent recipients.

relay_domains = mysql:/etc/postfix/mysql-relaydomains.cf
relay_re cipient_maps = mysql:/etc/postfix/mysql-recipient.cf,
mysql:/etc/postfix/mysql-alias.cf
relay_transport = relay:mx2.somethingawful.com

If you don't validate recipients, then you probably SHOULD use a catch-all address. The alternative to this would be bouncing spam back to the (usually forged) sender, in which case you become part of the problem and can cause yourself major queueing problems.

Some empirical data

[Zocalo]

I have a few vanity domains on my own personal server and I do not have a catch-all address enabled, so here are some stats:

# egrep "mydomain.com.*User unknown" maillog | wc -l
842

That's just me and YMMV of course, but there is no way I'd enable it given those results, and that's without one of my domains being Joe-jobbed. The last time that happened there would be another two digits before that "842", and all of those emails would have gone into the catch-all account.

Spam not a problem if forwarding also included

[Diamon]

I recently switched to using e-mail from my registar/hosting company, they included one free address and I paid for an additional 5 mailboxes.

I set up an account for myself and my wife, and used the free account for a spam bucket. My account is set up as a catch-all. Whenever I sign up for something I use and address in the form slashdot.org@<mydomain>.com so if it does start getting spam I know who sold my e-mail address.

If any spam comes in being caught by the catch-all I set up a forwarder to my spam account. For example dns@<mydomain>.com gets forwarded to spam@<mydomain>.com I then just set up my e-mail client to dump anything that comes in via the spam account directly into the trash.

To date I have received spam on three addresses that didn't really exist (dns@, sales@ and info@), but overall it works very well.

Re:Spam not a problem if forwarding also included

[Diamon]

P.S. I use no spam filters with this configuration, it just isn't needed.

Be Careful with Catch-All Accounts...

I host my own personal domain (something like johndoe.com) with a hosting company. I had a catchall account, and used it to great success when giving out my e-mail addy. (For example I'd give stores their own name: homedepot@johndoe.com, walgreens@johndoe.com, etc. Not these specific example, but you get the gist.)

Anyhoo, somehow, someway, somewhy, a spammer got ahold of my domain. And they created just about every possible name you could imagine for my domain: janey123@johndoe.com, rty5632@johndoe.com, ricksmith@johndoe.com, etc. Of course, it's just me at the site. But I suppose they didn't care. To make a long story short, I started getting over 1,000 spam messages per day in my catchall. And now it's grown exponentially. The assholes even send the same spam to the same addy, like, ten at a time. So basically my domain is fucked. And of course, once you get on some dumbass spammer list, they ALL start sending it to you. I've had my catchall account turned off for the last several months, and it's set to bounce back. But it makes no difference.

Every month or so I turn it back on to see if they've given up, but it's just more and more and more of the same. Until a cure for spam is found, I'm dying over here. It makes my e-mail almost useless. Sheesh. Please someone do something about this stuff.

Hopefully this won't happen to you, but if it does, you're screwed. :(

spamgourmet.com

[Anonymous+Cowdog]

'nuff said.

Here are some numbers..

[Blackbrain]

I recently narrowed down my catch-all e-mail address to a handful of addresses I actually use. Before the switch I was averaging 1,200 spam a day. After the change I am averaging 300 spam a day.
My suggestion is to find a forwarding service that allows you to set a list of what gets sent and what gets blocked.

Catch-all

[StarHeart]

In my experience a catch-all has worked out well. While I do see dictionary attacks constantly at work, I don't think I have ever seen one on my personal domain. I am not sure why, but I can think of many possible reasons. One being that I have a .org instead of a .com or .net. In that isps with lots of customers use .com or .net, but generally not .org. Another is that there may be some minimal number of addresses from the same list for them to dictionary attack it. Overall my domain doesn't seem to really be on the spammers' radars. I do get spam to root@, postmaster@, sales@, etc.

An even better method than a classic catch-all would be a extension catch-all. ie something+(anything)@domain.com instead of (anything)@domain.com. An example jsmith+amazon@domain.com. You can do this with many MTAs and the two most common extensions are + and -. - will work more universally, but if users want some-thing@domain.com as an e-mail address it won't work with - as the extension. Supposedly a few uncommon e-mail clients, and a few very uncommon mtas have a problem with it.

The best method I have for cutting down spam is a greylisting, http://www.greylisting.org/. It cut spam down in volume from 10x real mail to 1x. So instead of 90% of mail being spam, 50% of mail is spam.

No Daddy!

[davekebab]

Now I am using GoDaddy as registrar, I found it's them that's filling the inbox with spam. The default inbox is riddled with bollocks sent to godaddy@mydomain.com.

They're bloody cheap and'll do anything an extra few cents..........

DK

Greece is the Word

Re:No Daddy!

[base3]

If you used that address as a whois contact, that's probably where your spam is coming from, as opposed to from Go Daddy. I have no affiliation with them except as a customer, but can say that over two years, my account address hasn't received any spam attributable to them.

I had to turn mine off

[laserone]

I had to turn all my catchalls off (for several domains) because when a spammer decided to spoof my domain, I got several hundred spams A MINUTE that bounced bak and flooded my inbox. This happened several times (i.e. toeach of my domains) and in the end I had to turn off all the catch alls to stop the flood of spam bounces. Hundreds a minute! Those were a few bad days.

Yeah, it's great.....

[ssimpson]

Seriously, I was worried about having a "*@samsimpson.co[m|.uk]" e-mail catch-all and getting tons and tons of spam. In reality (after 4 or so years) I always get mails to my externally used addresses (sam@ & delme@). I never get mails to any other address in my domain.

Having a catchall address is nice because it allows you to register at websites with sitename@domainname.com and still get the mail (and notice instantly if they sell on your details).

Re:Yeah, it's great.....

[TCM]

Having a catchall address is nice because it allows you to register at websites with sitename@domainname.com and still get the mail (and notice instantly if they sell on your details).

From the replies so far it looks like a catch-all is the only way to do this. But it's not. What is so hard about maintaining a list of those accounts in a database as opposed to opening the whole domain with a catch-all? Am I missing something here?

I just maintain a database with

1) a list of aliases
2) a separate Maildir for each alias where mail gets delivered to by Postfix
3) a comment describing the purpose of that alias if needed
4) date of addition
5) etc.

So unknown accounts still bounce and mail for the dozens of forums, shops, mailing lists, etc. gets delivered into the appropriate Maildir automatically.

Re:Yeah, it's great.....

[ssimpson]

That sounds like more hardwork than simply registering with a sites as e.g. "amazonuk@domainname.com", but whatever floats your boat, I guess!

The problem is these newfangled worms...

[InakaBoyJoe]

I also use the method of giving out lots of different E-mail addresses to track down who sells my info. Those who say, "you can always turn off the catch-all" are missing the point, because those of us using this method don't usually remember all the addresses we've given out, and therefore, using a "whitelist" isn't practical. Now, this system works great as others have said. You get a few occasional spams to things like webmaster@, sales@, info@, etc. but those can be easily filtered. The big problem is with annoying worms that generate random E-mail addresses. Of course, all of them get sent to your catch-all account -- in one day I got 150 Zafi.B worm E-mails from somewhere in Mexico. When you get one of these, what do you do? If you don't bounce the message, it's likely that the randomly generated E-mail address will be treated as valid and added to some spammer's database. Sure, you can blacklist each address, but then you're playing catch-up to a random generator algorithm. Not likely to win at that kind of game. Anybody know a good way to generate bounce messages in this kind of situation? Most mail bouncers assume you have only one address, and they create dangerous bounce messages that carry your *real* (i.e., desired) return address. I need a bounce script that grabs the "Received from... for ____" header and uses that to generate a bounce as if it originated from the randomly generated E-mail address. Can anybody help? PLEASE? Thanks!

Re:The problem is these newfangled worms...

[djmurdoch]

Anybody know a good way to generate bounce messages in this kind of situation?

Don't send bounces unless you know a way to be certain that the bounce is going to the actual sender, not to a forged address. Bounces are a huge source of annoying mail. Don't contribute to it.

If you really care that a message gets through, ask for confirmation, don't rely on getting a bounce if it fails.

I wouldn't bother

[NanoGator]

If you're just using it for personal email, I can't say there's a big reason to have a catch-all address. It's been nothing but a hassle for me. (One of these days I'm going to get around to fixing that.)

Figure I might as well share a little bit more with what I do with my email. I have two domains, one's a personal domain, the other is for a project I never got off the ground. I use the personal domain for my personal email etc. Unfortunately, I do have a catch all on that, and it's rather obnoxious. I do have spam filtering, but junk still gets through. Don't really have time to muck with it, ya know? All I need to do is crack down on the address again. Just haven't found the time.

On my other domain, I'm currently using it as a forums email box. It's locked down. It only has a few valid email addresses, the rest are trashed. I have one mail account with a ton of forwarders leading into it. If I register with NYTimes, then I set up a forwarder from nytimmes@thenameofmydomain.com to forumbox@thenameofmydomain.com. If I sign up for Slashdot, then Slashdot@thenameofmydomain.com is forwarded to forumbox@thenameofmydomain.com. So each place I sign up for has its own address. If I start recieving spam from a particular address, then I just turn off the forwarder. Result? I don't even need to be running Spam software.

My forums domain does a much better job of handling the spam/communication features than my personal domain with the catch all.

The problem is these newfangled worms...

[InakaBoyJoe]

I also use the method of giving out lots of different E-mail addresses to track down who sells my info. Those who say, "you can always turn off the catch-all" are missing the point, because those of us using this method don't usually remember all the addresses we've given out, and therefore, using a "whitelist" isn't practical.

Now, this system works great as others have said. You get a few occasional spams to things like webmaster@, sales@, info@, etc. but those can be easily filtered.

The big problem is with annoying worms that generate random E-mail addresses. Of course, all of them get sent to your catch-all account -- in one day I got 150 Zafi.B worm E-mails from somewhere in Mexico. When you get one of these, what do you do? If you don't bounce the message, it's likely that the randomly generated E-mail address will be treated as valid and added to some spammer's database. Sure, you can blacklist each address, but then you're playing catch-up to a random generator algorithm. Not likely to win at that kind of game.

Anybody know a good way to generate bounce messages in this kind of situation? Most mail bouncers assume you have only one address, and they create dangerous bounce messages that carry your *real* (i.e., desired) return address. I need a bounce script that grabs the "Received from... for ____" header and uses that to generate a bounce as if it originated from the randomly generated E-mail address.

Can anybody help?

PLEASE?

Thanks!

Other users

I had a problem where I gave one of my friends an account on my domain. He used it to sign up for various things and eventually stopped using it. After awhile I started getting undeliverable messages to my catch-all account, they were all related to his account. I think it had filled up and was bouncing messages. I asked him if he was using it anymore and he said no, so I deleted the user. Then my catch-all started getting dozens of spam messages a day.

No catch-ALL, just a catch-SOME

[mejh]

When I hosted my domains I just had a few 'standard' addresses at the domains going to a 'stuff' mailbox. Aliases like:
- root
- webmaster
- postmaster
- admin

I thought it was better when people use other non-existent addresses that they get a bounceback rather than mail being accepted. Especially with the newer worms/trojans that forge headers to send out mails from blahblah81@yourdomain.com etc.

Automatically sorting out SPAM

[SmoothTom]

"Most of the spam these days is ovbious spam like Subjects which make no sense and often have lots of spelling errors in the body."

Uh, sorry, but that sounds just like the legitimate e-mail I get from some of my friends... :o)

--
Tomas

Disagree

[Uber+Banker]

But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

If it is a personal domain with perhaps a couple of description pages and even a blog then, like me, you will get no more (from personal experience) than 10+ random (random in the way they are sent to webmaster/admin or anything that * catches other than regular) messages/week. No big deal

A better known site seems to get a greater ranking in auto-traffic (let me generate logos, banners, security, etc for your website). But an email address listed on the site (my site) gets far more spam than a generic catch-all (e.g., I have "email webmonster@....com" as the auto admin address, more emails come to that than webmaster coz it's googled/harvested on those lists).

But the original statement said "I decided to pay the extra money to have email for the domain I registered" WFT?! Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!

Re:Disagree

[The+Snowman]

But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

My main address (unmunged, in this message's header) gets about 500 spams per day. Before I removed the catch-all I was getting almost twice that. Granted I am not everyone, but a few other people are in the same boat as I am. My web host has its own private news server (i.e. not connected to Usenet), and quite a few people who post there talk about getting thousands of spams sent to nonexistant addresses on their domains every day. Turning off the catch-all is a no-brainer in that case.

Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!

I am leery of most of those "quasi-registrars". I have a full fledged registrar, and I get those features, SPF, IPv6, et al. and it is all included in my free account, for the same $15 (or less) per year per domain.

Re:Disagree

[studerby]

I suspect your domain hasn't been out there long enough yet.

My company's primary domain is registerd with technical contacts of "hostmaster@[our_domain.com]" and for years we never got a spam. Then about 2 years ago, somebody must have included it in a big master list; now it takes about 30-50 spams a day on average, mostly true "bottom feeder" crap like cialis and vicodin and *adult* crap.

My work email's been out there a lot longer, but doesn't draw nearly the number of spams and about 80% of them are financial/economic scams - mortgage and stock touts, lottery, 419, etc.

Upstream filters are blocking emails with virus attachments; I have no idea how many of those are coming in...

Re:Disagree

[chimpo13]

I'm also on pair, and I get the catch-all. Close to 1,000 spams a day. Now everything goes to gmail since I'm going to need web email and it's cut my spam down to 0-15 a day (5 a day has been average). So far, 2 false positives.

The best is no more 200 virus messages going through names A to Z. I'm sure a good spam filter would take care of the catch-all spam.

My spam rate went way up with my previous provider (servercentral). I don't know if I just got hit hard or if they're just crappy. Lots of it was addressed to servercentral@servercentral.com Just 86'ing that address cut spam back.

Re:Disagree

[MDMurphy]

Catch all will kill your inbox. I had a catch all from 1996-2002. All of a sudden, around Labor Day 2002 I started getting up to 3000 spams a day. The vast majority were to bogus addresses. Even with local spam filtering my email client was spending near 100% of the time downloading mail.

I eventually killed the catch all, resulting in losing email from some places I'd given unique email addresses to. Also went with a 3rd party spam filter ( spamcop.net ) so most spam never makes it to my desktop at all, getting filtered upstream.

Recently I got a Gmail account. Just for grins I thought I'd test their spam filtering capabilities before using it for anything "real". I reactivated my catch all, forwarding it to my Gmail account. In the last 3 weeks my Gmail spam folder has accumulated 163MB of spam, or almost 27,000 individual messages. Gmail is only catching 30-50 percent of it, I've had to manually tag the remainder.

So while all my catch all addresses bounced these past two years the flow has reduced from 3k a day to about 1k a day.

The only reason to have a catch all is if you want lots of untargeted spam. I don't know how these yahoos do their billing, but if any of them base it on what bounces vs. what's read, then having an open address might just mean they'll make more money because of you.

Re:Disagree

What is the difference of DirectNIC and PairNIC? I have been using DirectNIC 5 years with no probs.

Re:Disagree

[macdaddy]

But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam

On the contrary wildcard spam is extremely common. When was the last time you ever watched the maillog of a busy MTA? I garuntee you it will be riddled with User Unknown errors from dictionary, Rumplestiltskin and wildcard attacks. It's that way on every mail system I've ever administrated, including the ones I administrate now.

Re:Disagree

[macdaddy]

Turning it off? It's off to begin with. Only a fool would turn it on for any domain with legitimate uses. The only time you ever tunr it on is when you WANT spam. There are very few of us that want hundreds of thousands of pieces of spam per day.

Re:Disagree

[Uggy]

I actually have an old domain dedicated to just that... collecting 100's of spams a day to train the bayes filters. Identical spams sent a hundred times just help me confirm what spam looks like. I use my other users to train the ham side, and guess what, it works like a charm. We get considerably less spam. So, yes catchall domains are useful... as spam honeypots.

Re:Disagree

[macdaddy]

That's actually what I just said. It's only useful if you want spam. :-) My first post in this article goes into more detail. I wrote a HOWTO a year or so ago. I should dig that out and post it somewhere.

Re:Disagree

[whoever57]

But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

Well, I think there are wild differences from one domain to another. One of the domains that my company uses for email has been under a sustained dictionary attack for months now. Others get only targetted spam (real or former email addresses plus postmaster@, sales@, etc).

So a catch all may be OK until some spammer decides to make it the target of a dictionary attack. The problem is: what does one do then? At that point, turning off the catch all will probably mean losing lots of non-spam emails.

Re:Disagree

[mcrbids]

But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam

Wow. Could you be more wrong? As sysad for two smallish ISPs, I've been seeing serious SPAM attacks as (random string)@domain.com.

As many as 200,000 attempts in 24 hours. Repeatedly, for multiple domains. From hundreds of different sources. (We even put in a double bounce handler to identify source addresses; it was rare to see any single IP addresses attempt to deliver more than 10-20 in a 24 hour period)

While your other points are valid ones, on this one you are dead, dead wrong.

And, to the article poster, NEVER USE A WILDCARD. EVER. A bayesian filter running at 99.98% effectiveness would still not be as accurate as sending all wildcard email to /dev/null !

Re:Disagree

[The+Snowman]

Now everything goes to gmail since I'm going to need web email

pair Networks has five Squirrelmail servers set up and they work well enough for me when I need web mail. Combined with procmail I can delete email, send it to a specific IMAP folder, whatever I want. Usually I just delete blatant spam. The best part is that it is still part of your account's email, there is no forwarding involved. It just reads IMAP folders.

Re:Disagree

[The+Snowman]

What is the difference of DirectNIC and PairNIC? I have been using DirectNIC 5 years with no probs.

They are just different registrars. pairNIC is very customer-friendly, offers extra features like IPv6 and SPF, allow direct editing of DNS entries for people who are control freaks (most registrars just allow editing contact info, anything else is like pulling teeth). You can do email forwarding with them too, but I also have web hosting through their parent company and this includes an extensive email system including a custom qmail setup and procmail. I can install ClamAV and other software on my server if I want.

These servers run FreeBSD, a dead operating system, so the Slashdot trolls should have fun with this post :-)

Re:Disagree

Can't agree with this... I actually use my catchall account as a spam filter. I am VERY careful to whom I give my addresses, but any time I need to use it to register online or what not, I actually put the name of the domain receiving the email as the username. For instance, travelocity.om@mydomain.com. This way if someone I have given my email address to sells it/etc., I know from whence it came.

Oddly enough, the only time I ever get spam on my catchall account is from slashdot@my-domain-name.com... I find that quite funny.

Re:Disagree

[jrcsnet]

We recently had a client switch his domains over to us for hosting, and in a very quick lesson learned how bad setting up a catchall can be (the client requested it be setup for him). Within days of switching the sites over, he left for a month long vacation to Asia, promising to check his email via the web while he was there so he wouldnt run over his quota (he said he usually only recieved about 10-15 emails per day so it wasnt a biggie). Due to this, we relaxed the quota just in case he fell behind (originally it was 10mb). When he returned, he phoned me asking if there was a problem with his email, because he was unable to check it because it kept freezing up on him and had been since early in his vacation. I did a quick check myself, to discover the cause: 80,136 emails had been sent to his account during the month, only 1300 some of them properly addressed to his real email and the rest due to the catchall.

Let's just say that is a lesson learned and never to be repeated.

Re:Disagree

[Tim+Browse]

I had a catch-all enabled, because I like to use unique addresses to sign up for various websites, etc. when they demand email addresses. It's so I can tell who sells my email address.

However in the past few months, the domain spamming has become ridiculous - about 500 a day, so I turned it off, and now I only accept email from addresses I've actually used. Life in my mail client is much quieter now. Thunderbird/Gmail catch most spam, and so I actually only see a couple a day, I guess.

So anyway, whilst catch-all was once a useful tool, I'd agree that now it's just too much of a hassle.

(And if you're curious, very few services/sites I've used seem to sell my email address - maybe a couple. Maybe I don't use sites run by scumbags...perhaps).

Re:Disagree

[phaze3000]

Having worked up until a couple of weeks ago for a company that provides mail services for 8000+ domains I can say with some certainty that whilst there is less wildcard spam than targetted spam, there is still a hell of a lot of wildcard spam. info@ seems to be a favourite for wildcard spammers, so for the moment at least that's definitely an address to avoid.

Re:Disagree

[GregWebb]

For the last 3-4 months I've got a similar spam volume and profile on my personal ISP mailbox, active 3.5 years now with little spam before that. My suspicion is it came through a Majordomo mailinglist. Nothing to do with personal websites or catch-all e-mail addresses, though - it's not the address above this post or even at that ISP.

Fortunately I don't seem to get the _illegal_ porn spam like I do at my webmail box... Not very nice clearing your spam folder and finding mails for child / violent / animal porn. Never sure whether I should turn off all image downloads just in case and open them to forward on to the proper autorities or just delete.

Re:Disagree

[weinbrenner]

In my experience the real problem is not targetted spam or wildcard spam send to you, but spammer sending wildcard spam using your domain for the sender address.
Since most of these addresses don't exit the mailserver will send a notification back to the apparent sender for all of these emails.

I once had an catchall account until a spammer used addresses from my domain. 30 minutes later I had this account disabled, but in this short time I had got about 600 returned spam emails. And I think it could have been much more, but the mailbox was already full.

Re:Disagree

[AGMW]

Only a fool would turn it on for any domain with legitimate uses.

I guess I must be one of those fools then. I have a domain I run for my family, including parents, brothers, sisters, nephews and nieces and I have a catch-all account. I have been running this domain now for 3 or 4 years and in that time I have not had ANY spam emails to anything other than my real email address(es) (that I use to register with various websites). I have had a handfull of miss-spelt ones which I duly pass on to which ever sibling it was meant for.

So who's the fool? The foolee who's fooled or the fooler who fools!

Re:Disagree

[MadJo]

I completely disagree with you there...
I used my old domain (which is still up) only for blogging (and not even adult content), but I now get [per day!!!] about 1000 spam messages, and all of them to a non-existant wildcard address on that domain.

I now only glance through it to see if any email gets through that needs to be forwarded to my new emailaddress...

Re:Disagree

[arantius]

But the original statement said "I decided to pay the extra money to have email for the domain I registered" WFT?! Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!
Not an endorsement, just happen to be a happy customer so far, and it's somewhat related. I just registered my domain with GoDaddy for $8/year and I get catch all email forwarding.

Re:Disagree

[rossjudson]

I'm on Pair too. I've had a domain there for almost ten years now. My catch-all receives about 20,000 spams a day, on average. I pull them all down; my bayesian filter hasn't had a false positive in months and it's pretty rare for a spam to get through it.

Most of them are generated by zombies. If Pair wants to keep burning cash on that kind of bandwidth because they choose to do nothing when it comes to handling strange looking mail servers, it's their money.

Re:Disagree

[JacobO]

I have a similar situation, I also receive no spam in my catch-all account. You have to be fairly liberal with your e-mail address to get spam, I think. If you give it out to the world it becomes public knowledge. Just don't.

Re:Disagree

[FooAtWFU]

Wildcard spam more rare than targeted? Okay. sudo cat /var/log/maillog | grep "User unknown" | uniq | tail

Jul 18 11:18:11 eh.net sendmail[15793]: i6IFIB3t015793: <philip.n.newbold@eh.net>... User unknown
Jul 18 11:18:13 eh.net sendmail[15794]: i6IFID3t015794: <philip.ruscoe@eh.net>... User unknown
Jul 18 11:18:14 eh.net sendmail[15795]: i6IFIE3t015795: <rach4@eh.net>... User unknown
Jul 18 11:18:17 eh.net sendmail[15796]: i6IFIH3t015796: <r5717917@eh.net>... User unknown
Jul 18 11:18:18 eh.net sendmail[15797]: i6IFII3t015797: <ra1ha@eh.net>... User unknown
Jul 18 11:18:20 eh.net sendmail[15798]: i6IFIK3t015798: <lil_passion@eh.net>... User unknown
Jul 18 11:18:21 eh.net sendmail[15799]: i6IFIL3t015799: <lilevans@eh.net>... User unknown
Jul 18 11:18:23 eh.net sendmail[15800]: i6IFIN3t015800: <nw-b5request@eh.net>... User unknown
Jul 18 11:18:24 eh.net sendmail[15801]: i6IFIO3t015801: <rockon@eh.net>... User unknown
Jul 18 11:18:27 eh.net sendmail[15802]: i6IFIR3t015802: <roddett@eh.net>... User unknown

On an old, short domain name with no more than half a dozen regular email users, I'd say that there's far, far more random spam than there is targeted. Incidentally, in less than a week when we get our new server we're going to implement SPF, and hope to see a lot less of this garbage.

Re:Disagree

[sjgm]

A catch-all does have its uses.

I'll give out email addresses to companies in the form theircompanyname@mydomain - this way, I can tell instantly who has been selling the address on.

I've never had spam to 'random' addresses via my catch-all. I've had a few to addresses I don't use (e.g. sales@) but I then simply turn off those addresses on a case-by-case basis.

Re:Disagree

[macdaddy]

Yeah it is getting ridiculous. I installed Canit Pro a while back to tie all the various OSS spam filtering apps together that I've been using for years. My spam influx has dropped from hundreds and hundreds a day to less than a dozen. The ones that get through now are the extremely stripped down oto practically nothing. I don't mind deleting them though, as long as the majority is dealt with without me.

On your topic though of giving it out to folks when you sign up I agree; it's a perfect tactic. I used to use Sendmail plus notation for that but I switched to using Sendmail aliases in the end. I can shut off the flow a whole lot easier for a given spam address. I wrote more about it in a previous post I was surprised to see what all reputable magazines, catalogs, and credit card companies sold my address to others. At least I can shut down the spam easily enough.

Re:Disagree

[hlh_nospam]

But the original statement said "I decided to pay the extra money to have email for the domain I registered" WFT?! Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!

Or get the same thing from Texas Domains for $9/yr.

Re:Disagree

[jannesha]

wildcard spam is minor/rare compared to targetted spam

grep -c "User unknown" /var/log/maillog.*
/var/log/maillog.1:120974
/va r/log/maillog.2:128921
/var/log/maillog.3:142227
/var/log/maillog.4:144032

That's >120K wildcard spams a week (on a University Professor's lab mail server, ~70 real users).

Re:Disagree

[greydmiyu]

Strongly disagree with you there. I work for a hosting company that offers catch-all addresses. Any time that people complain about spam the first thing I check is if they have a catch all address enabled. In every case they do. I tell them to turn it off explaining about dictionary attacks and the like. That one change reduces the spam load for all customers by a noticable amount. For some it has meant a near 90-95% reduction in mail heading into the box their catch-all address forwards to. The worst part is that so far I've met one customer that needed it. The rest could do fine without it.

I believe it is simply irresponsible to give spammers such an open door and have been lobbying hard to get that feature removed. It simply is not worth the hassle for us, for the customers, for anyone other than the spammers.

If a person can't figure out they fat-fingered an account when they get a bounce that says, "account mispleled@wrnog.dmoain.com" then that is their problem. The error was correctly identified and conveyed to them. Furthermore those errors should be generated at SMTP time by the sending MTA and not at delivery time by the receiving MTA.

Re:Disagree

[ElliotLee]

Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!

Why are you advertising directnic.com? In this age of domain registrar competition, $15 is expensive. domainsite.com is less than half the price ($6.99/year). Run your own nameservers and mail server, or get it hosted for about $10/year from any number of shared web hosts.

Re:Disagree

I admin a box with about 4 000 email addresses and a few hundred domains. Some have catchalls on and some don't.

Just counting messages delivered to local mailboxes (ie not forwards or non-existent addresses without catchalls) we block around 3 to 10 virus emails per minute when I was watching. In June we dropped over 500 000 virus emails. By the way we run ClamAV ( http://www.clamav.net/ ).

Re:Disagree

[Yaztromo]

If it is a personal domain with perhaps a couple of description pages and even a blog then, like me, you will get no more (from personal experience) than 10+ random (random in the way they are sent to webmaster/admin or anything that * catches other than regular) messages/week. No big deal

I'm in a similar situation. I have wildcard messages on one of my domains setup to send directly to me, and in the nearly two years I've had it registered I haven't had a single piece of dictionary e-mail sent my way.

However, I've ben lucky -- and I'm ready to disable wildcard processing the day my domain does get hit by such an attack. It has its limited uses until then, but I don't rely upon it.

The problem some people fall into is that when they setup wildcard acceptance, they don't bother to register the actual addresses they really intend to use. Here, I have every address in use properly configured -- the catch-all just forwards to one. And on the mail client side, I have a filter to remove anything that isn't to (or CC or BCC) one of those addresses.

But as I said -- currently I'm just lucky. One of these days that luck will run out, and on that day I'll be disabling the wildcard for good. The fact that it hasn't happened to you yet isn't an indication that it won't happen ever, and personally I'd much rather lose all the crap upstream rather than have to process it all locally (even if my e-mail clients built-in spam management is working beautifully, I'd rather not waste the bandwidth accepting crap I have no intention of ever reading).

Brad BARCLAY

Personal? No way, Business? yes (unfortunately)

[Grimster]

If this is for just personal use god do NOT bother it isn't worth it, no way no how.

Business? Yes unfortunately I would, actually, I do. See, people have this ANNOYING habit of just emailing "stuff"@domain.com asking sales questions or support questions, or whatever. I get emails to sales, admin, billing, suppost, administrator, postmaster, and as sure as I ain't monitoring something, someone will just decide for some reason or another to email like "web@" or something equally silly and unused. The offchance of missing a pre-sales or post-sale support question just isn't worth it.

So I run with bayesian filters, RBL's, and other goodies to try and minimize spam, it's not too bad about 6 per day get through, this is just short of amazing. I'll see maybe, 1 or 2 false positives (real mail marked as spam) per month.

If this were a personal setup, no "money" involved I'd NEVER use the catch-all.

Catch-all as spam prevention

[Animaether]

As noted by others, using a catch-all can be a great way to guard against spam by using it as a spamtrap.

E.g. sign up for Slashdot with slashdotorg@mydomain.com
If Slashdot were to ever hand out the e-mail address, just block it.

This doesn't prevent you from becoming the victim of somebody sending e-mail to @mydomain.com , of course.
For that reason I run a whitelist.
E.g. block mail from *@mydomain.com EXCEPT for : addresses actually used@mydomain.com .

This saves a lot of mucking about at the domain provider/e-mail provider's end (setting up either separate mailboxes or aliases), whilst giving you a theoretically unlimited number of e-mail addresses to use.

One word, though... postmaster@ is a domain that should always be reachable as declared in the RFXs. Thankfully I haven't seen much spam to it.
If you're running a business, then info@ abuse@ contact@ webmaster@ are likely to be mailed legitimately as well - though info@ certainly gets a good portion of spam.
And, lastly, it doesn't do anything for those making typoes in the e-mail address. Those having sent it that way assume it arrived properly.
This *could* be counteracted with a smarter filter that looks for potential typos, but I tend to think that the odds of that happening are so small (given that vitually all e-mail will reach you via link, copy-paste, or address book entry), that it's not worth the effort.

HELL no

[marsvin]

I used to run a qmail server for my personal domain. Qmail accepts mail first and asks questions later - that is to say, it doesn't reject invalid addresses during the SMTP session, it bounces them back later.

The result - thousands and thousands of spams to made up usernames.

I've patched qmail since then, but they keep coming in every day.

latest spammer tricks

[iggymanz]

I have my own domains on a machine co-located at my ISP. In the past 4 months I've seen alot of spamming done by just sending to a list of common usernames @my domain. If you want to see such a list, they're great for building your own mail body check and header check bounce criteria. However, the down side is you will get many 10's of megabytes of this crap.

It's a payback thing.

[NightHawkSky]

When spammers start flooding you with "joe1@domain.com", "joe2@domain.com" etc....randomly generating everything they can think of, you will see that. Check the headers of the message, or trace it, and if you realise that your @domain.com addresses are getting boatloads of spam from "Iam@retard.com", report him to the FCC for being an obnoxious tool.

(I think the address to forward spam to is "uce@ftc.gov" I might be wrong though, rifle around on their site.)

So close....

[Groo+Wanderer]

You are so close to the right solution. Spam almost universally will have a spoofed address, so sending something back to the 'sender' will not net you any more spam. Sending back is OK.

The trick is to put useful info into the reply. Try setting up a message in the 'this address does not exist' autoreply. Put in something like 'bob@domain.com does not exist. If you are trying to reach Robert Smith, please resend to robert@domain.com. If you want to reach someone in an administrative capacity, send an e-mail to admin@domain.com'.

You can extend this to all the positions that matter, postmaster, webmaster etc, and a few key people at the domain. The bad guys shouldn't get it, and the poor twinks who have their domain name spoofed will probably ignore it.

The people who DO need to contact you and did either screw up or guess wrong will simply get the info that they need to do right. Win/Win.

-Charlie

Re:So close....

[JPriest]

Insightful? You are suggesting I reply to all my spam and say, I am sorry xxx@domain does not exist, thank you.

That is like when answering the phone and then saying "I am sorry Priest is not home right now.... and sounding off my best attempt at a *beep*

There are timestamps, mail headers etc. that are too time consuming to try to forge, you are better off hoping they will think the mail platforms spam filter ate it.

I say go with the catch all domain, that way you can give out temp aliases like ny-times-reg@domain.com and know when someone sells your alias for spam.

Another piece of advice, is to register the domain with OpenSRS rather than a register.com reseller, because register.com either sells your info or has an easier database to mine from my experience with snail mail from my register.com domains.

Re:So close....

[Ohreally_factor]

Insightful? You are suggesting I reply to all my spam and say, I am sorry xxx@domain does not exist, thank you.

No, he's suggesting that you have your computer do it for you. You might want to look into this thing called automation.

Re:So close....

[nyseal]

Or, if someone REALLY needs to contact you, they can always pick up a phone and at least leave a message.

Re:So close....

[Brad+Oliver]

Try setting up a message in the 'this address does not exist' autoreply. ... The bad guys shouldn't get it, and the poor twinks who have their domain name spoofed will probably ignore it.

As a "poor twink" on the receiving end of a lot of spam, I've found that my filters are effective against everything but auto-replies.

Getting a ton of auto-replies from people on vacation, with invalid addresses, support addresses that have changed, and the ever-helpful "you've sent us spam and we've rejected it but our spam filter is too stupid to realize the sender was forged" really gets old after the first week.

Don't use an autoreply and turn your problem into my problem.

Re:So close....

[LynXmaN]

Sending back is OK.

Well if the domain that you're bouncing the message back is actually a little one and a spammer is sending like... millions of messages spoofing that domain you're collaborating to a DDoS against that mail server.

So sending back is ok, up to some point ;)

Re:So close....

[NoMercy]

Ideally the mail server shouln't accept the emails, not construct a nice reply, just send the relevant code and a short single-line message that the server is unable to relay/deliver the email.

The spammer's SMTP engine will get a mark against the email as bad, and valid ISP's relaying emails for there customers will generate a nice email for you saying that the address is invalid.

Re:So close....

[stephanruby]

This advice is so dead-on. It should be modded up. Unfortunatly, simple advice doesn't always get modded up even if it's dead-on.

Re:So close....

I wish there was a -1, Clueless moderation sometimes.

Spam almost universally will have a spoofed address, so sending something back to the 'sender' will not net you any more spam. Sending back is OK.

No, the receiving email address will be deluged with bounces from all the spam and you are just adding to the problem.

The trick is to put useful info into the reply. Try setting up a message in the 'this address does not exist' autoreply. Put in something like 'bob@domain.com.invalid [munged] does not exist. If you are trying to reach Robert Smith, please resend to robert@domain.com.invalid [munged]. If you want to reach someone in an administrative capacity, send an e-mail to admin@domain.com.invalid [munged]'.

This is what marks you as being utterly clueless. We are talking about spam being a nuisance for catch-all addresses. Did you ever think that the domain.com admins don't appreciate you posting random addresses at their domain on a high-profile website?

The standard way of marking an email address as invalid is to use the .invalid suffix. The standard domain to use for examples is example.com or the .example TLD. These have been reserved explicitly for this scenario. Feel free to use one, the other, or preferably both together.

Re:So close....

[arvindn]

Not only that, he explicitly suggested setting up an autoreply. Grandparent is the most retarded comment I've seen all day. Irony is that its modded insightful.

Re:So close....

Donno about that, most of what I get on my answering machine is spam as well.

Re:So close....

Easier said than done, and you still have to manually determine (or confirm) it to be spam at some point unless you want to tie in the entire thing with a versatile incoming spam filter, in which case you are automating the entire system of "Jim, no Jim is not here, try maybe Rob or Admin".

And for every bandwidth wasting spam sent, you are duplicating it and sending out to some unsuspecting fellow that probably had nothing to do with the spam.

Re:So close....

The admins of domain.com have asked for whatever they get in terms of having addresses posted.

Why? Because they picked a name that is generic in nature that people would likely use in examples of domain names. One that really ought to have been excluded from the registerable names...
that and internet.com

So they should not be shocked that people post random addies @domain.com around

Having a record in some silly registry doesn't give registrants exclusive rights to say postmaster@domain.com blahblah@site.com
myname@email.com or whatever.

Don't want someone to randomly come up with your
e-mail? Then choose a better/more well-thought-out name that isn't so pathetically generic.

Re:So close....

[babyrat]

Well if the domain that you're bouncing the message back is actually a little one and a spammer is sending like... millions of messages spoofing that domain you're collaborating to a DDoS against that mail server

Perhaps that DDoS will make the admin stop the spammer - sounds like a good thing to me!

Re:So close....

[babyrat]

oops - didn't the the spoofing thing...my bad

Re:So close....

Yeah you would think so.

My grandma was trying to email her granddaughter (my cousin) one day, and the kept saying some guy named "Damien" was harassing her...

'Course you could guess that it was an AOL email error, and "Damien" was really "Mailer Daemon", not much of a suprise, but I never really got it through her head that "Damien" wasn't some sort of magical Elf at AOL headquaters...

Sigh.

Re:So close....

[(negative+video)]

Don't use an autoreply and turn your problem into my problem.

They're talking about sending it out as part of the SMTP delivery failure notification, not as an email message. Spammers will ignore it. Legit senders will get an email generated by their own mail server.

Re:So close....

[Jesus_666]

Which will end up cluttering their inbox nevertheless.

Re:So close....

[LynXmaN]

Perhaps that DDoS will make the admin stop the spammer - sounds like a good thing to me!

It's not that easy, due to a spammer's fault our mail servers went from receiving around 10,000 mails per day to 2,000,000 completely overhauling our mail platform.

And the spammer couldn't be stopped since we couldn't trace the source of all the shit, he was using zombified clients.

As said, not an easy thing ;)

Re:So close....

[(negative+video)]

"Cluttering" their inbox when they mistype an address, that is. 99.99% of users want that to happen.

Re:So close....

[Brad+Oliver]

They're talking about sending it out as part of the SMTP delivery failure notification, not as an email message. Spammers will ignore it. Legit senders will get an email generated by their own mail server.

Perhaps I'm not explaining the situation clearly enough. In looking at my spam filters now, over 50% of the messages caught are SMTP delivery failure notifications. I have no confidence that people will be able to configure their SMTP servers to send back these notifications to the real sender rather than the spoofed sender, if that is in fact what you are suggesting will happen.

Re:So close....

[(negative+video)]

Sorry. I didn't mean DSNs, I meant the SMTP reply 550 Requested action not taken: mailbox unavailable. For a mistyped address, the sender's MTA generally drops a bounce message in their inbox. Spamware generally just ignores the reply. In no case does the rejecting MTA generate an email message.

Why bother?

[__aafkqj3628]

I have my own domain and I disconnected the catch-all pretty quick.
Why?
Because there's no point in having it. You're either going to email me at my correct mailbox (which isn't too hard to remember - it's one letter long) or try and be a smart-ass (in which case, I don't want your crap anyway).

Think of it as an asshole-filter.

accept all == bad

Accept email for the following accounts:
postmaster, abuse
and
hostmaster, security, noc
and optionally these:
usenet, news, webmaster, www, ftp, uucp

UUCP. Heh.

Read up on which addresses should be accepted by going to rfc-ignorant.org.
They have pointers to the relevant RFCs that specify necessary (RFC mandated)
addresses.

Accept email for your personal addresses.

EOL

Mistyped Emails: Let them bounce and let the correspondent eventually use the
correct address. Accepting random addresses on the off chance that
someone will use one by mistake is like packratting all that dusty
computer equipment. More resource intensive than actually valuable. Go
get that stuff recycled, btw.

Promote a few bogus, unlikely email addresses (e.g.
dmdxosmj843312@domain.tld) as spam traps by publishing them obscurely to
humans, but visibly to crawlers. (Small font in uninteresting web pages,
with disclaimer in mailing list messages, etc.) Use them as a feed to
train your filters.

Mandatory Domain Addresses: You just got the list.

Ad-Hoc Addresses: Use a different method to create temporary addresses.
Receiving emails to all addresses is not a temporary thing. At best you
can blacklist ones that get out of hand, but you really should be
whitelisting as needed.

Blockhole it

[Seven001]

I run a small hosting business, and by default, my accounts come with a catch-all that forwards to the admin account. I disable it on my personal domains, forwarding it to the site blackhole (basically /dev/null). I used to use it to get mail for a number of different names (info, sales, ect.), but it ended up saving me from quite a bit of spam to just alias those names instead.

If any of my customers ever complain about spam from the catch-all (and at this time, none have), I will tell them how to disable it in a heartbeat. I leave the decision to my customers, but really, catch-alls are pretty useless when I offer unlimited free aliases.

Use catch-all account to train spam filter

[j1m+5n0w]

If you use a spam filter, you sould not have to worry about it.

Even better might be to interpret all mail sent to the catch-all account as spam, and use it to train the filter for real accounts (though there might be issues with legitimate senders mis-typing account names).

-jim

My experience

[MrIcee]

We provide email for a number of our clients and we used to always configure the accounts to include catch-alls. However, in the last year more and more customers asked if there was anything we could do to help lower the spam they were getting. The largest thing we did - which every appreciated (and we have never once had a complaint) was to remove the catchalls.

If is much easier to have people tell us names and have us turn them on. It is just as easy for people to create a name "spam@whatever" and retire it when it gets nasty and start a new one "spam2@whatever"... which allows them to easily use email addresses at sites where they are required and discard them as they see fit.

We configure all our catchalls to issue NO SUCH USE reponses as well.

Catch all accounts may be painful

I once had my domain forwarding all my mail to my Yahoo account. Problem was, because its an old domain, and has been around since the mid 90's, I would get thousands of spam messages a day, before I filtered out any messages that weren't addressed to my user, or one of my valid aliases, way too many too look through, even quickly scrolling through.

A good compromise is having a bunch of aliases in /etc/aliases, and running your own email server. Then, you can just add aliases when needed, kill aliases that end up going to spammers, and pretty much have everything a catch-all address has, except you won't get the Joe Blow who typos your address with the message you desire to receive.

Nuke the dupes

[Camel+Pilot]

I have written a tiny perl script to nuke the duplicates in my catch-all mailboxes and it has cut out 90% of the catch-all spam. In this day, a catch-all mail box to a domain that has been around a awhile will recieve between 5 to 7k e-mails per day (at least mine do) however the majority are shutgun style spam with same e-mail addressed to a dozen or so random names.

one word

[zBoD]

tmda

Use subdomains

[gregmac]

For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering).

What I've been doing for the last couple of years is using a catchall at a subdomain of my actual domain. The typical dictionary spams (postmaster, sales, etc) don't come in, because they only work on top level domains (otherwise spammers would be wasting a large amount of time spamming "sales@www.domain.com" which pretty much never exists..

When I sign up for an account at example.com, I just register as example.com@catch.mydomain.com. If I get spam, I can block it, and it doesn't interfere with my actual domain. If I decided one day I get too much spam to it, I could just switch to another subdomain name.

Use a subdomain to outwit spammers

[izx]

As someone who has been using catchalls for more than 2 years, I feel it's worth it, couple with a good client-side spam filter (Thunderbird works for me). I use a slightly different scheme that works against spammers who typically target only the first-level domain (i.e., mydomain.*):

There's my main email for friends and family: me@mydomain.net

There's my secondary email for less important personal uses: me@mercury.mydomain.net

There's the catchall, *@mercury.mydomain.net, which I use to hand out customized addresses to commercial sites, both so I can easily sort the important ones (Airline discount emails, etc.), and so I can track any lying bastards that sell me out.

Thunderbird has rules corresponding to the above 3, and the rest of the catchall email goes into the catchall folder. If I'm expecting something, from a signup for example, I'll quickly check the catchall folder. Otherwise, I check it about once a day.

In general, I haven't had wildcard spam creep into mercury. I guess that's because spammers don't generally bother with wildcarding subdomains. Also, mercury doesn't do http, meaning it's not generally visible on the web.

Try Again (was Re:Nope)

The ideal setup is to have several addresses.
One for close friends, associates, individuals and people who the address is sent to privately.

Yep, that works until one of your "close friends or associates" clicks on an email worm and the contents of his or her address book get blasted across the universe.

Or until they send this great joke to everyone they can think of, and they mistype one address and the entire cc: list goes to a spammer sitting on a typo-styled domain name with a catchall address.

The only bulletproof way to keep an email address private is never to use it. Kind of defeats the purpose though, doesn't it?

Worth the trouble

[Starky]

Another potential problem that the /.ers have not focused on is hijacking of your domain. That is, if your domain is named joeblow.com, some spammer will eventually spoof the domain; i.e., send 100 million spam with "From:" headers aaaaaaa@joeblow.com, aaaaab@joeblow.com, aaaaac@joeblow.com, etc.

However, I've had my own domain for years and heartily recommend it. The up side by far outweighs the down side.

And the fact that anyone will be able to reach you for the rest of your life at that one e-mail address is a pleasant bonus you will reap rewards from in years to come. I've received a number of welcome e-mails from friends I haven't spoken to in years, but who just knew that they had to remember my name to contact me whenever they wanted.

It depends.

[slasher999]

One thing we do as a company is use a catch all address from our hosting provider, pull all the mail down with POPBeamer for Exchange, filter the mail with GFI's MailEssentials and MailSecurity, then deliver the mail to the correct mailbox with the Administrator getting all mail not otherwise deliverable. If you want to provide internal mail for a couple of people in your home, this process may be worth it. Otherwise, use the mail accounts your provider gives you (ours gives us 10,000 with our $20 a month hosting plan) and skip the catch all.

Use Mailinator!

[popo]

Forget the "Catch All" e-mail address. Use Mailinator.

FYI -- mailinator is a non-passworded public catch-all system. Perfect for temporary site registrations. I use it frequently and its an unbelievably good service...

Re:Use Mailinator!

[lewko]

I prefer http://www.spamgourmet.com/ as it is forwards mail and is slightly more configurable than mailinator. Also, it avoids the problem mailinator might have of someone else reading mail to a common disposable address e.g. Slashdot@mailinator... (address syntax might be wrong, I haven't used Mailinator for a while.)

Re:Use Mailinator!

[VE3MTM]

Another one is http://www.bumpymail.com/. I've used it before. It's simple and works great.

Re:Use Mailinator!

[sjgm]

That's why I use {random-string}@mailinator.com for signup confirmations. As soon as I've been able to confirm my membership I'm done with that mailbox. The chances of anyone guessing the address and reading the mail would be minimal.

It goes without saying that I wouldn't use Mailinator for anything remotely private, of course.

One Word:

[TheVidiot]

Spambayes. Problem solved.

I had one of these . . .

[Selanit]

. . . and eventually I turned off the catch-all feature. It was very nice for about a year, until some spammer decided to start sending spams that appeared to originate from non-existent email addresses at my domain. Then all of a sudden I started receiving some four thousand messages per day to accounts that didn't exist. Most of them were bounce messages -- "Postmaster: error, user X doesn't exist" or "Postmaster: No such address" -- but there were also a few actual emails from incensed people demanding to know why I was sending out pornographic horse-on-girl crap. Oh, and one person wanted to know why on earth I wanted to sell her both breast enhancements and penis enlargement pills.

After a couple of days of that, I turned off the catch-all account. It's just not worth it.

From personal experience...

[example42]

From personal experience with my own domains, I have never ever gotten a legit piece of email to accounts other than real ones. I daily get emails to webmaster@[domain.com] and sales@[domain.com] (account that don't exist) and all are 100% spam, generally, of the "Does your business need a new logo?" variety.

Catch All != Your Friend

[shadwwulf]

From experience in operating multiple servers hosting many(read 10,000+) domains each, I can say that the catch all account is a VERY BAD thing.

Spammers recently have turned to more use of the random username approach and the catchall catches, well, all. This can in some cases total to more than 4500 emails a day in some cases. Hardly something you want to pull through a POP3 connection if your ISP doesn't have effective spam filtration.

Quite honestly the catch all serves little purpose if your email transactions are done in a correct manner. mailto: links have NO BUSINESS being on a web site for a company(or personal user for that matter) a simple CGI based contact form shields access from spam bots getting your email address and you can make sure ahead of time that your email address is properly configured.

Secondly, if you are emailing somebody else, most people use a context menu on the email you sent to add you to their address book. Again that eliminates the human error factor.

Also as others have already mentioned, a human will be able to read a mailer daemon response telling them that there was a mistake should they send directly.

My $0.02

SW

Whatever you do...

[Fweeky]

Make sure addresses like postmaster@ and abuse@ work. They're unlikely to get spammed, but may well receive important messages.

postmaster@ is actually required by rfc2821, btw.

As for the subject of the discussion; my catch-all addresses have been fine, but YMMV. If I was that worried about dictionary attacks, but still wanted the ability to give a new address out to each company, I'd do something like *-signup@mydomain or *@signup.mydomain or similar, but you might not have that level of control (in which case I'd recommend finding somewhere better to host your email, but *shrug*).

Re:Whatever you do...

[carou]

postmaster@ is actually required by rfc2821, btw.

No it isn't. Read the site you link to.

Section 4.5.1:

In extreme cases --such as to contain a denial of service attack or other breach of security-- an SMTP server may block mail directed to Postmaster.

Re:Whatever you do...

[Fweeky]

Any system that includes an SMTP server supporting mail relaying or
delivery MUST support the reserved mailbox "postmaster" as a case-
insensitive local name. This postmaster address is not strictly
necessary if the server always returns 554 on connection opening (as
described in section 3.1). The requirement to accept mail for
postmaster implies that RCPT commands which specify a mailbox for
postmaster at any of the domains for which the SMTP server provides
mail service, as well as the special case of "RCPT TO:<Postmaster>"
(with no domain specification), MUST be supported.

The section you quoted basically means you can spam/virus filter it, and set up temporary denials in the event of attacks; nothing more.

Do you even want catch-all mail

[gregmckone]

I guess the question is "What is the value of catch-all mail". If you are expecting customers to be clicking on a mailto: they will have the right address. If a friend replies to your email, they will have your correct address. If a person reads the address off of a mailing list or newgroup, they will have the right address. All of these situations are high value for you. You know the people, or you want the people to contact you. The only case where you lose out is when someone types your email address in incorrectly. Now how often does that happen, and what is the value lost? If you publish a newsgroup about leprechauns, and a complete stranger tries to send you their feelings about the little people, then you have really lost very little.

If your email includes orders for merchandise, and it is possible a person might have hand typed the email. It might be worth catching those, but again... "What is the value?" If you sell $500 stereos and find one order a month addressed to the wrong email, it might be worth your while. If you sell widgets at $2 and find one order a month go missing, searching through a pile of spam to find the treasured Order, is not worth your time.

Do you like dredging through spam in order to find meaningful emails? If you think it is fun to sit up late at night building rules for spam filters then go for it. If however you think the technology should be working for you to reduce the hours you spend dealing with administrivia, drop the folks who can't type? What would the logical extension of email-catchalls to the rest of the world be like... For phone numbers??? For letter mail??? For the serving of legal summons??? Yes, never in a million years (never say never) would we think it reasonable to receive 100s of other people's phone calls letter mail and legal summons(es?) just in order to also receive the people who didn't know our phone-number / address.

Email catch-alls really seem like a "Because we can" technology, rather than necessarily a good feature to have simply because it is included.

If you didn't feel like registering a domain name just to maintain your email address, you could always look to a provider who offers generic email pop3 email accounts at a reasonable price. Like one featuring spam Assassin and webmail with addresses ending in "emailonline.ca" from
GreenTree Software.

Greg.

Use abuse@yourdomainhere.com

If you have your own domain, the simplest thing is to use abuse@yourdomainhere.com. Someone posted this suggestion on slashdot a couple of years ago and it works great. I never receive any spam.

If you don't mind spending a few extra dollar a year for a domain, this is the way to go.

Re: I wouldn't bother either

[shubert1966]

One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not?

Perhaps I don't know what I'm talking about but I think you should do something like this (now that you have a domain and hosting) . . .

Give people your web address instead of an email address and have your host deny email service to your domain except for those Addressed TO a single specific adderss. Next, configure an email-webForm with a CAPTCHA field. Users are asked to include their address and the text is sent via the form to your application(scripts). With no CatchAll in place you can deny all email EXCEPT to one specific, and preferably obscurly-named email address. With existing Trusted contacts and New webform contacts you can build a list of addresses which you will accept mail from and can give them THAT address. Now the lock is tight in both directions - all others need to knock at the front door before entering your bus.

Of course, I like to dream alot about taking down Yahoo!, Hotmail and GMail all within a couple of weeks of adoption of my new paradigm. And there was that talk of me being the Village Idiot. Thank God we lived just outside the city limits!

a spam tip

[DuctTape4Windows]

on my website i add a whole bunch of fake email addresses similar to mine in alfabetical order, then in Mozilla Thunderbird, i set a filter that says if there is an email addressed to (similar email address here)x50 to mark it as spam

so at the bottom of my site you see a whole bunch of hyperlinks, ". . . . . . ." all with mailto:___similar_email_address_here___ as the URL

usually spammers seem to CC: or TO: email addresses close to your's, and usually send one domain at a time (by sending one domain at a time, it speeds up sending for them).

i think if you do something similar to what i do, you shouldn't have much of a problem.

it works pretty good, since using Mozilla Thunderbird i went from more than 100 spams a day to Zer0

Depends

As someone who runs a free POP3 e-mail service (www.nerdshack.com), I know exactly what it means to open up a catchall account (I don't have one). For about two months before my service went live, I had postfix up and running in an almost ready configuration. Over that time, my server averaged about 1000 rejections a day!

Why you ask? Well I figure it was because of two reasons. One "nerdshack.com" & "mailshack.com" are both easily guessable domain names. If the domain name had been, yoyoyoshackisaplace.ws then no program would have randomly tried that address. However the combination of an address (which is posted on the net a few places because nerdshack.com used to be an Inet BBS in San Fran back in the late 90's), and because its a simple word combination made me think it was getting guessed by spam bots.

The other suspect I have is reverse DNS. I know spammers poll random IP addresses looking for open port 25's. Well then you may ask how they guessed the domain name? Simple, once they have the IP, they just need to do a reverse DNS lookup. I think this was the biggest cause simply because our SMTP server was reversed to mail.nerdshack.com, and a good chunk (maybe 70%, but just a guess) would try using username@mail.nerdshack.com. That seems like a dead giveaway to me.

What can we learn from this? You will get more spam at a catchall address if you have an easily guessed domain name (or one that is linked to/posted on many websites). You will also get more spam if you have your reverse DNS setup correctly.

Whatever you do, make sure than you publish SPF information. The answer to all of the random@domain.tld scatter back spoken of above is to publish SPF information for your domain. Many sites use this information to make sure e-mail is not coming from a forged sender. This will at least stop those sites (many of the major e-mail providers) from bouncing messages into your e-mail box.

Of course DomainKeys are right around the corner, but they depend on a) implementations being availible (none for Postfix), and b) people using it. SPF on the other hand will work now, and a good chunk (20k domains at last check) enforce it. Check out (spf.pobox.com) for more informtion.

Now the reason I titled this post depends is because there might be a good reason to use a catch all.

Some friends of mine have a low traffic domain (www.raz[no I am not giving it out]ion.net), and they use a catch all to make sure all client e-mails make it through. They also do the requisite junk address for those mandatory registartion pages (thank you bugmenot.com). They find it useful to do the joe.ebay@domain.tld scheme because it becomes easy to make up, and filter e-mails.

Long term, just make sure you have a good spam filter. The one I reccomend is DSPAM (www.nuclearelephant.com/projects/dspam), though recieve fair warning that it is very difficult to implement. I ended just using their library (along with the ClamAV library) and wrote my own interface. (I hope to deploy this code in the next month or so, right now I use SpamAssssssasain).

Anyways, thats just my $.02.

Personally..

[SCSi]

I have a catch-all enabled that dumps into spamtrap@mydomain.com... I have root/postmaster/etc aliased to my real email address.. Whatever spamassassin doesnt tag as spam in the spamtrap accounts gets re-fed into the baysean filtering afer I skim it really quick to make sure nobody just mistyped something... Works really well..

Re:No big problems here (Mod Parent Up)

[anonicon]

Please mod the parent up. I have my own domain that comes with unlimited aliases and I use them for every account that I use online, e.g., if I shop at CDNow, my e-mail is cdnow at fatchuck dot com.

FWIW, I've never received a single spam to any aliases outside of my slashdot alias and I've got about 20-30 of them. Now, I bought my domain after it had previously lapsed, so when I first got it, I got a ton of spam to webmaster@, master@ and sales@. After going into CPanel and routing all e-mail for those addresses to the trash, spam has ended.

As the parent said, use wildcards and don't share your personal address with anyone besides very good friends and family, OR, make sure your personal address is one you don't mind changing.

Peace,
Chuck

I do the same thing

[3vi1]

I do this exact same thing (register on somewebsite.com as somewebsite@mydomain.com). It's great for tracking if someone gives out your e-mail, so that you can refuse to give them any more business at the very least. The mail all comes into my postmaster account.

If someone ever did give out one of those addresses. I would simply put a single rule in my filter and never see the spam again.

I've been doing this for about three years and have never had a problem with mass spam hitting the postmaster. Not once. I highly recommend it.

Filtering

[brandorf]

I use a catch-all account, but it is a separate account from my personal account (catch-all goes to null@domain.com). From there my mail filter (popfile) can automatically classify any mail that comes in the catch-all account as SPAM. So I get to use this free corpus of spam to train my filter without me actually having to do anything. For the family members who continually misstype my email, whitelists are used to make sure the mail gets safely through.

CATCHALLS equals a BOMB = Harmless until exploding

[mdrejhon]

Catchalls are harmless until they explode. The results were not pretty. All it takes is to be targeted as a potential ISP goldmine of email accounts, and then be dictionary-attacked by a spammer, then lots of your email addresses are put on huge numbers of spam lists. Then you've moved from no spam to near infinite spam. Over one thousand spam per day, gobbling up your download bandwidth and slowing your Internet connection even if your spam filter filters 98% of it which still lets a couple dozen through, it becomes living hell!

while (true); do cat /dev/random | mail myself@mydomain.com; done

I have a catch-all domain...

[driptray]

...and I receive about 850 spams a day to addresses that have never existed.

Some of these addresses are obviously now on all the spam lists, and these addresses are responsible for about half of the spam. The other half are "dictionary" style attacks with addresses that use common names such as brooks@domain, murray@domain, jones@domain, etc. These spams often come in waves, but in general their proportion of the overall mix is increasing.

The irony is that I got the catch-all domain to help deal with the spam problem, but it has only made it worse. And the real irony is that none of the throwaway addresses I use to register for things have ever been spammed.

Re:I have a catch-all domain...

[Edweirdo]

I have a catch-all domain and I get only about 150 spams a day. The funny thing is that most of the spam is to the ISP address and not the domain. I estimate about 60% of the spam is to the specific e-mail address I have for the ISP. I don't know how that got out there because I never use it unless the ISP itself sold its addresses.

a benefit of catch-all addresses

[commodoresloat]

It allows you to have multiple identities and thus determine where spam comes from. Want to subscribe to a free registration website that requires a valid email address? It the site is yourfreepron.com log in as yourfreepron@yourdomain.com. Any suspicious messages in your inbox can be instantly associated with where it came from this way, and you still get all required messages from the website.

Re:a benefit of catch-all addresses

[tarquin_fim_bim]

And having this information will benefit you how exactly? You obviously have either way too much time on your hands or too few domains to worry about.

Re:a benefit of catch-all addresses

[lewko]

I used to use my catchall for precisely that (e.g. slashdot@mydomain.

It DID help me bust someone for passing on an address which was instantly traced back to them.

Spam however has completely ruined it though for the problems outlined in this article. Unfortunately I can't turn off the catch-all as there are so many 'legacy' addresses from which I might only hear once a year but don't want to miss their email.

I now use http://www.spamgourmet.com/ instead to create disposable accounts as I have the luxury of being able to kill them (or let them die) if need be. It's free and I highly recommend it.

Re:a benefit of catch-all addresses

[harlows_monkeys]

It allows you to have multiple identities and thus determine where spam comes from. Want to subscribe to a free registration website that requires a valid email address? It the site is yourfreepron.com log in as yourfreepron@yourdomain.com.

You don't need a catch-all for that. You just need a hosting service that lets you set up forwarders. So, in your example, I'd simply set up a forwarder for yourfreepron@mydomain.net to forward to myrealaddress@mydomain.net. My hosting service adds an "Envelope-To" header line that tells what address the mail was for, so I can then easily filter it on my end.

This gives me all the throw-away addresses I want for spam protection and other purposes, without having to deal with the spam to a catch-all address.

Re:a benefit of catch-all addresses

[commodoresloat]

Then you have to set up a new forwarder every time you use this. The catch all is a lot easier, and it doesn't seem to net that much more spam. As other people pointed out, spammers rely more on lists of known working email addresses than on guessing random userids on a given domain.

Re:a benefit of catch-all addresses

[macdaddy]

There are better ways to do this. First off there's Sendmail "plus notation," also known as "user+detail" format. If you haven't heard about this you should do some research on Sendmail's website. The other method if you own your own domain, which obviously you do if your using a catch-all address, is to simply use aliases. Add your custom alias to your local aliases file, rerun newaliases, and you're set. Personally I use a little of both. I use aliases all the time. I can add an alias in a matter of seconds at any given point and time. A quick look at my current aliases file shows me aliases for dictionary.com, outdoorsuperstore.com, The Wall Street Journal, The New York Times and more. The best part about aliases is I can turn off the flow of spam by simply removing the alias. To stop the flow of spam to an address using plus notation I have to whip up a procmail recipe. I've seen more than one spammer strip the plus notation from outgoing addresses though so it isn't always going to stop the flow of spam. Not all web forms accept the plus sign as a valid email character. YMMV, no, I take that back. I can guarantee your mileage won't vary. Catch-all addresses have only one valid use: to collect spam. Plus notation will work much of the time. Aliases will work all of the time.

Re:a benefit of catch-all addresses

[harlows_monkeys]

As other people pointed out, spammers rely more on lists of known working email addresses than on guessing random userids on a given domain

I suspect that this depends on the domain. Mine is a three letter domain under .net, and I suspect that contributed to a lot of the spam to my catch-all when I had it enabled. Spammers probably guess that I'm an ISP.

Another thing to consider is bounce messages. Spammer sends spam, forging random@yourdomain addresses as the sender. If you've got a catch-all, you get the bounces from those.

Re:a benefit of catch-all addresses

[bot24]

I have aliases on my server, but I still haven't had a use for them. If things start getting bad on your account(the one on your webpage that you tell people about) you should be able to make a script that rotates it so that the address is only good for a few days. Put the date in the address or something so that people don't have to look up your address every day.

Re:a benefit of catch-all addresses

[cerberusss]

It DID help me bust someone for passing on an address which was instantly traced back to them

And then what did you do??

Re:a benefit of catch-all addresses

[lewko]

And then what did you do??

I killed his parents, and then fed them to him in a chill at my chilli con carnival. When I told him what was in the chilli, he cried and Radiohead called him a cry-baby, Best....Revenge.....Ever!

Seriously? It was a well-known company and this didn't sound like sanctioned behaviour. I contacted the CEO who was most alarmed by my accusations. It turned out their mailing list had been sold by an employee (subsequently a very ex-employee). They were quite honest about the whole thing and gave me lots of free stuff.

This was good considering at the time (several years ago) there was no real legislation about that sort of thing in Australia. I daresay I'd be a little more militant in my response these days.

I am also involved in the prosecution of a Spammer who used another such address as part of a Phishing scam. I can't comment on that as it is still a 'work in progress'.

Re:a benefit of catch-all addresses

I did this, but after a while it became irritating trying to keep track of all the addresses I gave out.
I decided it's best not to have a "catch-all" address and to add specific addresses to my e-mail redirect file -- that way I get very little spam and if any comes from one of those addresses I can easily delete it.
By the way, I once got a "cease and desist" email from some dumb company that told me that "using their company's trademarked name as my e-mail address violates their terms of use" and that "I must change my e-mail address or legal action will be taken." -- Fucking Morons! So, every domain on the entire internet with a catch-all address is in violation of their terms of use and potentially faces legal action from them. Unbelievable!

Re:a benefit of catch-all addresses

[Carmody]

You are saying that

(1) Someone was selling email to a spammer

and

(2) You got the SOB fired?

You are my hero for today!

I use Postmaster for real

[rfc1394]

Ever since I got my own domain name (paul.washington.dc.us) for free over five years ago and thus was able to legitimately use "postmaster" as an e-mail address, I use that. Actually, my system sends everything to me as a catch all regardless of address. I use a Yahoo address (I was using Netscape before) as the actual termination point (since I can simply change my termination point in the control panel at my nameserver's facility) I can redirect my mail in ten minutes. Yahoo's spam filtering is very good, I'd say maybe 3% of the mail I get is incorrectly marked as spam, mostly because it either uses html or it has attachments of certain types, but otherwise most of the spam is simply dumped unopened into the trash after I save the very tiny number of good mails I do get. Also I have certain usernames I use specifically for e-mail harvesting and any mail to them is either responses to orders I don't care about or spam, and I can read it or discard it. Works for me, anyway

Paul Robinson <Postmaster@paul.washington.dc.us>

catch alls

[themexican]

I own several domains and get surprisingly little spam from the catch all accounts.

I actually find catch alls usefull for the reverse reason... when I am forced to enter an email address I use thesite@mydomain.com... this way I can track who is selling/trading my email address. So for example if I use amazon@mydomain.com and 3 weeks later I start getting spam on that address I know where it came from. Also I can then set up that email address as a real pop address and never check it or better yet forward it to uce@ftc.gov the government spam reporting email address...

asdf@asdf.com's Reasoning ...

[oostevo]

Someone actually does have the email address asdf@asdf.com. Here is his reasoning why he doesn't accept email to that address.

I tried using a catch-all for about 5 minutes..

[halo1982]

So I tried using a catch-all address one time for my domain. I left Outlook open all night and in the morning I had something like 5000 e-mails. So for me the very very small advantages (mistyped e-mails, etc) were far outweighed by having to go through all the spam not caught as such.

Blackhole or Fail the catchall..

[the_rajah]

I run several domains where I have e-mail servers. Years ago I would forward the catchall to my main mailbox so I could see what was getting misaddressed and handle it appropriately, often forwarding it to the correct address if I could figure it out. Obviously that doesn't work nowadays. I've set some of my catchall defaults to reply with a failure message and delete the message. You know, "No such address here." Some other domains, where the traffic is heavier, are set to send catchall mail to the "Blackhole" AKA bit bucket. In most cases misaddressed mail to my domains gets the failure message and, if they really want to get through to me, they figure out what they did wrong and I eventually get the message.

"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain

Re:Blackhole or Fail the catchall..

[gerardrj]

But without a catch-all address the sender gets an error message before the message is even sent, thi saving bandwidth for other uses.

To accept ALL email, then figure out if it's real or not seems like a tremendous waste of time to me.

not much of a problem here...

[w4rl5ck]

I own two domains, both running catch-all. I do not get many spam mails on the "random" account, most of my spam is adressed to the address I use widespread in forums and stuff.

I think only 10-20% of my spam is recieved via the catch-alls, that would mean roughly 10-20 mails per day. I get about 100 spam mails per day. SpamAssassin doues a great job here, so I don't care much any more. It's just removed. The catch-alls are not really making it worse!

It'd be like filtering a firehose

[MDMurphy]

If you have 1000s of messages coming to a person computer it doesn't mean squat what your filtering scheme is. Even if you don't "see" these messages, you machine is still going to have to read messages to evaluate them, or at the least download the headers (though header analysis isn't going to get you 100% filtered spam )

Accepting email from 1000's of possible email addresess @ your domain when you know they're all bogus is just asking for punishment.

Catch-all is a bad idea

[gujo-odori]

In my former life as a postmaster, I got a good look at what catch-all accounts do for people. It wasn't pretty.

Picture the scenario of a dictionary-attack spam: the catch-all box will accept *every* one of them. If the attack covers 50,000 potential addresses, well, you'd better have a large mailbox :-)

Also, WRT important accounts like postmaster, that should never go to a catch-all account. See RFC 821/2821: the postmaster address must work, must accept all mail, and must be read by a human. You should explicitly activate postmaster and either read as postmaster or alias it to your real address. Don't let it get caught up in a catchall mess.

For other "important" accounts, they should exist only if you have that role. For example, if there is no website, don't have a webmaster account. It will just be a spam magnet. Ditto for admin, and any other common role accounts. The only one you are required by RFC to have is postmaster. Dispense with the rest. Anyone who wants to contact a role account and can't figure out to try postmaster is someone you don't really want to hear from anyway.

my personal domain

[way2trivial]

is a .info...

1.5 years, no dicitionary attacks.. catchall in place, and forwarded to my "main" email for the domain

I use per domain/individual emails, I told my local circuit city my email address was circuitcityac@mydomain.info and so on..
the only thing that sucks, is I can't find an email client that lets me generate replies using variable return to me email addresses created on the fly, I have to make an entire account for it to work..
what I do is edit my 'generic' info account before each email, where I don't want to give out 'me'

Re:my personal domain

I can see why you don't want to give out 'me' as you say. Because you are an asshat that can't capitalize the beginnings of sentences even after continued public shame by me. But you can hit the shift key for "I" to make yourself more important. Fuckwit...

Sites who require a valid email address

[xiando]

Personally I don't use wildcards for any of my domains. I do frequently make new aliases that I only use one or two times just to provide sites who require a valid mail account with something, after I get the confirmation mails I remove them. And guess what? Many of these temporary, now invalid aliases recieve spam attempts - spam I would get if I used wildcards.

Personally I'd rather not get mail from people who are not smart enough to type my mail correctly... :)

Don't host a website on your domain....

[GI+Jones]

I have been hosting several personal domains for years, all with a catch-all account. The spam I receive on most is minimal, mostly stuff promoting web related services. I guess that this is simply from people who crawl the domain names and send to basic accounts like "admin", "webmaster" and "postmaster." These can easily be identified and filtered.

One thing I have noticed, is that one of my domains is the one I use for web hosting. I have determined that if you have a domain with a website that is linked to throughout the web, you will receive a ton of dictionary email account spams. So, if you get your own domain, don't use it for a web hosting domain and your spam quantity will be quite reasonable.

Of the 5 domains that I own, only 1 gets lots of spam to the catch-all... that one is the domain with the web hosting. All the others are minimal.

Oh, one of the other benefits of a catch-all, is that when you are forced to include an email address for some web sign-up, you can invent an email address under your domain without setting up an account. So, if you sign up for a give away at www.freebeer.net, you use the email address freebeer.net@mydomain.com... you can then get the mandatory confirmation emails, but you can later filter that email address and track if that email has been sold. It is a beautiful thing. If the email gets sold, you simply start forwarding all the mail on that account to some email address at the original company that sold it.

just my $0.02,

I'm curious

[Quazi]

Why does email make it to my mailbox when it DOESN'T have my name in it in the first place?? Maybe if we fix that, we'll cut down on most of the spam.

Re:I'm curious

[dsb3]

> Why does email make it to my mailbox when it DOESN'T have my name in it in the first place?? Maybe if we fix that, we'll cut down on most of the spam.

The email does have your name on it. What you're probably refering to is email that has your address in the ENVELOPE header and not the MESSAGE header.

Before you say this is a bad idea ... it's required if concepts such as "Bcc" are to function.

Sneakemail.com and FastMail.fm

[gottabeme]

http://www.sneakemail.com/ It's free, you can make as many addresses as you want, and when one starts getting spammed, just delete it. Use it for your own Web site; when it starts getting spam, delete the address, make a new one, and put the new one on your site.

http://www.fastmail.fm/Best e-mail provider, IMO. Their paid accounts can't be beat for price or features. Excellent uptime and service. I use them to host my own domain. Catchalls, custom server-side Sieve scripts, and several free aliases on their own domains too. Good SpamAssassin filtering too. You can try out a more limited free account too.

try this username: spam@example.com

[microcars]

getting a little OT here, but after experimenting with the * or "catchall" email address on several domains, I have found the best username to be....SPAM

So many people use things like:
johnNOSPAM@example.com
john@NOSPAMexample.com
johnREMOVETHIS@example.com...

that the SpamHarvest bots seem to harvest emails and then REMOVE words like:
SPAM
REMOVE
THIS
NOSPAM

before adding the names to their "fresh" list of email addresses to sell.

but if they remove SPAM from SPAM@example.com, they are left with.....
@example.com
which should be undeliverable.

so if your email is SPAM@example.com, you should get email from your friends, but my extensive use of that username on USENET has shown me that it does in fact work! I received only ONE spam email to that address in the past year of using it.

getting back On Topic for a minute, see if you can "disable" the "catchall" or "*" email function at some point. While I have not been hit with a dictionary attack, its obvious from the other posters that it is not uncommon. If you can route all non-assigned usernames to null when you discover this to be a problem, you will save yourself some headaches.

Re:So close.... and yet so far

[Scryer]

>... the poor twinks who have their domain name spoofed will probably ignore it.

This is *such* annoying advice. I have a long-duration (approximately 1993) very public email address, and it's spoofed a lot and one of my main annoyances is this auto-replied "You've reached a bogus address or domain" message.

DO NOT send any auto-replies for anything.

DO NOT send messages saying that the (probably spoofed) sender has sent you a virus.

Ask the guy

[Cavio]

... from nowhere.com

My experiences with a catch-all address

[The+Gline]

I have a funny real-life name which is often misspelled, so I set up a catchall on my mail server to forward everything sent to my domain that doesn't quite match any of the addresses set there.

At first, yes, I did get a lot of spam. However, it's tapered off thanks to two things, I think: 1) Mail filtering on my end (I use SpamBayes and LOVE it to death), and 2) spammers gradually abandoning the tactic of mailbombing a server with any name they can generate at random.

I'm not so sure about #2, but I have been getting almost all my spam sent to a specific email address of mine that is public. Curiously, it is NOT the email that I used on my site to contact me with.

Sum of comment: I use it, and the spam problem hasn't stopped me from using it.

Four Hundred Megabytes of Spam a Day

[MichaelCrawford]

I have a catch all email address at my domain. It's catching so much email that I've had to tell all my clients to email me at this Yahoo address that (ironically) I registered so I could sign up for websites that I suspected would be spammers.

I have more details in my Kuro5hin diary:

• Two Thousand Spams a Day - mostly racist messages intended to affect the recent German elections
• Four Hundred Megabytes of Spam a Day - mostly the zafi.b virus

You`ve got 1 VoiceMessage!

My hosting service had the ClamAV antivirus software installed for a little bit, but had to disable it because it was using too much CPU time, I think because the host was getting so much mail.

depends on what you want to do

[rsw]

One argument: error messages tell the user that they didn't get you; if it goes into a mailbox with 10e3 other emails you'll miss it. The latter is a worse situation.

Another argument: you _will_ get tons of spam. I did a catch-all account on several of my domains when I was moving (basically, a friend of mine handled all my mail by passing everything addressed to one of my domains to a procmail script I wrote to handle it). My spam went up by about a factor of 5.

A counter-argument: I also found that if you assume that everything to an invalid address is spam, you have a pretty good source from which to train a Bayesian filter.

So it depends on what you want. If you want some Bayes fodder, go for it. If you're doing it for convenience, it's not going to be as great as you think.

Not much of a problem

[autopr0n]

It wasn't much of a problem for me, untill some spammer started faking address at my domain. Now I get tons of "message failed" emails. *sigh*.

That said, having a catch all address is actualy a great way to prevent spam. Why? Because whenever you're required to enter an email address, you can just make one up on the spot. That way, you can get the corrispondance you need, and if you ever get spammed on the address, you'll know who sent it. And you'll never have to worry about getting your primary account spammed.

Yes, Catchall is Good!

[argoff]

What I do, is give a different email address to everyone who asks for one, if one of them gets too pesky with spam, I SMTP reject it with a message directing them to a webpage with my new email address in a GIF file with a background that thwarts optical character recogniotion.

So far, I've rejected thousands of spam, but never got one spam hit on my GIF email address.

Also, so far I haven't had to block all address to prevent random email attacks, but it would be easy enough to block all and add a new email every time I give out an email address if I wanted to.

Works wonderful

[bobthemuse]

I've been running a catch-all for several years, I get an increasing number of dictionary attacks, other than that, works wonderful.

Started forwarding to a gmail account last month, opened up all the previously blocked addresses to test their spam filter. I average about 2 spam messages getting through per week, and don't have to worry about deactivating compromised addresses. Gotta love google...

Catch-all plus Heuristics?

[ByteMangler_242]

I have managed a catch-all address a few years back, and found it to contain almost no spam, but our whole domain was rarely attacked back in those wild and woolly days. Catch-all + admin = forward to the right person in a timely manner.

As for today's spam, what about a heuristic (sp?) based filter on the catch-all with a bounce message generator? If it is spam, the message is sent to /null and a bounce is generated back to the sender. Something more inteligent gets sent for human review.

If that is impractical, what about this for a method to kill dictionary attacks: Check for matching message portions. Couldn't you just check if the xth through nth characters of body are the same (where x is a few lines in, to prevent DEAR {NAME-MAILMERGE} from spoiling a match), then the mail is a repeat, send to /null and bounced back. Seeing as most spam is sent to a single e-mail, not multiple TO addresses, this would keep human-sent messages safe, but pick on spam mostly.

Then again, these could be the ramblings of a madman with little programming experience. YMMV.

My problem is the bounces from being joe jobbed

[Mustang+Matt]

I don't get so much generic spam to @mydomain.com but I do get tons of bounces from spam that's sent out with a spoofed from @mydomain.com

Spam Prevension Measures

[gpmac]

I've run mail servers for years and have, at times, thought the war on spam was a lost cause. I have taken these steps to reduce the spam. I do not use globals, or global email addresses of *@domain.com. They catch a lot of spam and then a lot of other stuff that you just don't need.

I also run and maintain a blacklist, sometimes incorrectly referred to as an RBL. RBL was the name of one such list, not all of them. With a simple web interface and a MySQL database behind it, our blacklist is kept up to date by the most ardent of our spam haters. They dilligently add the new IP addresses for any spam they receive. We went form blocking 10 to 20 emails a day from the blacklist to blocking 1000's in a matter of days.

In addition to our blacklist, our mail server runs on several other blacklists, such as spamcop and spamhaus lists. Beyond that, we also use a mail filtering program called spamassassin. This is just one of several out there available.

But, I'm getting away from the question. I have had bad experiences with global email addresses and can not, in good faith, recommend them. The best solution is to maintain your own mail server and configure it to fight the war on spam as best as you can. Running with an ISP solution limits what you can do. Setting up a global email address just sets you up for more spam. Putting an email address on a webpage just sets you up for more. If you have to publish an email address, make a second one and filter it in your email client, realizing that you will get bombarded with spam on it.

gpmac

Dictionary spams

[Chupa]

I manage email for a domain that was recently "dictionaried" by someone who sent *15,000* emails, each with a different username, all to the same domain. My mail system was bogged down for a while trying to deliver the bounces, all of course to non-existant return addresses, which then bounced...and so on.

I now have a catch-all setup on that domain, only it points to /dev/null.

Absolutely not

[macdaddy]

If you ever plan on using that domain for any legitimate purposes then do not EVER give it a catchall address. A catchall address blatently invites spam. Rumplestilskin and dictionary attacks will find an infinite amount of valid email addresses in your domain and your influx of spam will grow exponentially. At some point your provider will proclaim "Enough!" and either tell you to take your business elsewhere or will start charging your by how much email you send and receive. Don't doubt this. It will happen. If you provider had any sense whatsoever they wouldn't give you the option of having a wildcard recipient.

There is but one valid reason for ever having a catch-all address. That reason is if you actually, honestly, truely WANT spam. "Who wants spam?"/I you say? I do. I have a handful of domains that have no other purpose in life but to collect spam. I've seeded addresses from those domains into dozens of spammers' "remove" forms. I built a list of 525,000 proper pronouns and used that to compile a list of userid@spamme-domains.tld addresses to seed those remove forms with. The end result is hundreds of thousands pieces of spam per day flowing into those domains. I archive much of it and automatically report the rest to the FTC as spam. Oh happy day. That's the only valid reason for ever using a catchall address that's publicly exposed to the Internet.

Re:Absolutely not

[Joe+U]

I run a few dozen domains. One of them is actually on it's way out, so no valid email addresses anymore, it only had about 5 to begin with anyway.

I started using the catchall as a spam trainer about 3 months ago, the results have been great!

Not only are my spam filters trained, but I have a ban list of IP addresses that filter down to our other domains. (5 spams from same server in an hour, tarpit for an hour or two, 5 more, full ban for a day).

My only worry is that I might overload the spam filtering system, it's collecting a ton of data.

Re:Absolutely not

[macdaddy]

I hear you. I got tons of spam on my spamtrap domains. I had the domains hosted out of my house. I had to shutdown DNS and mail service on my server to play games. Shutting down mail service was the big one. As long as I was sending TCP RSTs to tcp/25 connection requests I had enough bandwidth to play games. Otherwise my DSL line ran at about 75% utilization all the time. Shutting down DNS didn't stop the UDP request packets but it did keep more spammers from resolving the IP of my mail server on those domains for a short time. Handy.

I wasn't using Bayes at the time. It was pretty immature and the implementations that were available didn't work too well. It's infinitely better now though. I had a procmail recipe that auto-munged and posted copies to NANAS. It also forwarded a copy to the FTC. Finally it submitted the spam to Pyzor and Razor. That recipe worked great until I was joe-jobbed. I never did get manage to get that recipe to filter out those bounces before performing the various actions. I was getting too much spam per day to confirm each and every message. When I moved and changed the DNS entries to point to localhost I was getting just over 120,00 pieces a day. I couldn't archive it. I had to trash it. I need to get it started again now that I have a permanently co-lo'd server. capable of handling anything I'll ever throw at it.

If you aren't already doing it, I highly recommend you implement greylisting. I'm implementing it soon. I hear it's wonderful. Canit has built in greylisting capabilities. Best of luck.

Re:Absolutely not

If you can be bullied (Enough?) like this by your ISP, don't know what to say - you be weak - I make loads of $ off suckas like you.

fuji

One word: greylisting

[hedronist]

Checkout Greylisting.

I run a friends-and-family hosting site (DNS, mail, web) for about 50 domains, almost all of which have catchall enabled. One user was getting 500+ spams a day, day in and day out. I was seeing 200-300 per day myself.

Four weeks ago I built the latest sendmail with Milter turned on and installed relaydelay.pl. The next day that user received two (2) emails, both of which were from friends. I got 7 emails, only one of which was spam.

Greylisting is the single most powerful anti-spam system out there. It blocks over 95+% of the spam and it doesn't "false positive" because it isn't doing pattern matches, Bayesian filtering or anything like that. It simply gives a TEMPFAIL to any email that has an unknown (from, to, server-IP) triple. If they come back more than X minutes later and less than Y minutes later, they are let through. Spammers almost always are using fire-and-forget SMTP servers so they don't retry, and so you never see their garbage. Positively elegant.

If you are the sysadmin, check it out and install it. Otherwise, hound your admin/ISP to install it. It saves bandwidth, aggravation, and time.

The corks just don't come out the way they used to.
-- My Wife, dealing with one of the new Corqs(tm)

Re:One word: greylisting

[MessageDrivenBean]

Thank you sooo-much for explaining things so cleary. You just blew-up up a almost-perfect anti-spam mechanism!

:-(

Re:One word: greylisting

[hedronist]

A bit of research & reflection shows that:

1. I am hardly the first person to "explain" greylisting. A far better (and therefore, I suppose, more "damaging") explanation is secretly hidden in the whitepaper at the Greylisting website,
2. ideas for how to get around it have been well known, almost since its inception,
3. there is a real difference between someone knowing that a workaround exists and having the spamming "community" actually having two neurons to rub together to implement that workaround.

If you are interested in the evolving story of greylisting, I highly recommend joining the Greylisting mailing list. I would draw your attention to a recent thread, Greylist gravy train ends in 3-6 months , wherein Regis Wilson expresses the same concern as you have. In particular, read Scott Nelson's reply , where he says:

So here it is, more than a year later, and Greylisting still blocks approximately the same percentage of spam today (85-95% reduction) as it did a year ago. After more than a year, spammers still haven't changed their behavior.

In particular, using 1-hour greylisting in conjunction with even a very conservative RBL (which could easily be updated as new spam-tsunamis happen) is almost unbeatable. When combined with other tools (SPF, SpamAssassin, Bayesian filters, etc.) it is possible to contemplate the joys of an all-ham/no-spam inbox.

"You are caught in a maze of twisty little Sendmail rules, all obscure."
-- "Sendmail: Theory and Practice", Avolio and Vixie

Use qmail dash-extensions and subdomains

There are a few ways to deal with the issue of spam if you've got your own domain. It sounds like you are at the mercy of whatever software is installed by your isp rather than running your own email server, and that's unfortunate because you could do more if you ran your own email server and dns.

I use qmail and djbdns for my email and dns. One nice feature of qmail is the dash-extension feature that allows you to setup email addresses of the form username-extension@domain.com. You can then give a unique email address to each company, organization, mailing list, etc. that you have to give an email address to. So, for example, when you order something for Amazon, give them the email address username-amazon@domain.com. The benefit is that if you start recieving spam at that address you know who sold the address.

Another tactic that's useful if you have the ability to easily create subdomains is to setup alias subdomains for your email. For example, username@subdomain.domain.com. The idea is to create subdomain names that reflect the fact that they expire at a regular interval. So if you gets lots of spam and need to expire the subdomain every month, call the subdomains jan04, feb04, mar04, etc. Use this tactic for mailing lists, usenet, and anyplace that you know can be easily harvested for email addresses. Once you expire the old subdomain the spammers can't even find your email server.

Re:No big problems here - not correct for me

[Oliver+Defacszio]

That's what you get for buying asdf.com.

Tremendous mistake

[Big+G]

Not only do you get spam addressed to random accounts on that domain but all the Undeliverable Mail bounced back to spoofed addresses on that domain.

Personal Experence

[J2000_ca]

With my domain I have recieved 0 spam. 0 from the catch all. 0 from any valid email. I'm very happy with it right now lol :D.

Definitely sucks

[AssFace]

I cut my spam back from about 500 messages a day down to 150 or so a day simply by turning off the catch-all sort of thing.

I still don't have it enabled on all of my domains, but on my main ones it helped a ton.

During the time that I had the catch-all working, I never once saw a real message come through, and saw an absolute ton of spam.

The only reason worth keeping it that way is if you want to see accidental e-mails - like where someone from AOL e-mails you and clearly thinks you are someone else.
But I would say those times aren't really worth it in the end.

What?!?!?

If, as you say, virtually all spam has spoofed return addresses (And you are correct) exactly what will you accomplish by auto sending a reply to an innocent persons address?!?!?

No person and no admin in their right mind should EVER auto-send return mail to spam. You are mearley doubling the spam traffic! I get more idiotic returned mail to my mailbox because of F*cking spammers using my address to spoof with than I do spam itself!.

It's time that admins and individuals wise up and STOP replying to spam completely (Or any non-existant user name). Email traffic will drop by half on that fateful day...

Re:What?!?!?

I think the idea is that setup an auto-responder for all email, since there's no 100% way to tell if it's spam or not, you have to reply to everyone. All the legit people get a an auto-response, saying, ok, this is my REAL email, send it there instead. And all automated methods, such as spam and unfortunately amazon order stuff, etc, will get sent where no one sees it. The result is that only get legit traffic. But this method isn't really worth it, because it only takes one bonehead relative to send you an e-greeting card, and the spam starts rolling in.

Good use for catch-all

[RomulusNR]

The best benefit of using a catch-all account:

Whenever I sign up to a web site, or give my email address away to a company or mailing list, I almost always give an address of the form:

[name-of-company]@mydomain.com

For example, slashdot-at-keithtyler.com.

Then, if that email address turns out to be sold or used for spam purposes, I can block that source very reliably just by filtering out that particular inbound address.

I also have a semi-robust procmail recipe that adds the first part of the email address to the subject, for easy detection:

# ID all incoming messages by username

:0f
* ^To:.*keithtyler.com
{
TO=`formail -xTo:| sed
's/ <*\([a-z0-9\_\-\.]*\)@keithtyler.com.*/\1/i'`
:0f
| sed "s/^Subject: /Subject: ->$TO<- /"
}

Re: I wouldn't bother either

[NanoGator]

"Perhaps I don't know what I'm talking about "

Being a little hard on yourself, that really isn't a bad idea. It does require a bit much from people trying to reach me, though. But.. if it ever got that bad, I'd seriously be considering it.

What I do today is encourage people to use ICQ instead of email. I get 0 spam on ICQ because it has a strict white list on it. The additional benefit is that it encourages people to keep it brief. I don't have everybody on board with that, but it has single handedly made me not so email dependent.

Depends on how good your filter is...

[bobv-pillars-net]

I'm currently catch-all for ten domains. Recently my spam load has increased exponentially. It went from 400/day to 4000/day in the last six months, and I wouldn't be surprised if it doubles in another week or two.

In short, if you don't have a very effective spam filter, don't do it.

Re:CATCHALLS equals a BOMB = Harmless until explod

[John3]

I agree that a catchall can cause problems down the road as you've described, but in this case the mail server (and bandwidth) are being maintained by someone else. Not to be cruel, but if the system admins allow catchall mailboxes to be hosted on their servers then they deserve all the traffic they get.

Of course if the user is pulling all the email down via POP3 then the bandwidth issue will hit home, and hit the hosting company twice.

I like my catch-all

[bschak]

I love having a catch-all email account, and not much spam gets through my filter. My friends know I have a catch-all and often email me at frivolous email addresses like iwantmysweaterback@mydomain.com or cyndilauper@mydomain.com. I also like the ability to track which companies give away my email address by supplying each company with an address like spambites_idMicrosoft@mydomain.com. I also can sign my emails a variety of different ways (ben@, schak@, bs@, or b@mydomain.com).

Ive been doing this for years

[wazerface]

Having a catch-all account forward to my main account on my domain has worked for years. Everytime i sign up for something online i give them a new email address made up on the fly (for example slashdot@wazer.net). Then when I get mass spamming sent to slashdot@wazer.net I know who broke their privacy agreement ;-) Then you can simply block your OWN address that you gave away, and you have effectively stopped that whole stem of spam, regardless of the many people who send it! :-)

What I found.

[mindstrm]

Get yourself some kind of protection from dictionary spammers, or you'll find your catch all one morning with 200,000 messages and counting by the second.

Also, while it's nice to be able to hand out any email address you want to sites, to see where spam comes from, the moment you get lazy... you end up with spam and you can't recall where you first handed out the address.

Make sure you have a blacklist feature on hand to quickly add addresses that end up spamming.

3000 spams/day with catchall, 100 spams without

[Krellan]

I get 3000 spams/day with my catchall address (krellan.com)!

I will soon be putting in a whitelist of allowed usernames, and bouncing everything else, in hopes of reducing this ridiculously high spamcount.

I get only 100 spams/day correctly addressed to my real addresses that I use on that domain.

This is still too high, but a combination of SpamAssassin on the server and Bayesian filtering on the client (Mozilla Thunderbird) help reduce the number of spams I actually see to almost none! (For safety and in case of false positives, all emails are still archived.)

Catchall prevents bounce spam

[symbolset]

If you're not bouncing mail that landed in the catchall address, you are not being used as a "bounce relay" for that mail.
OTOH, if you reject that mail to the (forged by virus) sender, there is a chance the non-sender will open it and become infected with the virus.
Using a catchall makes it harder for real senders to find out why their mail to you is falling in a black hole, but it's still the responsible thing to do.

Re:Catchall prevents bounce spam

[Vellmont]

If you're not bouncing mail that landed in the catchall address, you are not being used as a "bounce relay" for that mail.

Your SMTP server should never bounce anything it doesn't accept in the first place. You shouldn't be accepting mail for addresses you can't deliver to. If you have an intermediary SMTP server it's a different story of course.

OTOH, if you reject that mail to the (forged by virus) sender, there is a chance the non-sender will open it and become infected with the virus.

True, but as I said in another post I doubt the virus would bother to bounce the message.

How much can you take?

[toxic666]

The mail system I manage gets 30 GB per month of non-valid e-mail address spam. They originally had it set up on Exchange, but that server puts non-deliverables into a Bad Mail directory. Puts a quick hurting on a server. Now that I set up postfix on a secure mail relay, the number of non-valid address messages is no longer a problem.

My advice -- don't do it. But, it's your domain and if it gets targeted, have fun trying to manage that mail box, let alone deal with your hosting company.

You can make custom addresses in Gmail too

[Laser+Dan]

Many people have been saying how they make custom addresses when they sign up for things so they know who spams them and can filter it.

You can do this in Gmail by adding a + to the address, eg someone@gmail.com can also use someone+list@gmail.com, someone+spamme@gmail.com etc. Then you can filter the messages based on the address it was sent too.

I am surprised they dont tell you about this, it is pretty useful!

MOD PARENT UP

mod parent up

I use catch-all

[Beaker1]

for the domains I own, but the ISP I use has postini setup and available. It's nice to be able to give each "registration required" web site a unique email address to see who is betraying their privacy statement. On the other hand my postini quarantined list grows by about 1000 per day making it almost impossible to search through it for real emails. :(

I use catch-all on three domains

[tisme]

I do it mainly to see what websites are spamming me. For example, when I subscribe to the NYTimes, I would subscribe using nytimes071704@mydomain.com and could then see what advertising and spam comes from that signup. (If I get tired of mails to an address, I will make a rule so that all mail to that address goes straight to my trash).

My domains are not popular so I rarely get spam to emails that I never signed up anything for. Occasionally I will get an email to webmaster@mydomain or info@mydomain, but nothing more than a dozen a week. I say use it until you get too much spam, and then you can drop it while activating the emails that you still want to keep.

sneakemail

[jtdennis]

I use sneakemail to have unique addresses with a label for where I used it. All the addresses point to my main one so it's easy to tell when someone sells an address. then I just kill that address and no more spam.

Brazil

[RWarrior(fobw)]

I've resorted to using a username-based catch-all. lists-*@mydomain.tld is used for all the "make up on the fly" stuff, and the addresses I had out that turn into spam get dropped into the bit bucket on my hosting service's server.

I had the full catch-all enabled for a while and it worked fine, until some spammer in Brasil started sending me hundreds of thousands of spams a week. It got so bad when I was processing with SpamAssassin on the hosting service's server that spamd dumped core and the provider closed my account for a time; and processing using spamd locally got to be too big a processor drain at home, too. So now anything that doesn't come to knownusername-*@mydomain.tld gets sent directly to /dev/null.

That doesn't eliminate every spam, but it's cut the volume of garbage that I actually have to download and process here at the house way, way down to just a few hundred a week.

Any other way and I'm simply overrun.

no spam catch all

[vonkas]

It works as long as you have some flexibility with configuring. I can manage my domain on-line and have done this: first I specified a forward address for ALL received email. Then I created 5 rules for specific email names to forward to a second real address. The latter I check continuously. The first one occaisionally - just to make sure it catches nothing important. I get 100odd mails on the first address daily and at this stage only non-spam at the second. In case one of the good addresses starts getting spammed, I would simply eliminate it from the forwarding rules and replace it with a new one. Another trick that I have recently implemented is to have the spam-forward address configured to auto-reply with a suggestion to look at a webpage which displays a jpeg (!!!) of a valid address - to enable a human email poster to pick up a working address - this is a 'redundant' address (mail123@domain.com) just in case the robots get clever!

Re:So close.... and yet so far

[Sancho]

Doesn't the RFC say that any message which is not delivered should bounce?

I gave up

[sribe]

My personal experience: I had a catchall account for years. I finally dropped it because it, over time, became a significant contributor to my spam load.

Re: benefit is that ... people ...keep it brief

[shubert1966]

Thanks ~ I'll let you know if I cross the chasm and make the big bread, loaf.

I used ICQ in '98 or '99 but it never took off for me. I like the idea of the whitelist and diskspace being maintained by the vendor and Not On My Machine. I saw IRC and ICQ as the same as Yahoo! Chat with the added dimension that messages could goto PDA, cellphone and kiosk - more of a salesman or CEO method of communication. I've blown through so many email accounts i can't think up anymore nics, let alone passwords.

As for Yahoo! they're using their bandwidth and diskspace to give me more tasks to perform(Bulk email) so that I have to view more advertisers. All this bandwidth and money changes hands over nothing - wild west indeed. Just a medicine show. It's a microcosm of the vicious circle we see when middleware and bloatware push us to purchase newer PCs.

Before Time, I remember the local BBS guy used to only relay email on Saturday mornings around 2:30am because the next node on FidoNet was long distance AND 200k of weekly email was a major resource event! But we survived and we liked it that way. So was born: "Less is more."

Another addres

[dacarr]

I just use bogususer@chez-vrolet.net and let my MTA tell them that I don't exist on usenet. =^_^=

Was great, not usable for me any more.

[ratajik]

I've been using a catch-all for years now, and used to love it. Whenever I'd give a e-mail out, it would be company@xxdomainxx.com (so, like, slashdot@xxdomainxx.com) This would let me track companies that sell the e-mail (so I could grip at them - not that it does much good) and turn the e-mail "off".

The problem is, the last year or so, I've been getting randomname@xxdomainxx.com (like john, ralph, fred, at al). Four months ago I was getting 1500 spam to random names. Today I'm hitting about 4900. My spam filter works fairly well, but if it misses even %10, that's a a LOT of spam to deal with - and it usally gets 20-30%.

So, I've essentially turned off the catch-all (still getting it for a while, as I have to change the hundreds of e-mails I've sent out over the years), but the catch-all doesn't go to my main e-mail, it goes to alt on - that ends up in a folder that I go into every now and then (that folder currently has 62k messages - about 99% of them will probably be spam).

-Greg

please don't send a response....

[LuxFX]

First, I just want to respond to some of the earlier comments that recommend not using a catch-all and instead bouncing back a reply when emails are sent to the wrong address. This is a bad idea. Don't contribute to the quantity of unwanted emails clogging up everyone's bandwidth.

I guarantee that, regardless of the amount of spam involved, you will receive more spam in your catch-all email address than genuine-yet-misdirected emails. And since spam is frequently sent with some unrelated poor individual's email address tacked on in the 'from' and 'reply-to' headers, you're just generating more unwanted email for these folks. If somebody really needs to get ahold of you, and they don't hear a response to their email, they'll either try to send it again or try to contact you via different means. Either ::blackhole:: the email, or actually collect it through a catch all address. Don't send a response.

Now, in my own experience --
I run a handful of domains. I operate my business through email, so it's doubly important for me to archive all communication. I do throw all email received from my catch-all address directly into the trash (and some of my catch-all addresses get several hundred pieces of spam every day). But I only throw out my spam once a month or two. So if a client later contacts me, asking if I received his email, I can at least search for it and retrieve it. I know it might seem pointless if I can just get the information from them again, but my clients for some reason like it better when I can find an email they've sent than to discover that it was lost along the way.

It's also worth noting that people are understanding about spam -- I've never had a client get upset about their email being thrown out accidentally.

My Experience

[Evro]

I registered my domain around 1998-1999 and I used the "catchall" system for a long time. When I maintained my own email server, I would blackhole specific "TO" addresses, e.g. back in the day I had "Slashdot@...." as my email address, shown publicly here on Slashdot. I started getting truckloads of spam to that address, so I configured the server to deny any mail to slashdot@... (with a handy "Die in hell Spammer" message). (Spam is still sent to that address even though I haven't listed it anywhere in close to 5 years, and it hasn't worked in as long).

However I ended up having to stop running my own server, and got shared hosting, which has the "catchall" option for email addresses, but doesn't allow the blackholing of specific addresses. So I received the occasional spam, but it was pretty easy to deal with. But one day like 3 months ago I started getting buckets and buckets of spam sent by spammers who were sending emails to abc@... def@... bob@... sue@... etc. 200 a day was not uncommon. So I ended up canceling the "catchall" address and adding specific aliases for addresses I wanted to keep.

Basically the catchall is super handy, and I would love to be able to use it, but you will be opening yourself up to tons of spam. If I'm ever in the position to setup my own mail server again I will definitely do it.

Here's what I use it for

[airjrdn]

When I purchase something, I use @mydomain.com. This let's me track if they begin sending me spam or selling my address to someone who does.

For instance, let's say I buy something at Office Depot online. For my email address I enter officedepot@mydomain.com. If I start getting spam at that address, I know it's from them and can act accordingly.

I even had one company phone me thinking I'd screwed up entering my email address. Once I explained "why" I did that, they thought it was a really good idea.

I can't take credit for it though, I got the idea from my internet hosting company www.3-95.com.

Thank for all the advice!

[wildzeke]

Just to fill in some details. This is a personal domain, and I am getting my email hosting from godaddy. I have decided to turn on the catchall feature. I created an email account called "catchall" and set it to catch all (Wasn't that clever). Within the catchall email settings, I put the Spam options up high. I did not consider using the catchall for instant email creation for purchasing, registration, etc. To comply with the standard Internet rules, I created a seperate postmaster and abuse email addresses. I'll go with this configuration for a while and see how the Spam flows.

Thanks,
Wildzeke

useful for tracking spam

[clambake]

if you fill in an online for as CompanyName.com@domain.com, you can watch and see fi they sell your email address.

Use a prefix

[forrest]

I have my exim configured to redirect any address that starts with fc_ to me, but ditch the rest.

That way I can make up addresses at my leisure, but don't have to let through all the crap to random addresses (which I was getting tons of, to the weirdest names!)

Catch-all was giving me lots of spam

[fd]

I got fed up near the beginning of this month when I realized I'd downloaded 3900 spams in just 7 days. I was using catch-all rather than just setup the addresses that I actually use. I turned off the catch-all and my spam decreased. Catch-all is convenient and it's a shame that spamming doesn't allow me to use it.

we did this for clients too...

works for most however some business clients found that some former employee emails did not get any usable email - one former employee had nothing but spam and porn emails so in this case we jsut created email box called "dumpbox" and forwarded all mail for former and now more than annoying email addresses to it which were then routinely erased on the server. Worked well in the few instances where it was needed.

yes, better would be spam filter but if one or two addresses get nothing but porn and other unwanted emails why waste the resources processing the crap.

I am totally fed up!

[kaoshin]

Spam is much less of an issue now for me. Unlike email, I can't filter my snail mail box. I am often required to recieve things through snail mail, so there isn't much of a choice. I am completely fed up with:

not being able to find my important letters because they are stuffed between pages of coupons and advertisements.

Wasting my time sorting through it all.

Spending even more money on trashbags to contain it all.

Worrying about getting package bombs, toxic chemicals, etc.

Getting very offensive messages from advertisers.

About the last one, I got a snail message that was addressed to my deceased grandfather. I politely sent a message back to them and wrote on it *hisname* died. Rather than stop sending me mail, they now send me mail that says "*hisname* died" as the addressee. It is in the least, very disheartening to be reminded of my grandfathers death every time I read the mail.

One day I'm going to run a dang gas line right into my freakin mailbox and set it to fire up like a torch at night. I'll put it on a swivel mount so every once in a while I can just tilt it over and dump all the junk mail ashes into the street.

Most catchall mail is to 100 or so addresses

[phr2]

Yeah, I get tons of mail to my catchall, but it's mostly Rumpelstiltskin attacks to a few hundred distinct names. 90% of it is to 150 or so names. 97% of it is to 320 names. I just blacklist the top couple hundred names and that gets rid of almost all of the spam.

Here are my top 100 in order of decreasing frequency, for what it's worth (these are all generic, I've removed a few specific to my domain). Together these account for about 75% of all my spam:

hanson greene gregory dean vargas hawkins graham elliott hardy graves ferguson hart harper guzman fletcher hale dunn haynes hammond day howell hamilton gordon douglas dixon vaughn garrett flowers duncan gilbert barnett walters fleming warren wade horton adkins watts sutton knight austin wallace barker banks armstrong andrews carroll watkins pearson johnston jennings cobb carpenter terry jensen peters palmer kelley stone silva santiago rhodes morales jimenez craig bradley soto malone hunt chambers burns sullivan kennedy hudson black sims pena olson may bush shaw ramos mills castro burke bishop snyder shelton powers reyes ray perkins schultz moody meyer page lucas miles mcdaniel

It's harmless

[Julian+Morrison]

All people on my ISP get catch-all email to a "personal domain". It seems pretty harmless to me. Most spam is correctly adressed. I assume that's because random probes are inefficient next to address spidering.

Regardless, my Bayesian filter munches up 99.9% of it anyhow. Spam is basically a solved problem for me.

Take it from _Work_ Experience

[theirpuppet]

I work at a hosting company. Thousands of servers. Even more clients. The dumb ones all setup catchalls. The really dumb ones setup catchalls and vacation messages.

Catchall's are not worth the SPAM. Think about it, don't your customers and friends know how to contact you? If not, then you better do a better marketing job. A catchall is only good for SPAM, or when the system sucks too much and it just can't handle an email alias or 50.

I gave up, sorta

[mikeswi]

I had a catchall going for spywareinfo.com so that I could make up an email address on the spot. netflix@, paypal@, pcpitstop@, etc.

Earlier this year, several different spammers and viruses started dictionary attacking the domain. After three months of 3,000+ spam and viruses a day, I finally gave up. I turned off the catch all, bought a new domain which is parked (no content and no one's ever heard of it) and turned on the catchall there. I have a dozen or so dedicated web servers, so I just pointed mail.newdomain.com to one of them. The accounts that I actively used at @spywareinfo.com now forward to the new domain and everything else goes to /dev/null.

I have three addresses@spywareinfo.com that I can't turn off and an amazing amount of spam still comes to them, but not one spam has ever hit the new domain and I don't expect any to do so. I've started chaining Thunderbird to K9, both of which have bayesian filtering, and together they catch damned near every spam that comes through on the old addresses.

Block sales@example.com

[dpete4552]

I have my email set to catchall and it doesn't seem to be much of a problem. However, I did seem to get a lot of spam set to sales@[my domain].com and webmaster@[my domain].com. So if you do have it set as a catchall I would suggest fowarding mail that is sent to webmaster@ or sales@ to me@privacy.net.

Procmail and formail?

[RottenMind]

Just discard duplicate messages and it will be like having one account.

distributed dictionary attacks

[EDinNY]

I am looking for a solution.
Has anyone else seen this?

I vote no on a mail account that gets all email sent to the domain. I host a bunch of domains. When I started in '96, this was not a problem. Unfortunately, times have changed!

About a month ago three of the domains I host started getting LOTS of email. examination of the email showed that I was getting over 50K messages addressed to random names.

50K messages is a lot for me. A year ago I received 25K/week, and 60% were marked as spam by spamassassin.

Back to this year...Since no more than 25 of the current spam comes from the same host, they are impossible to block. That means somthing like more than 2000 comprimised machines sending spam!

I use Qmail...great software, but unfortunately it accepts the email before verifying that it can be delivered...then generates a bounce message. 25K bounce messages in the queue ties up a machine! At the moment, for those domains, I put all the email to bad accounts into the bit bucket. I will fix this next week.

Spam is expensive. I offer email free because it did not used to cost anything, but times have changed. We are talking somthing like 500MB/day...thats 15 gigs a month! Bandwidth cost money.

Filtering for virii and spam cost resources. 18 months ago 80 domains ran fine on a 200MHZ machine with 128MB ram. This month I replace that machine for the second time with a 2.5Ghz machine and 1 Gig of ram.

Unfortunately what is needed is for the ISP at one or more of these spam hosts to snif the traffic to the machine so we can find the source...this is not likely to happen!

These three domains have only 2 or 3 valid users each!

Any suggestions?

MOD UP1

Mod up the parent comment, and shove a broomstick up my ass also

What the fuck?

[autopr0n]

I just have to ask... why the hell did this get posted?

Try it, and if you get too much spam, disable it. Jesus.

Spamgourmet

[hrath]

An alternative solution is the excellent SpamGourmet (http://www.spamgourmet.com) which specializes in moving email to /dev/null. You sign up for a free account and then each time you have to hand out an email address you give something like this: ..@spamgourmet.com

SpamGourmet will forward incoming emails on this address to your real address, decreasing the count by 1. Once it reaches 0 all future emails to this address will be dropped.

Highly recommended (and did I say it's free?).

Heiko

Re:Spamgourmet

[hrath]

Ok, let me retry:

(uniqueword).(count).(username)@spamgourmet.com

So here's the thing...

[nmb3000]

I run an Exchange mailserver for a very old domain, and have been debating the best way to handle the junk mail we get for several days.

A catch-all is out of the question due to the insane number of messages sent to random recipients @mydomain.com. I've also turned off delivery reports for incoming mail, as well as disabled receiving mail for anybody who's not in Active Directory. This, in conjunction with our spam filter seems to work fairly well, but we still get hit by a ton of spam each day.

What are some good practices for a domain like this? Any other Exchange admins have ideas about how to handle this? I'm trying to walk the fine line between being user-friendly so idiots can still send us mail, but also keep my users from receiving over 1000 spam messages each day. I'm also trying to avoid violating RFC, but it almost seems that things have changed enough since it was written that either it or the email standard itself needs to be modified as has been suggested by a number of big players in the field.

Ideas?

catchalls are dead

[wonderdog]

One of the domains we process mail for gets > 100k bogus RCPTs a day. At the peak of this 6 month old dictionary attack, it reached 1.5M per day. Thunderbird is good, but that may take a while to download and process.

This is exactly why services like MailSift.com and Postini.com exist.

My catch-all spam control method

[LinuxWhore]

I own the domain of my last name, for example jones.com. Most spammers guess that a catchall will be placed upon that root domain. However, I create an MX record for my full name, john.jones.com, and then do a catchall of (at)john.jones.com pointing to my account. Spammers seem less aware (zero guesses so far) of MX domains. Then, wherever I have to give out my email address for a registration, I give a "unique" address used just for that site, such as slashdot(at)john.jones.com. This way, if any one address becomes abused, I just put a nouser entry in virtusertable for that address.

I just hope this doesn't catch on too well ;-P . That would really reduce the effectiveness of this method as spammers would catch on. In which case, unique addresses would have to be explicit (many aliases) as opposed to implicit (via catchall). Slightly more time consuming.

Want 8,000 copies of the next worm?

[WoodstockJeff]

There are several worms out there that target random addresses in domains. One of my client's domains is under attack right now - over the past week, several hundred infected systems have tried to contact several THOUSAND different email addresses within this domain, which has 10 total VALID addresses. A catch-all address would simply put all of those copies into a mailbox somewhere...

If you have users that actually read email bounces

[perlchild]

I want to hear about it...
My biggest complain is that users who get ANY smtp error either ignore them, or assume the domain is down(i.e. server-type error) when the most common errors in my setup are user-type errors(user sent a virus and got a bounce, user mispelt an email address, user sent mail to someone over quota...).

I wonder how much can be blamed on email clients meant to curry favor with users who don't want to bother with fine distinctions(some email clients who assume users CAN learn how to use computers, unfortunately they are the minority) and how much is compatibility with legacy/non-smtp email systems, and those people coming from custom setups(aol/compuserve) that would be an interesting research for someone who's bored I'm sure.

Trick.

[rew]

I add a couple of extra spamassassin points to Emails that are not addressed to one of my published addresses.

depends on the spammers.

[ninjaz]

I run a mail server which hosts several domains. My personal domain gets almost no spam, because I haven't used any addresses there in public.

However, there is another domain which has had banner ads for its services. After getting a particularly bad spam attack (around 30k/day to random addresses @ that domain from the same spammer), I spoke with the owner about killing wildcard handling and instead only handling the ones being used.

Btw, three months later, that spammer is *still* being hosted by CW/Savvis. http://www.sheckmedia.com/ is the site of the spam domain owner, but the spamming subnnets, 64.70.43.0/24 and 216.39.64.0/24 are different than the website. Anyway, talk about bulletproof hosting...

After setting up individual boxes for that domain, I decided to direct the rest into a file just to see what kind of crap comes through. For the month of June, there were over 107000 emails. For the month of July there have been 41969 so far. The July numbers are probably a bit lower because I recently added njabl.org blocking (w/o dialup blacklisting) with rbldns. During both months, spamhaus.org's lists and spamcop.net's lists were in use.

So, it's not really a matter of whether or not you handle wildcard addresses, but whether the spammers to decide to use dictionary attacks on your domain.

Mail Hosts

[dj_cel]

I've used a webhost called Dreamhost.com for a few websites, due to the problem with processing mail for catch all boxes, they stopped automatically setting up accounts with them. I believe that on their server the mail is just bouced if the recipient is not an available account.

HELL NO!

[tgrigsby]

Hell no! Don't do it! I recently wrote to my ISP when the spam email I got jumped from 900 per day to 5000 per day! It was WAY out of control.

What happened was some a**h*** spammer decided to apply a list of the most common user names to my domain. It took over an hour, over broadband, to munch through all those damn spams. And then the jack*ss sold that list to some other spammers.

Oh, man was I steamed.

So now I have a set up where I can specify the valid email boxes myself by putting a zero-length file in my top directory. Anything else gets zapped before it hits my email account by the ISP email server. And that's great, because having full control and flexibility over your email is what you're really trying for when you get a catch-all, but in today's world the spammers just make it impossible to enjoy that flexibility.

gMail is your friend

[shimen]

use a free service like gMail untill they all get spammed then moveto another free uncomon service like...chabad.info....

Re:So close.... and yet so far

[(negative+video)]

Argh. They're talking about SMTP replies, such as 550 Requested action not taken: mailbox unavailable. Those failure codes can have a message that is shown to the sender in the process of trying to send. The rejecting mail server does not generate an email of any kind.

Use a mail sorter program

[Dr.+Zowie]

I hacked one together -- it sorts based on the original To: field in the header (which is preserved by sendmail if your provider is using simple virtual hosting). Route any unknown address to your shitpile. Maintain a list of known addresses that you have handed out.

My catchall gets over 2,000 spams a day, mostly from cretins on fishing expeditions for valid accounts.

Yes

[totallygeek]

I personally like the catch-all. It is not too bad after I run it all through spam filters and personal filters. I like it too because it thwarts the spammers' ability to know good from bad addresses. And, I can find out who is giving away my address by using different accounts, like classmates@totallygeek.com, slashdot@totallygeek.com, etc.

spam on totallygeek

[totallygeek]

additionally, nobody gets your email [address] when you post it on the web

Believe me, that domain's mail is the worst spammed mother out there. But, I have had it posted all over for so long, there is really no way now to curtail the influx of mail. I have other accounts that are far quieter and I make sure those are not really out there.

Re:No big problems here MOD PARENT UP

Here, here. Very well put.

I have that...

[EEBaum]

I have my own domain with a catchall address. Surprisingly (or not), the vast majority of my spam is sent to actual addresses that I had posted on the website, signed up for a service with, posted on usenet, etc. at one time or another.

The biggest bonus for me of a catchall is that I now use a different address for each service, usenet posting, etc. I use. For example, if I signed up an account at crazycrap.com, I would use the address Me_CrazyCrap@myhappydomain.com. That way, for the email that IS sent to a legitimate address and not BCC'ed, I know exactly which site has sold out my address (or put it in a searchable place). Also, I can then block that individual address so that even the catchall doesn't receive it.

Unfortunately, I had originally posted on usenet a bit with my "main" address, and it remains riddled with spam until I decide to change it.

Devil's advocate

[SoupIsGoodFood_42]

Perhaps I should have made it clearer that I was playing the devil's advocate. I was explain why some people think that emails addresses don't have to letter-for-letter exact. I never said it was a bad system or that it should be different.

BTW. Unlike phone numbers, I think you will find that most postal systems still quite error tollerant. If I sent something Calafornea, USA, it would still probably get there.

As for getting facts straight. Ever found it hard to read someone else's writting? Encountered a typo? Missheard someone? Not sure how to spell a name you've heard? There are many reasons for not getting the right info. Has nothing to do with stupidity or laziness.

Re:Devil's advocate

[quintesse]

But like he explained as well, mistyping "Calafornea, USA" is not the same as mistyping "John Smyth" because there aren't 20.000 US states with sometimes highly similar names. I think that an "intelligent" system that in 2% of the cases sends mistyped messages to the wrong person is even worse than a dumb system that bounces your messages when you mistype the address.

BTW: I understand that you're trying to make a point about how people could think this, but in the same way it should be very easy to explain to people that e-mail addresses MUST be spelled 100% correctly to work.

Re:Devil's advocate

Playing Devil's Advocate is one thing when dealing with email - as you've stated.

It's an entirely different thing when writing standard English prose. Looking back through your posts it would appear your spelling is horrible and your prose is roughly the level of a grade schooler.

Re:Devil's advocate

[SoupIsGoodFood_42]

You know you've won an argument when the other person has to resort to spelling and grammar errors. Some people would call that immature; like a grade schooler.

Catching the rebound

[AndyCanfield]

We have a catchall e-mail address. We started receiving messages saying an outgoing e-mail was bounced. The surprise was that the originating user account did not exist! Apparently somebody was using our server to send out e-mail, maybe spam, from a fake account. A catch-all address can be useful in surprising ways.

Re:Catching the rebound

[pe1chl]

'Useful' depending on how you define that.
You may consider it 'useful to know', but as there is usually no way to stop that abuse, you are going to have to live with a lot of bounce messages that cost you work and traffic. Not very useful, imho.

Re:Catching the rebound

[a24061]

Not necessarily using your server---just using From and Return-Path headers with the nonexistent address in your domain.

Re:Catching the rebound

[AndyCanfield]

For sure using our server. Having been alerted by the bounced messages coming to the catchall account, we checked the SMTP logs and, sure enough, SMTP was sending messages from that non-existant user. I don't know enough about servers to know how it was done. Maybe the smtp user list was hacked, maybe there was a weakness in a cgi script. Security knows about it.

Re:Catching the rebound

[a24061]

Oh. That's a lot worse than my hypothesis. If someone is just using false From and Return-Path headers, there's nothing you can do about it, although people who don't know how to read the other e-mail headers might think the spam is coming from your domain.

But if the spam is actually coming from your server, it could get you in SpamCop and other blacklists, so that's a serious problem.

Works for me

[dwrugh]

I bought a bunch of domains and forward the catchalls to an email I monitor; I've had them for years and haven't had any problems with randomized user names (other than the ever popular info@domain.com) but have had problems with specific user emails getting burned. If your email pops up in a google search, there's a pretty good chance a spammer has it on a disk somewhere.
If I started getting randomized user names, I'd probably alias the catchall to me@privacy.net so that legitimate users would know that their email didn't get through.

I had a job with a small ISP...

[Gordonjcp]

... where the PHB really, really wanted to have case-sensitive email accounts. He figured that would help him sell more email addresses, because if John Smith wanted an address, and john.smith@ was gone, he could sell the obviously more valuable John.Smith@ instead.

A swift application of clue, involving a clue-insertion mandrel and Citroen Special Tool FBH-14, and it was all sorted out.

Use Multiple Aliases

[DavidD_CA]

The only real advantage of a catch-all, like you said, is to catch mistyped emails which were intended for you but wouldn't normally reach you.

Your ISP should allow you to set up a number (usually unlimited) of free aliases for your email account.

So, if you are joe@domain.com, you could create a number of aliases that redirect email to your mail account, transparent to the sender:
joesmith@domain.com
jsmith@domain.com
joes@domain.com
joe.smith@domain.com
j.smith@domain.com
etc

As someone else suggested, it's also useful to sign up with websites with "personalized" emails based on their name... like signing up with NYTimes as nytimes@yourdomain.com. Then, alias that new address back to your name.. and turn it off if they start spamming you.

Include common misspellings

[rvw]

Don't use the catchall, but do create some aliases of common misspellings of your name, or common combinations for email addresses, especially those aliases which you have used before with other providers. Furthermore, if someone really does not understand what to type, you can always send them a mail first, and then ask to reply.

It will increase your spam. period.

[digital+photo]

Having done the same thing before, I can say that without a doubt, it will increase your spam.

The thing is that alot of spammers seem to literally shotgun a domain with information harvested, then use those plausible usernames as email addresses. The end result is that your primary email account will get flooded with email not originally destined for it.

If you do intend to do this, I would suggest the following:

• Turn off java/javascript/vb/vbscript
• Turn off auto-download of remote links
• Turn off image preview
• Turn off return-receipt

Having these on when you check and go through your mail will cause an increase of spam above what you are getting.

Best bet, have the domain name. Use one address, then close it and switch to another, within the domain. Have the original address just junk any future mails it gets once you are sure people have moved to your new address.

Seriously, it's just not a good idea.

Catch-all is a bad idea...

[sudog]

In fact, here's a helpful article I wrote describing how to eliminate six nines of all your incoming spam permanently, in a way that is impossible for spammers to circumvent without reading your mind and hacking every person you ever sent email to.

Spam Free At Last

Absolutely a good idea

I setup a catch-all account and use this ability all the time. For example I'll use slashdot.org@mydomain.com or site_i_know_will_spam_me.com@mydomain.com.

If you have any problems just block email sent to that addy.

Make sure you send your mail as outgoing@mydomain.com otherwise any mailing lists you write to will probably get your REAL email address out on the web and that's just bad news.

no time to log-in

Do not make a catch-all. You will regret it. After someone used my domain as a spoof reply-to in several SPAMs, I started getting SPAM to all those addresses. When it got to the point of downloading 2,000+ a day (takes days to download on dial-up) I was ready to pull my hair out and start changing email addresses on all my accounts I have everywhere. Then, with no help from my webhost I managed to get those mails directed to another non-existant account.

Catch-all is usable if you block some usernames

[Vadim+Makarov]

I control several domain names.

In my experience, you need to block sales@, info@ and webmaster@. After that, most of the email (and spam) will be coming to the single @ wich you are actually using. There will be occasional bounces to random usernames (from spam spoofing from: addresses), but not very many in my experience.

By the way there is no spam to unpublished postmaster@ addresses, probably because this is not an address spammers want to irritate :)

Some other users have complained that they got under a dictionary attack like you describe. But not me.

I dont see the big deal...

[KI4BBO.org]

I mean look at it this way, if the spammer sends email to Josh@mydomain.com, or this_is_a_catch_all@mydomain.com... it doesn't really matter, if it gets to my inbox, it doesn't matter what email it was sent to! Amd its not like spammers are going to put each possible random combination email on the spam list... I mean they are not going to put 1@mydomain.com, 2@mydomain.com.. etc, by just guessing! If they have your email, you are going to get spam. I dont think it will make much different wether you have a catch-all or not. Just my opinion....

Re:I dont see the big deal...

Piss off, your babbling doesn't make sense. Just my opinion.

Terrible Idea

[Omicron]

This is a bad idea and generally not thought well of for specifically the reasons you mentioned in your "Ask Slashdot" article.

I wouldn't recommend it.

it is very useful

[alex_ware]

we have a proxy server that collects email from a pop3 server and distributes it among the users

Proper Use

[tacocat]

Keep your life simple. Use email as an IQ test. If they can't get your email address correct or you can't provide links on web pages, then there shouldn't be any email communication between you and them.

Put it into perspective: Would you like to have a dummy phone number to catch all the incorrectly dialed phone numbers in your area code and send them to your home 24 x 7? You're basically asking for the same thing only with email.

Make Catch-all but block spammers

[kc_cyrus]

If you make catch-all, make sure you block spammers in mailserver rules. It's very easy though, just put hotmail and aol on complete bounce and 75% of your spam is already gone.

Best thing to do with a catch-all...

[floorten]

Set up a catch-all account, but just have it send an auto-response - you don't actually keep the mails. They go straight into /dev/null.

The auto-responder then directs anyone who really wants to contact you to a web-page with a form on it allowing them request you contact them. Letting you choose whether or not to write back to their contact request puts you in charge, and if you suspect replying to them will put your address on a spam list, you can just delete their email!

This is how I've got my domain set-up. It's very simple to do - all you need is some PHP or Perl capabilities on your web-space. So far (six months on) my main email address still hasn't made it onto any spam lists, and I don't even have to filter it!

Hope this proves useful to someone :-)

Blackhole it.

[onelin]

I've had a (personal) domain or two for 6 years or so, which just happens to have also had some domain contacts associated with it...and man oh man the spam. At one point there was a catch-all account, but now? HELL NO.

We accidently left it on for a month once and got 6,000+ in the catch-all account. No human being is going to sift through that many emails to see if ANOTHER stupid human being sent an email to the wrong address. If it's important, they'll make sure they sent it right.

Tried it, did not work

[pvera]

Had catch-all's on both my personal domains and the domains owned by my employer. On two separate freeBSD/sendmail boxes I saw the same situation: horrible amounts of spam.

Turning off the catch-all's in my personal box was simple, after all, it is my own server and I can do whatever I want. Spam dropped like crazy.

Turning it off at the work server was different because the marketroids are paranoid about people not being able to reach them for sales issues. What I did was switch one domain per week and wait to see if anyone noticed a difference.

Nobody did.

Catch-all as spam counter-measure

[Frambooz]

I use a catch-all address *against* spam; it's been proven to be quite useful. More details in this /. thread here.

Interesting timing

[njfuzzy]

Just this week, I had to remove the catch-all on my two main domains. Something seemed to have happened to my Mail.app junk mail database after some work on my setup, and suddenly most of the spam was making it to my mailbox. A little investigation, and it became clear that it just isn't feasible to have catch-alls anymore. Most of the spam I was getting was sent to addresses that have never, ever been used before.

I used to find that also

[EnglishTim]

I used to find that I only got spam to postmaster, webmaster, admin etc...

Until one day some bastard decided to start selling an email list with every made up name he could think of @(mydomain).com.

At the time I had qgreylist running (It's a simplified version of grey listing which returns a temporary error unless it's had mail from that ip address before in the last coupld of months). This meant that I was getting a mere 300 spams per day, but without that I would have been getting considerably more.

Needless to say, I turned off the catchall, which was quite annoying, as it was useful to just enter (companyname)@(mydomain).com whenever a website asked for my address. Now If I want to do that I have to set up an alias, which is a pain.

Other ISPs and bounces

AOL and Yahoo both recently seemed to start cracking down on the massive amounts of bounced messages they've been getting, because of forged return addresses pointing there from dictionary-attack spam. They've been (temporarily, but still) blackholing any mail servers that send them spam - even bounced spam from invalid addresses, bouncing to forged addresses within their domain.

A catch-all account (even if you don't read it) might stave the ire of the 'big boys'.

Everyday Users

[niolonra]

While all of that server stuff sounds interesting.... Set up the catch all email account.

Earthlink is my ISP and hosts my domain name. Thus, I have an earthlink email address. ALL email sent to my domain name goes to that Earthlink account. So, myname at mydomain, somebodyelsesname at mydomain... all go there.

1) Since I use the domain name as my email address, Outlook filters and saves myname at mydomain. However, ANY email to the Earthlink address is spam, since I have NEVER used that address, and so Outlook drops all of those in the delete bin. Any email to namemy at mydomain, yourname at mydomain.... are likewise spammers trying to figure out valid email addresses and are also spam. They go in the delete bin too. These two filter rules are the most effective spam rules I have in Outlook.

2) The exception to this is that Earthlink refuses to send me email at my domain, and so a third filter in Outlook saves emailed bills from Earthlink. Domain name renewal stuff, for example, I changed to reflect the myname at mydomain address.

3) When I go to a site that I don't want spam from, but I have to sign up for, I can enter the sitename at mydomain. Like gamerworld at mydomain. If I am expecting email from them (like a new password) I watch the delete bin for it. Otherwise, I don't worry about it. It's also a simple way to see if those promises of "we won't mail you anything, honest" are kept. Or to a tech forum. Sign up as techforum at mydomain, post your problem, watch the delete bin for a few days (or add the techforum at mydomain to your whitelist), post replies to your replies until you fix the problem, and then ignore that address (or remove techforum at mydomain from your whitelist).

I think everyone should get their own domain and filter email like this.... But it probably wouldn't work if EVERYONE did it....

Richard

It took me one week to shut it off

[npistentis]

When i set up my own domain, I did the same thing- it seemed like a good idea, not to mention the humor value of having my friends send emails to bizarre addresses. After one week of getting absurd amounts of spam to virtually every address under the sun @mydomain.com, I deleted the account.

Catch end all

I have catch-all turned off on all my OLD domains. Over the years, they just ended up on too many spam lists. (Hey, back in the day, we didn't have to have "safe emailing". We used our email addresses all over the place.)

So I had to turn if off on old domains. On my newer domains I'm just very careful about where I post my email addresses. The server takes care of most general domain targetted spam.

I find it very handy

[moosebreath]

It works for me, but maybe I'm a special case. I am able to give out special email addresses and then set up my local client to plop each into its own mailbox. That may not be something you do a lot, but it has sure worked for me. I just ignore the stuff that doesn't get filtered into a special location. Of course, you have to plan this from the very beginning and give out addresses that way. If one becomes a spam attracter, I just give out a new address for that slot and change the filter.

I will admit to getting lots of spam until my ISP recently implemented a wonderful spam filter.

greylisting

[cyberwave]

A feature called greylisting will reject an e-mail for 45 minutes before accepting it. Most legitimate e-mail senders use RFC-standard SMTP servers which stick around and try to re-send the e-mail for the designated time period. This cuts down on SPAM quite a lot but will create a delay for suspicious messages and most first-time senders.

Spam IS good for something (Your Gonna Laugh!)

When I was an IT for a particular company the way it went was - if you did something well or did not appear busy, you were assigned more permanent responsibilities- or so it seemed. What I found was, if more spam went to the owners account (he was paronoid about missing a sales related mail so catch all was prescribed) then he was more likely distracted by either someones marketing, sifting through it all timewise, or the newest worm/trojan (I was not responsible for his personal system due to his remote location/paronoia/ego where he wouldn't take the time to update and anti-v setup (on XP LOL). His system constantly went down and he was aware of the fact that no other system went down as often (very often) so he would "diappear and try to get someone else to fix it cause of his ego". LOL LOL LOL LOL LOL less work for me!!!!!

I have a catchall

[FinalCut]

I have a catchall at one of my domains and have spam assassin set to filter a high rate - then everything else is forwarded on to the account I use the most. I then have popfile filter it further, and finally thunderbird finalizes the spam filtering and I get all the imporant mail sent to the catchall but none of the spam. I could probably cut popfile out of the loop - except using its header modification it is much easier to filter all the email from all of my accounts into one set of folders in thunderbird - since thunderbird insists on using a different folder structure for each email account.

If you are running a catchall...

[mcdade]

Just run some free filters, like spamassassin, it it with update of rulesets, bayesian filtering and vipul's razor and it kills almost 95% of spam messages.

I use to get about 120 or so messages a day, maybe 10 or 20 were real emails the rest was spam, now I get maybe 1 or 2 spam messages a day. Just be warned that you need to whitelist some addresses cause companies sending out 'product' updates look an aweful lot like spam to the filter system.

If you have spamassassin set up corretly it will kick ass!

-b

Just train Spamassassin

I've tried a lot of spam filtering methods to my domain and nothing has worked as well as training spamassassin. It's a bit of work at first, because you have to sort all your email in Spam and Ham (non-spam) but after a while it gets down to only a few spam emails a week which I also send through the trainer. Just checking my reject folder right now, I've got 612 spam emails in the last five days and only two got through. This is much easier and more effective than trying to write custom rules.

I have to do it that way.

Far too many people at my work have unusual (and easy to misspell) names. I've seen three totally different spellings of my boss's name. But if it just bounces, the client won't bother to resend, and we need this information. So guess who now receives 20 e-mails a day, and thanks God for the blessing that is Thunderbird?

catch-all

i have a catch all at earle at earlea dot com
spam ! you betcha,lol! i've rerouted all my domain e-mail through www.mailblocks.com now and THAT'S how i contain MY domains spam problems.
btw:
i tried a dozen different ways to creater an account to my liking. unable to do so.
so,i'll post as anonymous,lol.
earle at earlea dot com

Who cares about the address, I bought my way out.

[dtdns]

As an e-mail administrator for a company who offers e-mail to the outside world, we had to deal with spam like everyone else running a mail server. Spam was the biggest complaint. We installed SpamAssissin, which helped, but it took up too much time to feed and maintain the filters. So, we bought our way out. We switched to modusMail by Vircom and haven't looked back. It catches close to 99% of our incoming spam, catch-all accounts and all. False positives are less than half a percent. Every morning each user gets a Quarantine Report showing all the spam and viruses for the previous day. From here they can whitelist or blacklist addresses of anything that was caught. Best of all, there is a dedicated team of spam-busters that does nothing but update the filters, which get pushed down to us every 6 hours. Spam doesn't make it to our desktop anymore, nor do viruses, and we spend less than 15 minutes a month managing the mail server. Yes, we paid quite a bit of money for it, and it's not open source (gasp!), but it WORKS, and the users are more than willing to pay extra for this level of service.

If I understand correctly, ...

[the_rajah]

It's not possible, AFAIK, to give the sender an error message before the message is sent. All mail for a domain comes to the server, whether it's misaddressed or not. It's what is done with it that makes the difference. Blackholing misaddressed mail definitely saves bandwidth and server resources since there is no reply generated and nothing gets stored. Setting the server to generate a fail message is a courtesy and may be worth it for places where you might get messages that are important. As with blackholing, nothing is stored on the server and the failure message is quite small, AKA little in the way of bandwidth used.

I have a domain where there is a local ISP in Iowa that has the same name, but with a .net TLD instead of our .com TLD. There was all sorts of misaddressed mail, incorrect only with respect to the TLD, so it was fairly easy, back in 1999 to manually reroute those to the .net address and send a note back to the sender explaining their mistake, but it eventually got out of hand since it was a manual process on my part and I finally had to quit doing it.

"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain

Re:If I understand correctly, ...

[gerardrj]

You don't understand correctly, I'd suggest you read the RFCs regarding SMTP.

When an SMTP session is started, two pieces of data MUST be sent before the message. Those fields amount to "from" and "to" fields and are sent sequentially by "MAIL FROM:" and "RCPT TO:" fields in that order. The "from" portion may be forged, but the "to" field must be correct as it is the address that the server delivers the message to or uses for further forwarding/processing. If the server does not recognize the to field, it will usually return a simple error (550) and may the session at that point. Also, if the server does not like the "from" field (for any reason you can program for), an error can be returned and the session ended.

Again, this is all before the body of the message is sent with the "DATA" command, thus saving potentially megabytes of data transfer. This does note require the "return" address to be correct, as this is happening at the time of delivery and the servers are talking directly about the message.

The body of a message may (but is not required to) contain other headers such as subject, to, from, received, date, content-type, message-id etc, but these fields in the data area have nothing to do with delivery as far as the receiving server is concerned.

Now.. it's possible to configure a server to operate differently, accepting all mail blindly, buffering the messages, then later figuring out where they should go.

My personal server takes the "MAIL FROM:" data and parses it, checking that the remote domain exists and there is an SMTP server that accepts mail for that domain. If any of those checks fail, I return a "not available" error (421) and close the connection.

I had to disable my catch-all

[ecarlson]

Recently, some virus infected computers, somewhere in the world, started sending out virus e-mail messages using [random-address]@mydomain.com, so I was receiving lots of bounces and virus notifications, so I disabled my catch-all.

Comptuter as a tool

[nurb432]

The only problem with that analogy is that a computer is a multi functional tool.

Those functions can ( and often do ) vary widely.

If I use function A, and understand it 100%, that doesn't mean by default I understand function B.

It is ludicrous to base a persons intelligence on his ability to use function B, which to you and I seem rather 'self explanatory' in its usage.

Good example: Few would consider Einstein anything but insanely intelligent.. but he was incapable of picking out clothes for himself each morning.. something most of us take for granted...

Your On Server!

[markalanj]

Just run your on email server dude!

Beware auto-responders in catchalls (and catchalls

[BillX]

(and catchalls in general)

Nowadays I'd really have to recommend against catch-all accounts.

We used to run a catch-all at a server I administer, it had been a thing of beauty for a number of years. Few spams to never-existant addresses (the occasional crap addressed to "info@" and "sales@" were about it), and the convenience of never having to keep track of the made-up-on-the-spot email addresses given out to shady people, registrations, etc. A few addresses got into the hands of hardcore spammers; these were replaced with an autoresponder politely directing live humans to another address.

Then, early this year, some Windows virus-or-other came out which sent mails to random and other novelly-generated addresses (joe@, bob@, username from another domain @yourdomain.com), and spread rapidly. Within a couple days, the catch-all account (read: my inbox) was receiving upward of 10,000 (yes, that's not a typo) copies of these huge Windows viruses per day.

Not only this, but those couple of autoresponders were also being hammered by mails from forged addresses, causing them to send a "this address is deprecated, please use..."-type mail (or lots of them) to people who never sent mail to that address in the first place. This included the administrator of one particular Debian-related mailing list, who I remember as being rather rude, threatening to get our domain UDPed, blacklisted, sent to Detroit or whatever is today's preferred form of vengeance from someone closer to the backbone than you are.

Needless to say, life with catch-alls ended for us in short order (with a couple months of occasional "what happened to your address, it's dead!" from people sending to addresses I didn't remember to create after removing the catch-all functionality), and life + my inbox returned to normal.

Re: parent is right

The parent post is an example of one of those rare cases where slashdot needs the ability to give a +6.

Like many things in life the email system is poorly designed; however, that does not mean people should have to learn to cope with the deficiency. Doing so will only cause them to fear new technology.

By standing up and refusing to accept an inferior product, these users are actually challenging us [programmers] to come up with real a solution to the problem. If we cannot do that, then we're the idiots.

Thanks.. I'll be the first to admit that I've got

[the_rajah]

a lot to learn. I appreciate the input. While I've been running several websites for several years, my use of e-mail has not involved setting up mail servers, but rather using what the hosting services provided. What you say makes sense. One of the important things I come to /. for is to learn.

"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain

Use relaydb with a catch-all address

[chrysalis]

A catch-all address will indeed collect tons of spam and bounces from spoofed senders.

But sometimes there are some valid mails from people who mispelled your address.

RelayDB (http://www.benzedrine.cx) is a program you can run when receiving mail. "relaydb -b" means the mail is spam, "relaydb -w" means the mail is ham. Then, relaydb will maintain a database of "scores" of IP addresses.
If the "score" of an IP address is too high, it will be blacklisted. If some real mail comes later form that IP address, it will be whitelisted.

By feeding your catch-all address to "relaydb -b" you will filter 99.9% of the spam and Microsoft annoyances. By feeding your valid addresses to "relaydb -w", you prevent valid mail from being filtered, even when sent to your catch-all address.

Re:Thanks.. I'll be the first to admit that I've g

[gerardrj]

No problem... I figured you were truly ignorant of SMTP operation and so provided a mini lesson.

SMTP is deceptively simply and immensely complex, at least "sendmail" is. You could implement the basics of an SMTP server with just a few dozen lines of perl code, but it takes tens of thousands of lines to completely do it "right".

The girl parameter

[kezze]

It's definately worth it - telling my friend Rachel that my email address is rachel_is_my_sweetie@kezze.dk really flattered her - and by using a catchall-account, I can trick every girl that I meet, without having to get online and set up aliases.
They fall for it, that's for sure.

Required mailboxes?

[Deven]

"Postmaster" is certainly a required mailbox for any SMTP server. That's an explicit requirement. However, "abuse" is not a required mailbox. RFC 2142 only requires that the "abuse" mailbox be recognized if the service exists. If you have an "abuse department" or someone designated to handle abuse complaints, that mailbox must reach them. RFC 2142 doesn't demand that any of the listed mailboxes be used -- it only exists to standardize the mailbox names so that you don't have "abuse" at one site, "tos" at another, and "complaints" at a third.

RFC-Ignorant.Org is promulgating an incorrect interpretation of RFC 2142, claiming that every domain must support an "abuse" mailbox, by interpreting even single-user domains as "organizations" and reading between the lines of multiple sections. If "abuse" truly were a required mailbox, it would be clearly spelled out in the RFCs as it it for the "postmaster" mailbox. No, it's not strictly required, especially in the case where the domain is run by a person on their own server, and no "organization" exists at all. It may be strongly recommended, but not required.

If "abuse" bounces, then the appropriate mailbox to use is "postmaster". What's the problem here?

Ugh...

[Atroxodisse]

yeah, you're probably right.