Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is A Catch-All Address Worth The Spam?

Posted by timothy on from the so-much-trouble-in-the-world dept.

wildzeke writes "I plan on switching Internet providers this summer to get a faster speed. Since losing an email account is the biggest pain when switching providers, I decided to pay the extra money to have email for the domain I registered. One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not? On one hand, it may catch important email such as admin, or postmaster or simply mis-typed user name. On the other hand, the catch-all will open the flood gates to spam who will send to [all user names in the world]@domain.com."

3 of 579 comments (clear)

  1. Here's one way to get the most from it by quinxy · · Score: 5, Informative

    As someone who has been using a catch-all account for years, and has enjoyed the benefits and suffered the consequences, I would suggest you do it (though not without some warnings and recommendations). I do receive a fair amount of SPAM for accounts which have never existed on the system. I have also endured several periods when some SPAMmer referred to fake accounts at my domain in the return-to of the SPAM they were sending out (they were not using my mail server, they simply made up random usernames for my domain). Since they were random (both the names they used and the content of the SPAM) it was impossible to easily filter out. That sucked. I would receive hundreds of bounce messages per day. Ultimately I was able to make it stop by writing a script to post every bounce message I received through to the support form on the websites being advertised (modifying for each of the three or four sites which were involved), making the normal "cease and desist" legal threats. It seemed to work, since the SPAMs did stop soon after (presumably those sites complained to the SPAMmer they employed), and the SPAMmer no doubt moved on to some other fake accounts. Bastard. One of the best features of the catch-all is that you can totally control to whom you give out your "real" e-mail address, as well as track who is using the e-mail addresses you are giving out. For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering). You'll be able to receive that sites mail until you either don't want to, or until you see that they have abused the privilege of e-mailing you. Often I will see six months after registering to some site, I start getting tons of SPAM from the e-mail I gave to that site, and I can then simply block that on the mail server, bouncing them or sending them to /dev/null (via aliases, for example). This is the greatest strength in using catch-all addresses. To mitigate the danger I mentioned previously of fake usernames, one should (though I am no sendmail expert and don't know how) set up a rule that any incoming recipient address must correspond to an existing account/alias, OR the catch-all structure you want (the whole PREFIX.SITENAME@yourdomain.com). Q

    --
    Don't vote for Eugene Papansanovich for Congress!
  2. Whatever you do... by Fweeky · · Score: 5, Informative

    Make sure addresses like postmaster@ and abuse@ work. They're unlikely to get spammed, but may well receive important messages.

    postmaster@ is actually required by rfc2821, btw.

    As for the subject of the discussion; my catch-all addresses have been fine, but YMMV. If I was that worried about dictionary attacks, but still wanted the ability to give a new address out to each company, I'd do something like *-signup@mydomain or *@signup.mydomain or similar, but you might not have that level of control (in which case I'd recommend finding somewhere better to host your email, but *shrug*).

  3. Re:Disagree by MDMurphy · · Score: 5, Informative

    Catch all will kill your inbox. I had a catch all from 1996-2002. All of a sudden, around Labor Day 2002 I started getting up to 3000 spams a day. The vast majority were to bogus addresses. Even with local spam filtering my email client was spending near 100% of the time downloading mail.

    I eventually killed the catch all, resulting in losing email from some places I'd given unique email addresses to. Also went with a 3rd party spam filter ( spamcop.net ) so most spam never makes it to my desktop at all, getting filtered upstream.

    Recently I got a Gmail account. Just for grins I thought I'd test their spam filtering capabilities before using it for anything "real". I reactivated my catch all, forwarding it to my Gmail account. In the last 3 weeks my Gmail spam folder has accumulated 163MB of spam, or almost 27,000 individual messages. Gmail is only catching 30-50 percent of it, I've had to manually tag the remainder.

    So while all my catch all addresses bounced these past two years the flow has reduced from 3k a day to about 1k a day.

    The only reason to have a catch all is if you want lots of untargeted spam. I don't know how these yahoos do their billing, but if any of them base it on what bounces vs. what's read, then having an open address might just mean they'll make more money because of you.