Slashdot Mirror


Is A Catch-All Address Worth The Spam?

wildzeke writes "I plan on switching Internet providers this summer to get a faster speed. Since losing an email account is the biggest pain when switching providers, I decided to pay the extra money to have email for the domain I registered. One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not? On one hand, it may catch important email such as admin, or postmaster or simply mis-typed user name. On the other hand, the catch-all will open the flood gates to spam who will send to [all user names in the world]@domain.com."

13 of 579 comments (clear)

  1. No brainer by tarquin_fim_bim · · Score: 4, Insightful

    If the mail is from an intelligent human being they will generally conclude from the returned mail that they have erred, and readdress it accordingly. In the event of any other outcome you are probably better off not receiving the mail.

    1. Re:No brainer by studerby · · Score: 4, Insightful
      I don't think it has anything to do with intelligence, per se. I've seen an MD/PhD with an annual reseach grant total of $100 million struggle with this; I had to go to train his office manager on how to update his mail aliases, 'cause the mail client he liked was funky. If it wasn't in his alias list, and therefore clickable, he'd fubar it about 10% of the time and force the manager to fix it right now , 24/7, and he never understood anti-spam obfuscation (his staff filtered his incoming email for him).

      His time was very valuable and he just wanted it to work.

      Of course, the odds are good that nearly 50% of the people out there are of below-average intelligence, so any plan has to deal with both ends of the bell curve.

      --

      .sig generation error:468(3)

    2. Re:No brainer by geminidomino · · Score: 4, Insightful

      I agree. I bought my own domain as well, and I turned on a catch-all address (called "spamtrap") specifically TO catch spam. That's all it does catch. If someone types your address wrong, they should be smart enough to figure out "55x No such User" (or whatever the error is) and double-check the address. Anyone saying "random" spam is far less than targeted probably doesn't run a mailserver and watch the dictionary attacks mount up in the log file. "adam@domain", "anthony@" all the way up to "zachary@" (not to mention the various permutations of aaabbbccc, etc...). Unless you're trying to track where the spam is coming from (by reading recieved: headers, not "From:" lines), a catch-all address is nothing but a spam-catcher.

    3. Re:No brainer by Anonymous Coward · · Score: 5, Insightful

      Well, frankly I *would* consider that as a measure of intelligence (at least to some degree).

      For instance, if a user:

      - has used a computer for a number of years (by the sounds of it the very same applications for that same time)

      - depends on using the computer for important work

      and still can't use it properly (and won't take the time to actually *learn* to use it properly - eg, basic typing/clicking skills), I consider that an intellectual defect.

      It's like any other field - if you depend on a particular tool, you have to be able to actually use the tool properly or you'll mess things up repeatedly. And if you do mess things up on a regular basis, that's no one's fault but your own.

      Think of all the "valuable time" he has wasted by simply not learning to use his tools.

  2. No big problems here by andyrut · · Score: 5, Insightful

    Buying your own domain is a smart move. As long as you keep paying for the domain, your e-mail address can travel with you, even when you change ISPs.

    From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address. I get only a few junk e-mails to "webmaster", "postmaster", and other generic usernames. A far greater portion of it is addressed to the "real" e-mail address I use that's been plastered all over the web for years and years.

    Judging only from my inbox, it would seem that spammers are more likely to use lists of known e-mail addresses than trying to guess valid usernames for a domain. My advice would be to use the catch-all address and just wait and see if spam becomes a problem. Turning off the catch-all wildcard, if need be, is a very simple operation.

  3. Your shouldn't worry about that by toetagger1 · · Score: 4, Insightful

    If you use a spam filter, you sould not have to worry about it. You are not exposed to more kinds of spam, just more instances. And since spam filters currently have no issue with volume, you should be ok.

    --
    who | grep -i blond | date cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep
  4. Isn't that the POINT? by SuperRob · · Score: 5, Insightful

    What does it matter if it opens you up to spam. It's a catch-all account right, isn't that what it's supposed to do?!?

  5. the whole /point/ of a catchall address is spam by luge · · Score: 5, Insightful

    It is great. You never have to worry about giving out an indiscriminate address again. Signing up for a fantasy league on cnn/si? I used cnnsi@mydomain. cnnsi sold it and now I get several hundred spam a day there. And I can trivially filter and nuke them, with the added bonus that I know never to send them my business again. amtrak has amtrak@mydomain, I get all the mail from it, and can easily track that they have never violated their TOS. It's the greatest thing- I heartily recommend it to anyone who can.

    --

    IAAL,BIANLY

    1. Re:the whole /point/ of a catchall address is spam by luge · · Score: 5, Insightful

      This is a good approach, and the one I'd use, /if/ I had an easy admin interface to add accounts. But most don't (and it certainly sounds like the questioner on the original question doesn't.)

      --

      IAAL,BIANLY

  6. Speaking from experience by Bradee-oh! · · Score: 5, Insightful

    I have a catch-all address at my domain. YES, there are huge amounts of spam. BUT, it is definitely worth the trouble IMHO, and here's why.

    1 - most of the spam seems to come to 5 or 6 addresses only - admin, root, sales, webmaster, etc etc. That's cake to filter out straight to trash.

    2 - The convinience of being able to sign up for random websites with a different address on the fly is great. For example, signing up on ebay to buy something and using the address "fromebay@mydomain.com" means you KNOW that only one person in the world has your email address so you know who to blame if spam starts coming in, and it is also a piece of cake to automatically filter those ebay emails straight to an ebay inbox, for example.

    3 - Not as significant as my first 2 points but still a nice perk in my setup is that I'm able to create email addresses for family and friends on the fly and just setup my own server to split the addresses out into their own inboxes.

    So if you will be running the server(s) yourself over slow dsl or cable, the volume of spam MAY be a concern to you. I get about 600-700 spams a day to the common webministrater addresses I mentioned, but it's no concern to me because I don't run the incoming email server and my dsl is more than fast enough to d/l them in a few seconds.

    But in any other case, I'd say it's well worth it! And on a slightly different note, I have been very impressed with the honesty and adherence just about everywhere has to their privacy policies regarding email addresses. over 2 years of using my system with about 50 "from@domain.com" addresses, only one of them screwed up and got the address on a spam list somehow - cancelling my account with them and filtering those spams straight to trash solved the problem.

    --
    "This is Zombo Com, and welcome to you who have come to Zombo Com" - www.zombo.com
  7. So close.... by Groo+Wanderer · · Score: 5, Insightful

    You are so close to the right solution. Spam almost universally will have a spoofed address, so sending something back to the 'sender' will not net you any more spam. Sending back is OK.

    The trick is to put useful info into the reply. Try setting up a message in the 'this address does not exist' autoreply. Put in something like 'bob@domain.com does not exist. If you are trying to reach Robert Smith, please resend to robert@domain.com. If you want to reach someone in an administrative capacity, send an e-mail to admin@domain.com'.

    You can extend this to all the positions that matter, postmaster, webmaster etc, and a few key people at the domain. The bad guys shouldn't get it, and the poor twinks who have their domain name spoofed will probably ignore it.

    The people who DO need to contact you and did either screw up or guess wrong will simply get the info that they need to do right. Win/Win.

    -Charlie

    1. Re:So close.... by Brad+Oliver · · Score: 5, Insightful
      Try setting up a message in the 'this address does not exist' autoreply. ... The bad guys shouldn't get it, and the poor twinks who have their domain name spoofed will probably ignore it.

      As a "poor twink" on the receiving end of a lot of spam, I've found that my filters are effective against everything but auto-replies.

      Getting a ton of auto-replies from people on vacation, with invalid addresses, support addresses that have changed, and the ever-helpful "you've sent us spam and we've rejected it but our spam filter is too stupid to realize the sender was forged" really gets old after the first week.

      Don't use an autoreply and turn your problem into my problem.

    2. Re:So close.... by NoMercy · · Score: 5, Insightful

      Ideally the mail server shouln't accept the emails, not construct a nice reply, just send the relevant code and a short single-line message that the server is unable to relay/deliver the email.

      The spammer's SMTP engine will get a mark against the email as bad, and valid ISP's relaying emails for there customers will generate a nice email for you saying that the address is invalid.