Slashdot Mirror


Is A Catch-All Address Worth The Spam?

wildzeke writes "I plan on switching Internet providers this summer to get a faster speed. Since losing an email account is the biggest pain when switching providers, I decided to pay the extra money to have email for the domain I registered. One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not? On one hand, it may catch important email such as admin, or postmaster or simply mis-typed user name. On the other hand, the catch-all will open the flood gates to spam who will send to [all user names in the world]@domain.com."

10 of 579 comments (clear)

  1. I gave it up after a year by killbill · · Score: 5, Interesting

    I fought it for a year or so, coding up custom filters, using spam assassin, you name it, and finally just gave up and blackholed it.

    Spammers are trying dictionary attacks against domains to try and guess live accounts. I would get 500+ copies of the same message to made up names in alphebetical order a day.

    That being said, I have since gotten on the Gmail beta, and just forward all my mail there now. It has a far better spam rejection rate then anything else I have tried, so if you forward all your mail to a google account and let them try and sort out the spam, it would probably be usable (and maybe even helpful to them to train their filters).

    --
    Mathematically impossible requirements are technically not against policy.
  2. Just dump non-existent users by kstumpf · · Score: 4, Interesting

    I think it's best to just reject mail addressed to non-existent users during the SMTP transaction. My outside relay uses Postfix's relay_recipient_map to validate all recipients before relaying inside... anything not matching gets rejected with a 550. This saves my content filters (amavis/clamav) alot of work since we get TONS of spam to non-existent recipients.

    relay_domains = mysql:/etc/postfix/mysql-relaydomains.cf
    relay_re cipient_maps = mysql:/etc/postfix/mysql-recipient.cf,
    mysql:/etc/postfix/mysql-alias.cf
    relay_transport = relay:mx2.somethingawful.com

    If you don't validate recipients, then you probably SHOULD use a catch-all address. The alternative to this would be bouncing spam back to the (usually forged) sender, in which case you become part of the problem and can cause yourself major queueing problems.

  3. Re:No big problems here by Oloryn · · Score: 4, Interesting
    From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address.

    My experience doesn't match. I've got my own domain, hosted on my home computers. I don't use a catch-all address, but my mail logs show anywhere from 400 to 1200 emails daily bounced because they're addressed to invalid email addresses. Roughly 80% of these come with an envelope from address of (null, supposed to be used only by bounce messages). Because spammers are sometimes known to use as an envelope from address on spam, I can't be sure that these are all bounce messages. I am pretty sure, though, that they represent either spammers using a dictionary attack on my domain, or spammers using @mydomain> as a From address for that spam. And the other ~20% are pretty well for sure dictionary attacks on my domain.

    Now, I'll admit that while I'm by no means a big-time anti-spammer, I have done my share of reporting spammers to their ISPs and posting on nanae. It's possible that I've gotten on a list of 'known anti-spammers' that spammers use for generating spam from addresses, just for harrassment potential. My experience may apply mostly to those who go beyond filtering in fighting spam. But it is another data point.

  4. Disagree by Uber+Banker · · Score: 4, Interesting

    But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

    If it is a personal domain with perhaps a couple of description pages and even a blog then, like me, you will get no more (from personal experience) than 10+ random (random in the way they are sent to webmaster/admin or anything that * catches other than regular) messages/week. No big deal

    A better known site seems to get a greater ranking in auto-traffic (let me generate logos, banners, security, etc for your website). But an email address listed on the site (my site) gets far more spam than a generic catch-all (e.g., I have "email webmonster@....com" as the auto admin address, more emails come to that than webmaster coz it's googled/harvested on those lists).

    But the original statement said "I decided to pay the extra money to have email for the domain I registered" WFT?! Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!

    1. Re:Disagree by studerby · · Score: 4, Interesting
      I suspect your domain hasn't been out there long enough yet.

      My company's primary domain is registerd with technical contacts of "hostmaster@[our_domain.com]" and for years we never got a spam. Then about 2 years ago, somebody must have included it in a big master list; now it takes about 30-50 spams a day on average, mostly true "bottom feeder" crap like cialis and vicodin and *adult* crap.

      My work email's been out there a lot longer, but doesn't draw nearly the number of spams and about 80% of them are financial/economic scams - mortgage and stock touts, lottery, 419, etc.

      Upstream filters are blocking emails with virus attachments; I have no idea how many of those are coming in...

      --

      .sig generation error:468(3)

    2. Re:Disagree by Uggy · · Score: 4, Interesting

      I actually have an old domain dedicated to just that... collecting 100's of spams a day to train the bayes filters. Identical spams sent a hundred times just help me confirm what spam looks like. I use my other users to train the ham side, and guess what, it works like a charm. We get considerably less spam. So, yes catchall domains are useful... as spam honeypots.

      --
      Toddlers are the stormtroopers of the Lord of Entropy.
    3. Re:Disagree by mcrbids · · Score: 4, Interesting

      But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam

      Wow. Could you be more wrong? As sysad for two smallish ISPs, I've been seeing serious SPAM attacks as (random string)@domain.com.

      As many as 200,000 attempts in 24 hours. Repeatedly, for multiple domains. From hundreds of different sources. (We even put in a double bounce handler to identify source addresses; it was rare to see any single IP addresses attempt to deliver more than 10-20 in a 24 hour period)

      While your other points are valid ones, on this one you are dead, dead wrong.

      And, to the article poster, NEVER USE A WILDCARD. EVER. A bayesian filter running at 99.98% effectiveness would still not be as accurate as sending all wildcard email to /dev/null !

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  5. Re:the whole /point/ of a catchall address is spam by KingJoshi · · Score: 4, Interesting

    I do this as well. I used to have an email address from MailBank (later changed to NetIdentity). They buy up domains with last names so you can do firstname@lastname.com. They started off charging $5 a year for email and now it's $25/year. I got fed up with it and bought my own domain name.

    Best move I did. I have greater control over it and feel more security about it as well.

    There is a free DNS service held by ZoneEdit. If you only use it for one domain, it allows free email forwards, web forwards, etc. It has about all the services I could ask for (except hosting) for free (assuming you don't go over a quota).

    I have emails redirected to my gmail account as well as comcast (which also hosts my personal website). I could host this on my own computer or elsewhere and I have a lot of freedom to do what I want.

    And as the parent said, being able to create email addresses on the fly allows you to catch businesses that sell your email address, or find out where the spammers mostly target (and as another poster said, Slashdot is worst of all the ones I've created). It also makes it easier to filter with gmail and do searches and so forth.

    I know I'm being mostly redundant as others, but I can't emphasize enough how valuable this is, especially to a computer geek. And I'm only paying $7/year for all this! I can't mod the parent up any more so I just want to re-iterate the value of catchall addresses and owning your own domain name.

    --
    In times like these, it is helpful to remember that there have always been times like these. - Paul Harvey
  6. One word: greylisting by hedronist · · Score: 5, Interesting
    Checkout Greylisting.

    I run a friends-and-family hosting site (DNS, mail, web) for about 50 domains, almost all of which have catchall enabled. One user was getting 500+ spams a day, day in and day out. I was seeing 200-300 per day myself.

    Four weeks ago I built the latest sendmail with Milter turned on and installed relaydelay.pl. The next day that user received two (2) emails, both of which were from friends. I got 7 emails, only one of which was spam.

    Greylisting is the single most powerful anti-spam system out there. It blocks over 95+% of the spam and it doesn't "false positive" because it isn't doing pattern matches, Bayesian filtering or anything like that. It simply gives a TEMPFAIL to any email that has an unknown (from, to, server-IP) triple. If they come back more than X minutes later and less than Y minutes later, they are let through. Spammers almost always are using fire-and-forget SMTP servers so they don't retry, and so you never see their garbage. Positively elegant.

    If you are the sysadmin, check it out and install it. Otherwise, hound your admin/ISP to install it. It saves bandwidth, aggravation, and time.

    The corks just don't come out the way they used to.
    -- My Wife, dealing with one of the new Corqs(tm)

  7. Re:No brainer by SoupIsGoodFood_42 · · Score: 4, Interesting
    If I send a letter to you, and it's addressed like this (pretending that the following is your address):

    Joe Sixpack
    Street, City etc...

    You'd expect to get it.

    If I sent a letter, but with the name in any of these variations:

    JoeSixpack
    J Sixpack
    Joe T Sixpack

    You'd still expect to get it, right?

    Now do you understand why people are telling you it's spelt correctly, when infact there's an extra space in there?

    Perhaps it's the original designers of the email systems we use, who's intelligence has been overestimated. Because they made addresses far to easy to get wrong.

    Now, as a web designer. I understand why these things are that way. But many--including intelligent--people don't understand these little technicalites. Because the expectations of other things in life has taught them differently.