Forgot your password?
typodupeerror
Spam

Is A Catch-All Address Worth The Spam? 579

Posted by timothy
from the so-much-trouble-in-the-world dept.
wildzeke writes "I plan on switching Internet providers this summer to get a faster speed. Since losing an email account is the biggest pain when switching providers, I decided to pay the extra money to have email for the domain I registered. One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not? On one hand, it may catch important email such as admin, or postmaster or simply mis-typed user name. On the other hand, the catch-all will open the flood gates to spam who will send to [all user names in the world]@domain.com."
This discussion has been archived. No new comments can be posted.

Is A Catch-All Address Worth The Spam?

Comments Filter:
  • No brainer (Score:4, Insightful)

    by tarquin_fim_bim (649994) * on Saturday July 17, 2004 @06:14PM (#9727385)
    If the mail is from an intelligent human being they will generally conclude from the returned mail that they have erred, and readdress it accordingly. In the event of any other outcome you are probably better off not receiving the mail.
    • Disagree (Score:5, Interesting)

      by Uber Banker (655221) on Saturday July 17, 2004 @06:45PM (#9727598)
      But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

      If it is a personal domain with perhaps a couple of description pages and even a blog then, like me, you will get no more (from personal experience) than 10+ random (random in the way they are sent to webmaster/admin or anything that * catches other than regular) messages/week. No big deal

      A better known site seems to get a greater ranking in auto-traffic (let me generate logos, banners, security, etc for your website). But an email address listed on the site (my site) gets far more spam than a generic catch-all (e.g., I have "email webmonster@....com" as the auto admin address, more emails come to that than webmaster coz it's googled/harvested on those lists).

      But the original statement said "I decided to pay the extra money to have email for the domain I registered" WFT?! Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!
      • Re:Disagree (Score:3, Interesting)

        by The Snowman (116231) *

        But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

        My main address (unmunged, in this message's header) gets about 500 spams per day. Before I removed the catch-all I was getting almost twice that. Granted I am not everyone, but a few other people are in the same boat as I am. My web host [pair.com] has its own private news server (i.e. not connected to Usenet), and quite a few people who post there talk about getting thousands of spams sent to nonex

        • Re:Disagree (Score:3, Interesting)

          by chimpo13 (471212)
          I'm also on pair, and I get the catch-all. Close to 1,000 spams a day. Now everything goes to gmail since I'm going to need web email and it's cut my spam down to 0-15 a day (5 a day has been average). So far, 2 false positives.

          The best is no more 200 virus messages going through names A to Z. I'm sure a good spam filter would take care of the catch-all spam.

          My spam rate went way up with my previous provider (servercentral). I don't know if I just got hit hard or if they're just crappy. Lots of it w
        • Re:Disagree (Score:3, Insightful)

          by macdaddy (38372)
          Turning it off? It's off to begin with. Only a fool would turn it on for any domain with legitimate uses. The only time you ever tunr it on is when you WANT spam. There are very few of us that want hundreds of thousands of pieces of spam per day.
          • Re:Disagree (Score:5, Interesting)

            by Uggy (99326) on Saturday July 17, 2004 @09:28PM (#9728320) Homepage
            I actually have an old domain dedicated to just that... collecting 100's of spams a day to train the bayes filters. Identical spams sent a hundred times just help me confirm what spam looks like. I use my other users to train the ham side, and guess what, it works like a charm. We get considerably less spam. So, yes catchall domains are useful... as spam honeypots.
      • Re:Disagree (Score:5, Interesting)

        by studerby (160802) on Saturday July 17, 2004 @07:00PM (#9727668)
        I suspect your domain hasn't been out there long enough yet.

        My company's primary domain is registerd with technical contacts of "hostmaster@[our_domain.com]" and for years we never got a spam. Then about 2 years ago, somebody must have included it in a big master list; now it takes about 30-50 spams a day on average, mostly true "bottom feeder" crap like cialis and vicodin and *adult* crap.

        My work email's been out there a lot longer, but doesn't draw nearly the number of spams and about 80% of them are financial/economic scams - mortgage and stock touts, lottery, 419, etc.

        Upstream filters are blocking emails with virus attachments; I have no idea how many of those are coming in...

      • Re:Disagree (Score:5, Informative)

        by MDMurphy (208495) on Saturday July 17, 2004 @07:16PM (#9727760)
        Catch all will kill your inbox. I had a catch all from 1996-2002. All of a sudden, around Labor Day 2002 I started getting up to 3000 spams a day. The vast majority were to bogus addresses. Even with local spam filtering my email client was spending near 100% of the time downloading mail.

        I eventually killed the catch all, resulting in losing email from some places I'd given unique email addresses to. Also went with a 3rd party spam filter ( spamcop.net ) so most spam never makes it to my desktop at all, getting filtered upstream.

        Recently I got a Gmail account. Just for grins I thought I'd test their spam filtering capabilities before using it for anything "real". I reactivated my catch all, forwarding it to my Gmail account. In the last 3 weeks my Gmail spam folder has accumulated 163MB of spam, or almost 27,000 individual messages. Gmail is only catching 30-50 percent of it, I've had to manually tag the remainder.

        So while all my catch all addresses bounced these past two years the flow has reduced from 3k a day to about 1k a day.

        The only reason to have a catch all is if you want lots of untargeted spam. I don't know how these yahoos do their billing, but if any of them base it on what bounces vs. what's read, then having an open address might just mean they'll make more money because of you.
      • Re:Disagree (Score:5, Informative)

        by macdaddy (38372) on Saturday July 17, 2004 @08:26PM (#9728091) Homepage Journal
        But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam

        On the contrary wildcard spam is extremely common. When was the last time you ever watched the maillog of a busy MTA? I garuntee you it will be riddled with User Unknown errors from dictionary, Rumplestiltskin and wildcard attacks. It's that way on every mail system I've ever administrated, including the ones I administrate now.

      • Re:Disagree (Score:4, Insightful)

        by whoever57 (658626) on Saturday July 17, 2004 @10:32PM (#9728580) Journal
        But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:

        Well, I think there are wild differences from one domain to another. One of the domains that my company uses for email has been under a sustained dictionary attack for months now. Others get only targetted spam (real or former email addresses plus postmaster@, sales@, etc).

        So a catch all may be OK until some spammer decides to make it the target of a dictionary attack. The problem is: what does one do then? At that point, turning off the catch all will probably mean losing lots of non-spam emails.

      • Re:Disagree (Score:5, Interesting)

        by mcrbids (148650) on Saturday July 17, 2004 @10:42PM (#9728638) Journal
        But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam

        Wow. Could you be more wrong? As sysad for two smallish ISPs, I've been seeing serious SPAM attacks as (random string)@domain.com.

        As many as 200,000 attempts in 24 hours. Repeatedly, for multiple domains. From hundreds of different sources. (We even put in a double bounce handler to identify source addresses; it was rare to see any single IP addresses attempt to deliver more than 10-20 in a 24 hour period)

        While your other points are valid ones, on this one you are dead, dead wrong.

        And, to the article poster, NEVER USE A WILDCARD. EVER. A bayesian filter running at 99.98% effectiveness would still not be as accurate as sending all wildcard email to /dev/null !
    • So close.... (Score:5, Insightful)

      by Groo Wanderer (180806) <charlieNO@SPAMsemiaccurate.com> on Saturday July 17, 2004 @06:49PM (#9727622) Homepage
      You are so close to the right solution. Spam almost universally will have a spoofed address, so sending something back to the 'sender' will not net you any more spam. Sending back is OK.

      The trick is to put useful info into the reply. Try setting up a message in the 'this address does not exist' autoreply. Put in something like 'bob@domain.com does not exist. If you are trying to reach Robert Smith, please resend to robert@domain.com. If you want to reach someone in an administrative capacity, send an e-mail to admin@domain.com'.

      You can extend this to all the positions that matter, postmaster, webmaster etc, and a few key people at the domain. The bad guys shouldn't get it, and the poor twinks who have their domain name spoofed will probably ignore it.

      The people who DO need to contact you and did either screw up or guess wrong will simply get the info that they need to do right. Win/Win.

      -Charlie
      • Re:So close.... (Score:3, Insightful)

        by nyseal (523659)
        Or, if someone REALLY needs to contact you, they can always pick up a phone and at least leave a message.
      • Re:So close.... (Score:5, Insightful)

        by Brad Oliver (604118) on Saturday July 17, 2004 @07:55PM (#9727961)
        Try setting up a message in the 'this address does not exist' autoreply. ... The bad guys shouldn't get it, and the poor twinks who have their domain name spoofed will probably ignore it.

        As a "poor twink" on the receiving end of a lot of spam, I've found that my filters are effective against everything but auto-replies.

        Getting a ton of auto-replies from people on vacation, with invalid addresses, support addresses that have changed, and the ever-helpful "you've sent us spam and we've rejected it but our spam filter is too stupid to realize the sender was forged" really gets old after the first week.

        Don't use an autoreply and turn your problem into my problem.

      • Re:So close.... (Score:5, Insightful)

        by NoMercy (105420) on Saturday July 17, 2004 @08:00PM (#9727973)
        Ideally the mail server shouln't accept the emails, not construct a nice reply, just send the relevant code and a short single-line message that the server is unable to relay/deliver the email.

        The spammer's SMTP engine will get a mark against the email as bad, and valid ISP's relaying emails for there customers will generate a nice email for you saying that the address is invalid.
    • Re:No brainer (Score:5, Insightful)

      by geminidomino (614729) * on Saturday July 17, 2004 @06:55PM (#9727653) Journal
      I agree. I bought my own domain as well, and I turned on a catch-all address (called "spamtrap") specifically TO catch spam. That's all it does catch. If someone types your address wrong, they should be smart enough to figure out "55x No such User" (or whatever the error is) and double-check the address. Anyone saying "random" spam is far less than targeted probably doesn't run a mailserver and watch the dictionary attacks mount up in the log file. "adam@domain", "anthony@" all the way up to "zachary@" (not to mention the various permutations of aaabbbccc, etc...). Unless you're trying to track where the spam is coming from (by reading recieved: headers, not "From:" lines), a catch-all address is nothing but a spam-catcher.
      • Re:No brainer (Score:4, Informative)

        by Scarblac (122480) <slashdot@gerlich.nl> on Saturday July 17, 2004 @07:51PM (#9727942) Homepage
        I may be totally mistaken, but I thought that using a catch-all address means no "55x no such user" errors are sent anymore? There is such a user, and it's mapped to the catchall address.
  • by andyrut (300890) on Saturday July 17, 2004 @06:14PM (#9727389) Homepage Journal
    Buying your own domain is a smart move. As long as you keep paying for the domain, your e-mail address can travel with you, even when you change ISPs.

    From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address. I get only a few junk e-mails to "webmaster", "postmaster", and other generic usernames. A far greater portion of it is addressed to the "real" e-mail address I use that's been plastered all over the web for years and years.

    Judging only from my inbox, it would seem that spammers are more likely to use lists of known e-mail addresses than trying to guess valid usernames for a domain. My advice would be to use the catch-all address and just wait and see if spam becomes a problem. Turning off the catch-all wildcard, if need be, is a very simple operation.
    • I'll echo this experience. I get a little mail to webmaster and such, which I auto-direct to my spam folder. I haven't had any occasions for dictionary attacks to lots of names, probably because it's a personal domain that doesn't attract so much attention.

      If I ever run into trouble, I'll simply identify the valid emails explicitly and put everything else into spam.

    • by Anonymous Coward
      That is, until the DSL provider you host your domain on decides to block port 25 because someone else on your ISP was spamming or relaying spam. :|

      Spammers ruin it for everybody.
    • by toonerh (518351) *
      Right after registering a domain, you'll often get a few spam's hawking hosting services, ect. Verisign (no flames please!) does allow you to opt out of their bulk sale of whois data - although why are they doing it in the first place?

      Also for $9 a year you can buy a redirected e-mail address that changes every 10 days that appears as your whois contact.
    • From my personal experience I've been getting a LOT of spam lately which is addressed to "made up" addresses at my domain. Either an awful lot of people lately have been giving out fake email addresses at my domain or spammers are somehow making them up from reasonable sounding usernames that never existed at my domain.
    • by Oloryn (3236) on Saturday July 17, 2004 @06:41PM (#9727581)
      From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address.

      My experience doesn't match. I've got my own domain, hosted on my home computers. I don't use a catch-all address, but my mail logs show anywhere from 400 to 1200 emails daily bounced because they're addressed to invalid email addresses. Roughly 80% of these come with an envelope from address of (null, supposed to be used only by bounce messages). Because spammers are sometimes known to use as an envelope from address on spam, I can't be sure that these are all bounce messages. I am pretty sure, though, that they represent either spammers using a dictionary attack on my domain, or spammers using @mydomain> as a From address for that spam. And the other ~20% are pretty well for sure dictionary attacks on my domain.

      Now, I'll admit that while I'm by no means a big-time anti-spammer, I have done my share of reporting spammers to their ISPs and posting on nanae. It's possible that I've gotten on a list of 'known anti-spammers' that spammers use for generating spam from addresses, just for harrassment potential. My experience may apply mostly to those who go beyond filtering in fighting spam. But it is another data point.

      • by shird (566377)
        are you sure all those bounced messages arent from mail worms forging from addresses? Probably about 80% of my mail is from 'mailer daemon - your message was infected' or 'we tried to deliver but failed' type messages, from domains Ive never sent mail.

        Aside from those, I get virtually no spam, or at least it gets filtered quite reliably.

        And I just have a regular yahoo account.
      • by Tim C (15259)
        I guess I must just be lucky. I've had a domain, complete with "catch-all addressing", for about 4 years now, and I get maybe a few dozen spams per week. Almost all of those, too, go to an address I was foolish enough to use in plain text on kur05hin a couple of years ago.

        I am anti-spam, but not particularly vehement about it. I can imagine thought that if I were getting that many mails, I'd probably be howling for blood...
    • by Pembers (250842)

      Judging only from my inbox, it would seem that spammers are more likely to use lists of known e-mail addresses than trying to guess valid usernames for a domain.

      My experience so far has been the opposite. I got my own domain about four months ago and put my website there. So far, the only address at that domain that I've publicised on the web has been webmaster@. To date, this address has received only one spam. (To be fair, I think most spammers filter "webmaster" out - my old ISP let me use webmaster@

    • I've had to shut off my catch-all, but not because of spam, but because of spoofed return-email addresses someone has been sending out with my domain name. My INBOX would be filled with bounce backs from email addresses some spammer was using that we're live anymore. He/she didn't have to deal with the bouncebacks, but they cause my mailbox to overflow. Shutting off my catchall address eliminated the boucebacks because the spammer wasn't using my "real" email address, just some made-up name at my domain.
    • From personal experience, I've found that only a very small percentage of spam I get comes from using the catch-all address.

      The same was true for me until a few months ago. My tactic was, whenever I needed to give out an email address, it would be their_company_name@my_domain. If I started getting spam to that address, I'd know who was to blame for selling me out. I could also just blacklist that address.

      Then, very recently, after my domain started getting popular on google, I started getting spam sent

  • by toetagger1 (795806) on Saturday July 17, 2004 @06:15PM (#9727391)
    If you use a spam filter, you sould not have to worry about it. You are not exposed to more kinds of spam, just more instances. And since spam filters currently have no issue with volume, you should be ok.
  • just be glad you're not asdf@asdf.com.
  • set it up, but make sure you have a good bayesian filter to weed out the crap.
    • If you have 1000s of messages coming to a person computer it doesn't mean squat what your filtering scheme is. Even if you don't "see" these messages, you machine is still going to have to read messages to evaluate them, or at the least download the headers (though header analysis isn't going to get you 100% filtered spam )

      Accepting email from 1000's of possible email addresess @ your domain when you know they're all bogus is just asking for punishment.
  • bounce? (Score:2, Insightful)

    by Anonymous Coward
    if anyone really emails your domain, and it bounces, won't they figure it out?
    Seems like a useless feature.
  • Really , (Score:2, Funny)

    by rd4tech (711615) *
    I can't understand some people, sometimes spam makes so exciting reading...
  • by SuperRob (31516) on Saturday July 17, 2004 @06:16PM (#9727404) Homepage
    What does it matter if it opens you up to spam. It's a catch-all account right, isn't that what it's supposed to do?!?
  • by quinxy (788909) * on Saturday July 17, 2004 @06:18PM (#9727418) Homepage
    As someone who has been using a catch-all account for years, and has enjoyed the benefits and suffered the consequences, I would suggest you do it (though not without some warnings and recommendations). I do receive a fair amount of SPAM for accounts which have never existed on the system. I have also endured several periods when some SPAMmer referred to fake accounts at my domain in the return-to of the SPAM they were sending out (they were not using my mail server, they simply made up random usernames for my domain). Since they were random (both the names they used and the content of the SPAM) it was impossible to easily filter out. That sucked. I would receive hundreds of bounce messages per day. Ultimately I was able to make it stop by writing a script to post every bounce message I received through to the support form on the websites being advertised (modifying for each of the three or four sites which were involved), making the normal "cease and desist" legal threats. It seemed to work, since the SPAMs did stop soon after (presumably those sites complained to the SPAMmer they employed), and the SPAMmer no doubt moved on to some other fake accounts. Bastard. One of the best features of the catch-all is that you can totally control to whom you give out your "real" e-mail address, as well as track who is using the e-mail addresses you are giving out. For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering). You'll be able to receive that sites mail until you either don't want to, or until you see that they have abused the privilege of e-mailing you. Often I will see six months after registering to some site, I start getting tons of SPAM from the e-mail I gave to that site, and I can then simply block that on the mail server, bouncing them or sending them to /dev/null (via aliases, for example). This is the greatest strength in using catch-all addresses. To mitigate the danger I mentioned previously of fake usernames, one should (though I am no sendmail expert and don't know how) set up a rule that any incoming recipient address must correspond to an existing account/alias, OR the catch-all structure you want (the whole PREFIX.SITENAME@yourdomain.com). Q
    • Use subdomains (Score:5, Informative)

      by gregmac (629064) on Saturday July 17, 2004 @07:01PM (#9727680) Homepage
      For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering).

      What I've been doing for the last couple of years is using a catchall at a subdomain of my actual domain. The typical dictionary spams (postmaster, sales, etc) don't come in, because they only work on top level domains (otherwise spammers would be wasting a large amount of time spamming "sales@www.domain.com" which pretty much never exists..

      When I sign up for an account at example.com, I just register as example.com@catch.mydomain.com. If I get spam, I can block it, and it doesn't interfere with my actual domain. If I decided one day I get too much spam to it, I could just switch to another subdomain name.
    • by panaceaa (205396) on Saturday July 17, 2004 @08:41PM (#9728154) Homepage Journal
      You should consider not capitalizing the word "spam". I couldn't bother to read the rest of your post after I noticed you were doing it. It just makes you seem out-of-the-loop, plus Hormel has said they would prefer people to spell it "spam" anyway.
  • by flamechocobo (792168) on Saturday July 17, 2004 @06:18PM (#9727419)
    I just write mail back. It's rather funny when you get a reply from the spammer. That isn't automated.
  • Nope (Score:3, Insightful)

    by Inominate (412637) on Saturday July 17, 2004 @06:18PM (#9727424)
    Not at all.

    The ideal setup is to have several addresses.
    One for close friends, associates, individuals and people who the address is sent to privately.
    A second address for mailing lists, and any kind of public posting.
    And a third address for anything guarenteed to end up in you getting spam. (Website signups for instance)

    Then you simply drop it into three different folders. This method combined with a good spam filter can eliminate virtually all spam.
  • by luge (4808) <slashdot.tieguy@org> on Saturday July 17, 2004 @06:18PM (#9727425) Homepage
    It is great. You never have to worry about giving out an indiscriminate address again. Signing up for a fantasy league on cnn/si? I used cnnsi@mydomain. cnnsi sold it and now I get several hundred spam a day there. And I can trivially filter and nuke them, with the added bonus that I know never to send them my business again. amtrak has amtrak@mydomain, I get all the mail from it, and can easily track that they have never violated their TOS. It's the greatest thing- I heartily recommend it to anyone who can.
    • And the worse offender I have so far is the slashdot@ address I setup here. Not that slashdot sold it of course - it's just been mined by every spammer on the block since a story submission was accepted. Lesson well learned there!

      I've gotten maybe a dozen spams with "made up" to: fields. I think the OP is over-analyzing all this.

    • by Zocalo (252965) on Saturday July 17, 2004 @06:43PM (#9727588) Homepage
      Alternatively you could also flip that on its head and proactively add new accounts as required, which is what I do. So, if the scumbags at "Foo Corp." decide to sell my email address, I simply delete the "foo@mydomain" entry from my aliases file and both the spammer and Foo Corp. just get a User unknown from the MTA. It avoids all the pain of having a catch-all address and as a bonus it makes sorting email into folders a snip because "To:" is always unique and relevent!
    • by KingJoshi (615691) <slashdot@joshi.tk> on Saturday July 17, 2004 @06:51PM (#9727630) Homepage

      I do this as well. I used to have an email address from MailBank (later changed to NetIdentity). They buy up domains with last names so you can do firstname@lastname.com. They started off charging $5 a year for email and now it's $25/year. I got fed up with it and bought my own domain name.

      Best move I did. I have greater control over it and feel more security about it as well.

      There is a free DNS service held by ZoneEdit [zoneedit.com]. If you only use it for one domain, it allows free email forwards, web forwards, etc. It has about all the services I could ask for (except hosting) for free (assuming you don't go over a quota).

      I have emails redirected to my gmail account as well as comcast (which also hosts my personal website). I could host this on my own computer or elsewhere and I have a lot of freedom to do what I want.

      And as the parent said, being able to create email addresses on the fly allows you to catch businesses that sell your email address, or find out where the spammers mostly target (and as another poster said, Slashdot is worst of all the ones I've created). It also makes it easier to filter with gmail and do searches and so forth.

      I know I'm being mostly redundant as others, but I can't emphasize enough how valuable this is, especially to a computer geek. And I'm only paying $7/year for all this! I can't mod the parent up any more so I just want to re-iterate the value of catchall addresses and owning your own domain name.

    • by droleary (47999) on Saturday July 17, 2004 @08:10PM (#9728015) Homepage

      I used cnnsi@mydomain. cnnsi sold it and now I get several hundred spam a day there.

      Are you sure they sold it, or were you merely a target of a dictionary attack (the dictionary being domains)? Same will go for amtrack@. All a spammer has to do is decide it's a significant enough domain to add to a dictionary and, BAM, you're getting spam there without any kind of TOS violation on Amtrack's part. Common word domains like amazon@ have long been dinged, and it is foolish to blame the company for your own poorly thought out system.

      If you really want to use a catch-all to track who sells your address, you have to use a hash or something else that you keep entirely secret and is not easy to guess, like c66915c4ff6a27e5f3aac08f58130ba9 for . . . guess who! :-) Otherwise you're just adding to the abuse that the spammers are dishing out to you.

      My own experience with a catch-all is that you're safe until you're hit by a dictionary attack, and then it never stops. I have domains with next to no traffic and a catch-all is fine, but in the last year I've had two of them get hit by dictionary attacks and after that each domain gets an increasing stream of spam attempts, currently around 1000/day. That's bad enough that I shut off the catch-all for the one I don't really use it with. The other one keeps SpamCop [spamcop.net] full.

  • Then every time you sign up for something create a new email address. Thene you can figure out who is selling your address, filter out that particular address, and so on. It makes managing your email and filtering out spam much easier.

  • i get lots of spam to my catch all address - lots of names form some dictionary probably. but you can switch the catch all adress off if shit happens.
  • by killbill (10058) on Saturday July 17, 2004 @06:18PM (#9727430) Homepage
    I fought it for a year or so, coding up custom filters, using spam assassin, you name it, and finally just gave up and blackholed it.

    Spammers are trying dictionary attacks against domains to try and guess live accounts. I would get 500+ copies of the same message to made up names in alphebetical order a day.

    That being said, I have since gotten on the Gmail beta, and just forward all my mail there now. It has a far better spam rejection rate then anything else I have tried, so if you forward all your mail to a google account and let them try and sort out the spam, it would probably be usable (and maybe even helpful to them to train their filters).
  • Spam ID .. (Score:3, Informative)

    by Manip (656104) on Saturday July 17, 2004 @06:19PM (#9727433)
    On the other hand if you leave the * account on, you don't need to creat a new account eact time you need one. I for instance only have one account on my mail server and that is the postmaster this allows me to invent e-mail addresses on the fly.

    With this ability you can make an e-mail address for each use of your e-mail for sites and forums like Slashdot@Domain.com and if you start getting spam at that address you can quiet happily block it via the filter.
  • by Rob Carr (780861)
    One of the options provided is to make one of your email accounts a catch-all account.... The question I have, is this a good idea or not?

    I have one of my e-mail addresses configured to catch all the "bad" addresses as you are talking about. There is an extraordinary amount of crap that account gets every day. It really isn't worth it, especially if you have the admin and postmaster addresses dump to your primary mail account.

  • by Anonymous Coward
    so, if you get spam on this specific address you know where to complain.
  • ...and I get very little spam (maybe 10 a day) directed to anything@mydomain.com, whereas my regular address gets around 150-200 a day. Thank goodness I have Postini and Thunderbird.

    I say go for it, because you can use filters to direct different addresses to different folders, which can be useful.

  • Yes (Score:3, Funny)

    by Saeed al-Sahaf (665390) on Saturday July 17, 2004 @06:20PM (#9727442) Homepage
    As a geek, I run my own mail server. A "catch all" that goes to /dev/null is great.
  • I've had a catch all address for over 4 years now...and whilst I get a fair amount of spam to that domain (just over 100 messages a day), the majority of those are to one real address I used years ago - and haven't used since. The rest is either to the main address I use, fairly standard guesses "sales@", "info@", "webmaster@", etc...or to one or two addresses that spammers seem to have made up, but have stuck. one of them is a misspelling of my name, another is "tressia" which I have no idea where that ca
  • I tried this with my email account, just in case an important mail went to another address. The day someone decided to spam *@mongeese.org, I killed that option. Some spam bot prefixed random names to @mongeese.org. Needless to say I ended up with around 300 emails one morning. All with the same bodies but different email addresses. I'm suprised it wasn't more than 300, I figured a spam bot would try sending to more names than that.
  • by FrenZon (65408) * on Saturday July 17, 2004 @06:23PM (#9727457) Homepage

    I run several catch-alls on my domains for several years, and I've never been spammed at [all]@[domains].com. However, just last week all my domains were hit by an email virus that did a dictionary-based attack. While it was all still caught by my spam filter, my spam filter is client-side, and after downloading 18200 emails, I decided it was time to shut down the catchalls.

    The only thing I really had to do was notify my friends, who are long used to typing whatever they want into the username section of the domain, tailored to whatever it is they want (eg boywhowillfixmycomputer@, bikemechanicmanwhowillalsofixmycomputer@ etc).

    • by lewko (195646) on Saturday July 17, 2004 @07:59PM (#9727971) Homepage
      The only thing I really had to do was notify my friends, who are long used to typing whatever they want into the username section of the domain, tailored to whatever it is they want (eg boywhowillfixmycomputer@, bikemechanicmanwhowillalsofixmycomputer@ etc).



      The worst thing is when your so-called friends figure out for themselves that you have a catchall set up, so you start receiving emails to pigfucker@yourdomain, grabass@yourdomain etc... and it's not even spam, it's from your friends!


      I now use the free http://www.spamgourmet.com/ [spamgourmet.com] for my disposable addresses and highly recommend it.

  • I see continual dictionary attacks against the domain names I own. When it happens I put the IP address of the spammer in the filter, but this only works for a short while because they're always moving around.

    In my limited experience, most of the dictionary attacks come from IP's that traceroute back to Singapore. Just blocking all incoming SMTP from Singapore IP's would be smart but I don't know how to do something like that.

  • by Bradee-oh! (459922) on Saturday July 17, 2004 @06:24PM (#9727469)
    I have a catch-all address at my domain. YES, there are huge amounts of spam. BUT, it is definitely worth the trouble IMHO, and here's why.

    1 - most of the spam seems to come to 5 or 6 addresses only - admin, root, sales, webmaster, etc etc. That's cake to filter out straight to trash.

    2 - The convinience of being able to sign up for random websites with a different address on the fly is great. For example, signing up on ebay to buy something and using the address "fromebay@mydomain.com" means you KNOW that only one person in the world has your email address so you know who to blame if spam starts coming in, and it is also a piece of cake to automatically filter those ebay emails straight to an ebay inbox, for example.

    3 - Not as significant as my first 2 points but still a nice perk in my setup is that I'm able to create email addresses for family and friends on the fly and just setup my own server to split the addresses out into their own inboxes.

    So if you will be running the server(s) yourself over slow dsl or cable, the volume of spam MAY be a concern to you. I get about 600-700 spams a day to the common webministrater addresses I mentioned, but it's no concern to me because I don't run the incoming email server and my dsl is more than fast enough to d/l them in a few seconds.

    But in any other case, I'd say it's well worth it! And on a slightly different note, I have been very impressed with the honesty and adherence just about everywhere has to their privacy policies regarding email addresses. over 2 years of using my system with about 50 "from@domain.com" addresses, only one of them screwed up and got the address on a spam list somehow - cancelling my account with them and filtering those spams straight to trash solved the problem.

  • by GrouchoMarx (153170) on Saturday July 17, 2004 @06:24PM (#9727471) Homepage
    I've been running my own mail account off of my own domain for about 2.5 years now, and I don't regret it. I do have the catch-all set to dump to my personal account, and it's not been a major problem. Most of the spam I get is addressed to a "real" address (either mine or one of my older accounts I have forwarded to me), and there's a lot of that, so the amount I get from the catch-all is negligible.

    In practice, actually, most of the spam-related stuff I get is mail bounces attempting to a random address with a faked from line of 63745624573@mydomain.com (or something like that). I really should look into implementing SenderID, but that would require hosting the server myself on a my dynamic IP instead of letting my web host take care of it. :-)
  • My webhost (which is where I do my e-mail) is the same way by default. It's catch all, then you just deny the addresses you don't want. So I used to do it like that. If an address started getting SPAM, it got on the ban list.

    Well between the new viruses and SPAM tactics that try random first names, that wasn't at all working. So I flipped the mode. Now NOTHING gets forwarded, excpet for ones I specify. This means I have to go add a new forward before giving out a new e-mail to a compnay whereas before I'd
  • In a word... (Score:5, Informative)

    by Vellmont (569020) on Saturday July 17, 2004 @06:30PM (#9727506) Homepage

    is this a good idea or not?


    No, it's not a good idea. Looking through my mail server (and other mail servers I administer) I've seen A LOT of attempts by spammers to harvest email addresses by just trying a lot of common names on the domain (and some strange not so common addresses). If you had a wildcard address, you'd get all that spam to that box.

    With no wildcard email address if people miss-spell a name on your domain, they'll get a prompt bounce message (and they'll probbably figure out the miss-spelling). With a wildcard they'll never figure out the miss-spelling, and may continue to use that wrong address.

    There's also the problem of auto-generated virus bounce messages from other peoples servers. Most viruses lie about their from address, and can even make up a @yourdomain.tld. If you had a wildcard all those erroneous "you sent a virus" messages would go to your wildcard box instead of just bouncing.

    Unless you want an account that's deluged with spam and like wading through it every so often on the off-chance someone sent a message to admin or postmaster, I'd not create a wildcard box.
  • Give it a try (Score:3, Insightful)

    by phalse phace (454635) on Saturday July 17, 2004 @06:31PM (#9727512)
    All I can suggest is to give it a try for a while (couple of months, a year) and see what happens. If you get a ton of spam and no important email, then turn it off.

    When I had my catch-all account, I rarely got any spam, and that's probably because most spammers won't really bother with trying to send you something at afhg329087dsfljifd90hlg@domain.com or whatever.
  • by kstumpf (218897) on Saturday July 17, 2004 @06:33PM (#9727522)
    I think it's best to just reject mail addressed to non-existent users during the SMTP transaction. My outside relay uses Postfix's relay_recipient_map to validate all recipients before relaying inside... anything not matching gets rejected with a 550. This saves my content filters (amavis/clamav) alot of work since we get TONS of spam to non-existent recipients.

    relay_domains = mysql:/etc/postfix/mysql-relaydomains.cf
    relay_re cipient_maps = mysql:/etc/postfix/mysql-recipient.cf,
    mysql:/etc/postfix/mysql-alias.cf
    relay_transport = relay:mx2.somethingawful.com

    If you don't validate recipients, then you probably SHOULD use a catch-all address. The alternative to this would be bouncing spam back to the (usually forged) sender, in which case you become part of the problem and can cause yourself major queueing problems.
  • by Diamon (13013) on Saturday July 17, 2004 @06:33PM (#9727528)
    I recently switched to using e-mail from my registar/hosting company, they included one free address and I paid for an additional 5 mailboxes.

    I set up an account for myself and my wife, and used the free account for a spam bucket. My account is set up as a catch-all. Whenever I sign up for something I use and address in the form slashdot.org@<mydomain>.com so if it does start getting spam I know who sold my e-mail address.

    If any spam comes in being caught by the catch-all I set up a forwarder to my spam account. For example dns@<mydomain>.com gets forwarded to spam@<mydomain>.com I then just set up my e-mail client to dump anything that comes in via the spam account directly into the trash.

    To date I have received spam on three addresses that didn't really exist (dns@, sales@ and info@), but overall it works very well.
  • by SmoothTom (455688) <Tomas@TiJiL.org> on Saturday July 17, 2004 @06:44PM (#9727595) Homepage
    "Most of the spam these days is ovbious spam like Subjects which make no sense and often have lots of spelling errors in the body."

    Uh, sorry, but that sounds just like the legitimate e-mail I get from some of my friends... :o)

    --
    Tomas

  • Use Mailinator! (Score:5, Informative)

    by popo (107611) on Saturday July 17, 2004 @07:05PM (#9727697) Homepage

    Forget the "Catch All" e-mail address. Use Mailinator [mailinator.com].

    FYI -- mailinator is a non-passworded public catch-all system. Perfect for temporary site registrations. I use it frequently and its an unbelievably good service...

  • by shadwwulf (145057) on Saturday July 17, 2004 @07:13PM (#9727746) Homepage
    From experience in operating multiple servers hosting many(read 10,000+) domains each, I can say that the catch all account is a VERY BAD thing.

    Spammers recently have turned to more use of the random username approach and the catchall catches, well, all. This can in some cases total to more than 4500 emails a day in some cases. Hardly something you want to pull through a POP3 connection if your ISP doesn't have effective spam filtration.

    Quite honestly the catch all serves little purpose if your email transactions are done in a correct manner. mailto: links have NO BUSINESS being on a web site for a company(or personal user for that matter) a simple CGI based contact form shields access from spam bots getting your email address and you can make sure ahead of time that your email address is properly configured.

    Secondly, if you are emailing somebody else, most people use a context menu on the email you sent to add you to their address book. Again that eliminates the human error factor.

    Also as others have already mentioned, a human will be able to read a mailer daemon response telling them that there was a mistake should they send directly.

    My $0.02

    SW
  • Whatever you do... (Score:5, Informative)

    by Fweeky (41046) on Saturday July 17, 2004 @07:15PM (#9727758) Homepage
    Make sure addresses like postmaster@ and abuse@ work. They're unlikely to get spammed, but may well receive important messages.

    postmaster@ is actually required by rfc2821 [rfc-ignorant.org], btw.

    As for the subject of the discussion; my catch-all addresses have been fine, but YMMV. If I was that worried about dictionary attacks, but still wanted the ability to give a new address out to each company, I'd do something like *-signup@mydomain or *@signup.mydomain or similar, but you might not have that level of control (in which case I'd recommend finding somewhere better to host your email, but *shrug*).
  • by microcars (708223) on Saturday July 17, 2004 @07:55PM (#9727960) Homepage
    getting a little OT here, but after experimenting with the * or "catchall" email address on several domains, I have found the best username to be....SPAM

    So many people use things like:
    johnNOSPAM@example.com
    john@NOSPAMexample.com
    johnREMOVETHIS@example.com...

    that the SpamHarvest bots seem to harvest emails and then REMOVE words like:
    SPAM
    REMOVE
    THIS
    NOSPAM

    before adding the names to their "fresh" list of email addresses to sell.

    but if they remove SPAM from SPAM@example.com, they are left with.....
    @example.com
    which should be undeliverable.

    so if your email is SPAM@example.com, you should get email from your friends, but my extensive use of that username on USENET has shown me that it does in fact work! I received only ONE spam email to that address in the past year of using it.

    getting back On Topic for a minute, see if you can "disable" the "catchall" or "*" email function at some point. While I have not been hit with a dictionary attack, its obvious from the other posters that it is not uncommon. If you can route all non-assigned usernames to null when you discover this to be a problem, you will save yourself some headaches.

  • by Mustang Matt (133426) on Saturday July 17, 2004 @08:16PM (#9728044)
    I don't get so much generic spam to @mydomain.com but I do get tons of bounces from spam that's sent out with a spoofed from @mydomain.com
  • Absolutely not (Score:3, Interesting)

    by macdaddy (38372) on Saturday July 17, 2004 @08:24PM (#9728081) Homepage Journal
    If you ever plan on using that domain for any legitimate purposes then do not EVER give it a catchall address. A catchall address blatently invites spam. Rumplestilskin and dictionary attacks will find an infinite amount of valid email addresses in your domain and your influx of spam will grow exponentially. At some point your provider will proclaim "Enough!" and either tell you to take your business elsewhere or will start charging your by how much email you send and receive. Don't doubt this. It will happen. If you provider had any sense whatsoever they wouldn't give you the option of having a wildcard recipient.

    There is but one valid reason for ever having a catch-all address. That reason is if you actually, honestly, truely WANT spam. "Who wants spam?"/I you say? I do. I have a handful of domains that have no other purpose in life but to collect spam. I've seeded addresses from those domains into dozens of spammers' "remove" forms. I built a list of 525,000 proper pronouns and used that to compile a list of userid@spamme-domains.tld addresses to seed those remove forms with. The end result is hundreds of thousands pieces of spam per day flowing into those domains. I archive much of it and automatically report the rest to the FTC as spam. Oh happy day. That's the only valid reason for ever using a catchall address that's publicly exposed to the Internet.

  • by hedronist (233240) * on Saturday July 17, 2004 @08:29PM (#9728107)
    Checkout Greylisting [puremagic.com].

    I run a friends-and-family hosting site (DNS, mail, web) for about 50 domains, almost all of which have catchall enabled. One user was getting 500+ spams a day, day in and day out. I was seeing 200-300 per day myself.

    Four weeks ago I built the latest sendmail with Milter turned on and installed relaydelay.pl. The next day that user received two (2) emails, both of which were from friends. I got 7 emails, only one of which was spam.

    Greylisting is the single most powerful anti-spam system out there. It blocks over 95+% of the spam and it doesn't "false positive" because it isn't doing pattern matches, Bayesian filtering or anything like that. It simply gives a TEMPFAIL to any email that has an unknown (from, to, server-IP) triple. If they come back more than X minutes later and less than Y minutes later, they are let through. Spammers almost always are using fire-and-forget SMTP servers so they don't retry, and so you never see their garbage. Positively elegant.

    If you are the sysadmin, check it out and install it. Otherwise, hound your admin/ISP to install it. It saves bandwidth, aggravation, and time.

    The corks just don't come out the way they used to.
    -- My Wife, dealing with one of the new Corqs(tm)

  • by digital photo (635872) on Sunday July 18, 2004 @04:16AM (#9729831) Homepage Journal

    Having done the same thing before, I can say that without a doubt, it will increase your spam.

    The thing is that alot of spammers seem to literally shotgun a domain with information harvested, then use those plausible usernames as email addresses. The end result is that your primary email account will get flooded with email not originally destined for it.

    If you do intend to do this, I would suggest the following:

    • Turn off java/javascript/vb/vbscript
    • Turn off auto-download of remote links
    • Turn off image preview
    • Turn off return-receipt

    Having these on when you check and go through your mail will cause an increase of spam above what you are getting.

    Best bet, have the domain name. Use one address, then close it and switch to another, within the domain. Have the original address just junk any future mails it gets once you are sure people have moved to your new address.

    Seriously, it's just not a good idea.

  • I control several domain names.

    In my experience, you need to block sales@, info@ and webmaster@. After that, most of the email (and spam) will be coming to the single @ wich you are actually using. There will be occasional bounces to random usernames (from spam spoofing from: addresses), but not very many in my experience.

    By the way there is no spam to unpublished postmaster@ addresses, probably because this is not an address spammers want to irritate :)

    Some other users have complained that they got under a dictionary attack like you describe. But not me.

Little known fact about Middle Earth: The Hobbits had a very sophisticated computer network! It was a Tolkien Ring...

Working...