Is A Catch-All Address Worth The Spam? 579
wildzeke writes "I plan on switching Internet providers this summer to get a faster speed. Since losing an email account is the biggest pain when switching providers, I decided to pay the extra money to have email for the domain I registered. One of the options provided is to make one of your email accounts a catch-all account. In other words, any email sent to this domain with out a valid user name, will be dumped in the catch-all account. The question I have, is this a good idea or not? On one hand, it may catch important email such as admin, or postmaster or simply mis-typed user name. On the other hand, the catch-all will open the flood gates to spam who will send to [all user names in the world]@domain.com."
I do it (Score:1, Interesting)
You're opening your gates to nonvalid emails, but that doesn't seem to be a threat. As stated earlier, no one wants nonvalid emails.
I gave it up after a year (Score:5, Interesting)
Spammers are trying dictionary attacks against domains to try and guess live accounts. I would get 500+ copies of the same message to made up names in alphebetical order a day.
That being said, I have since gotten on the Gmail beta, and just forward all my mail there now. It has a far better spam rejection rate then anything else I have tried, so if you forward all your mail to a google account and let them try and sort out the spam, it would probably be usable (and maybe even helpful to them to train their filters).
One Person's Experience (Score:2, Interesting)
I have one of my e-mail addresses configured to catch all the "bad" addresses as you are talking about. There is an extraordinary amount of crap that account gets every day. It really isn't worth it, especially if you have the admin and postmaster addresses dump to your primary mail account.
mr_you_only_know_this_one@mydomain.com (Score:2, Interesting)
Been there, done that (Score:4, Interesting)
I run several catch-alls on my domains for several years, and I've never been spammed at [all]@[domains].com. However, just last week all my domains were hit by an email virus that did a dictionary-based attack. While it was all still caught by my spam filter, my spam filter is client-side, and after downloading 18200 emails, I decided it was time to shut down the catchalls.
The only thing I really had to do was notify my friends, who are long used to typing whatever they want into the username section of the domain, tailored to whatever it is they want (eg boywhowillfixmycomputer@, bikemechanicmanwhowillalsofixmycomputer@ etc).
Re:No big problems here - not correct for me (Score:2, Interesting)
Re:the whole /point/ of a catchall address is spam (Score:2, Interesting)
If it ever gets violated, add that address to an account with zero or small size limit and let it bounce back to them.
I get less than a half-dozen pieces of spam per month. Most are to the address I put in the whois information (whois@domain), followed closely by sales@domain, info@domain and webmaster@domain, none of which were intended to be valid addresses anyway.
Just dump non-existent users (Score:5, Interesting)
relay_domains = mysql:/etc/postfix/mysql-relaydomains.cf
relay_r
mysql:/etc/postfix/mysql-alias.cf
relay_transpor
If you don't validate recipients, then you probably SHOULD use a catch-all address. The alternative to this would be bouncing spam back to the (usually forged) sender, in which case you become part of the problem and can cause yourself major queueing problems.
No Daddy! (Score:2, Interesting)
They're bloody cheap and'll do anything an extra few cents..........
DK
Greece is the Word
The problem is these newfangled worms... (Score:2, Interesting)
Re:No big problems here (Score:5, Interesting)
My experience doesn't match. I've got my own domain, hosted on my home computers. I don't use a catch-all address, but my mail logs show anywhere from 400 to 1200 emails daily bounced because they're addressed to invalid email addresses. Roughly 80% of these come with an envelope from address of (null, supposed to be used only by bounce messages). Because spammers are sometimes known to use as an envelope from address on spam, I can't be sure that these are all bounce messages. I am pretty sure, though, that they represent either spammers using a dictionary attack on my domain, or spammers using @mydomain> as a From address for that spam. And the other ~20% are pretty well for sure dictionary attacks on my domain.
Now, I'll admit that while I'm by no means a big-time anti-spammer, I have done my share of reporting spammers to their ISPs and posting on nanae. It's possible that I've gotten on a list of 'known anti-spammers' that spammers use for generating spam from addresses, just for harrassment potential. My experience may apply mostly to those who go beyond filtering in fighting spam. But it is another data point.
Re:No big problems here (Score:3, Interesting)
My experience so far has been the opposite. I got my own domain about four months ago and put my website there. So far, the only address at that domain that I've publicised on the web has been webmaster@. To date, this address has received only one spam. (To be fair, I think most spammers filter "webmaster" out - my old ISP let me use webmaster@username.domain. That was visible for about six years, and that got hardly any spam either. Other addresses that have been visible on the web have been spammed mercilessly, to the point where I've had to tell the server to drop anything sent to them.)
Anyway, my point was that within about a month of my domain being created, I started getting spam to sales@. A month after that, they started trying info@ as well. Seeing as I had never used those addresses in any way, and had no plans to use them, I felt no compunction in auto-forwarding them to uce@ftc.gov.
So, I use the catch-all address. I find it useful for the usual trick of telling any company that wants my address that it's company@my.domain. I don't have to do anything else to allow the mail through, but if I start getting spam to that address, I know who sold it (or who got hacked). This hasn't really been a problem for me, though. Maybe I'm just paranoid about giving out my address in the first place.
Disagree (Score:5, Interesting)
If it is a personal domain with perhaps a couple of description pages and even a blog then, like me, you will get no more (from personal experience) than 10+ random (random in the way they are sent to webmaster/admin or anything that * catches other than regular) messages/week. No big deal
A better known site seems to get a greater ranking in auto-traffic (let me generate logos, banners, security, etc for your website). But an email address listed on the site (my site) gets far more spam than a generic catch-all (e.g., I have "email webmonster@....com" as the auto admin address, more emails come to that than webmaster coz it's googled/harvested on those lists).
But the original statement said "I decided to pay the extra money to have email for the domain I registered" WFT?! Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!
Re:the whole /point/ of a catchall address is spam (Score:5, Interesting)
I do this as well. I used to have an email address from MailBank (later changed to NetIdentity). They buy up domains with last names so you can do firstname@lastname.com. They started off charging $5 a year for email and now it's $25/year. I got fed up with it and bought my own domain name.
Best move I did. I have greater control over it and feel more security about it as well.
There is a free DNS service held by ZoneEdit [zoneedit.com]. If you only use it for one domain, it allows free email forwards, web forwards, etc. It has about all the services I could ask for (except hosting) for free (assuming you don't go over a quota).
I have emails redirected to my gmail account as well as comcast (which also hosts my personal website). I could host this on my own computer or elsewhere and I have a lot of freedom to do what I want.
And as the parent said, being able to create email addresses on the fly allows you to catch businesses that sell your email address, or find out where the spammers mostly target (and as another poster said, Slashdot is worst of all the ones I've created). It also makes it easier to filter with gmail and do searches and so forth.
I know I'm being mostly redundant as others, but I can't emphasize enough how valuable this is, especially to a computer geek. And I'm only paying $7/year for all this! I can't mod the parent up any more so I just want to re-iterate the value of catchall addresses and owning your own domain name.
Re:Disagree (Score:3, Interesting)
But I think it depends on what you are using your domain for; wildcard spam is minor/rare compared to targetted spam:
My main address (unmunged, in this message's header) gets about 500 spams per day. Before I removed the catch-all I was getting almost twice that. Granted I am not everyone, but a few other people are in the same boat as I am. My web host [pair.com] has its own private news server (i.e. not connected to Usenet), and quite a few people who post there talk about getting thousands of spams sent to nonexistant addresses on their domains every day. Turning off the catch-all is a no-brainer in that case.
Go to something like directnic.com, get your domain for $15/yr and get mail forwarding included (including wildcard)!
I am leery of most of those "quasi-registrars". I have a full fledged registrar [pairnic.com], and I get those features, SPF, IPv6, et al. and it is all included in my free account, for the same $15 (or less) per year per domain.
Re:Disagree (Score:5, Interesting)
My company's primary domain is registerd with technical contacts of "hostmaster@[our_domain.com]" and for years we never got a spam. Then about 2 years ago, somebody must have included it in a big master list; now it takes about 30-50 spams a day on average, mostly true "bottom feeder" crap like cialis and vicodin and *adult* crap.
My work email's been out there a lot longer, but doesn't draw nearly the number of spams and about 80% of them are financial/economic scams - mortgage and stock touts, lottery, 419, etc.
Upstream filters are blocking emails with virus attachments; I have no idea how many of those are coming in...
Re:Disagree (Score:3, Interesting)
The best is no more 200 virus messages going through names A to Z. I'm sure a good spam filter would take care of the catch-all spam.
My spam rate went way up with my previous provider (servercentral). I don't know if I just got hit hard or if they're just crappy. Lots of it was addressed to servercentral@servercentral.com Just 86'ing that address cut spam back.
Re:So close.... and yet so far (Score:2, Interesting)
This is *such* annoying advice. I have a long-duration (approximately 1993) very public email address, and it's spoofed a lot and one of my main annoyances is this auto-replied "You've reached a bogus address or domain" message.
DO NOT send any auto-replies for anything.
DO NOT send messages saying that the (probably spoofed) sender has sent you a virus.
Absolutely not (Score:3, Interesting)
There is but one valid reason for ever having a catch-all address. That reason is if you actually, honestly, truely WANT spam. "Who wants spam?"/I you say? I do. I have a handful of domains that have no other purpose in life but to collect spam. I've seeded addresses from those domains into dozens of spammers' "remove" forms. I built a list of 525,000 proper pronouns and used that to compile a list of userid@spamme-domains.tld addresses to seed those remove forms with. The end result is hundreds of thousands pieces of spam per day flowing into those domains. I archive much of it and automatically report the rest to the FTC as spam. Oh happy day. That's the only valid reason for ever using a catchall address that's publicly exposed to the Internet.
One word: greylisting (Score:5, Interesting)
I run a friends-and-family hosting site (DNS, mail, web) for about 50 domains, almost all of which have catchall enabled. One user was getting 500+ spams a day, day in and day out. I was seeing 200-300 per day myself.
Four weeks ago I built the latest sendmail with Milter turned on and installed relaydelay.pl. The next day that user received two (2) emails, both of which were from friends. I got 7 emails, only one of which was spam.
Greylisting is the single most powerful anti-spam system out there. It blocks over 95+% of the spam and it doesn't "false positive" because it isn't doing pattern matches, Bayesian filtering or anything like that. It simply gives a TEMPFAIL to any email that has an unknown (from, to, server-IP) triple. If they come back more than X minutes later and less than Y minutes later, they are let through. Spammers almost always are using fire-and-forget SMTP servers so they don't retry, and so you never see their garbage. Positively elegant.
If you are the sysadmin, check it out and install it. Otherwise, hound your admin/ISP to install it. It saves bandwidth, aggravation, and time.
The corks just don't come out the way they used to.
-- My Wife, dealing with one of the new Corqs(tm)
Re:No brainer (Score:3, Interesting)
Re:No big problems here (Score:3, Interesting)
The same was true for me until a few months ago. My tactic was, whenever I needed to give out an email address, it would be their_company_name@my_domain. If I started getting spam to that address, I'd know who was to blame for selling me out. I could also just blacklist that address.
Then, very recently, after my domain started getting popular on google, I started getting spam sent to a whole ever-changing list of random names @my_domain: cunningham@ dennis@ schmidt@, etc. Something on the order of 300 pieces per day. It's very clear that this is all from the same spammer, because it's always the same product: software. And the content of the email always follows the same pattern: chunks of web pages pulled at random to fool the spam filters, followed by something like: "N0r-t0n S0ftw-are 0-n Sa1e T0d-ay".
He uses a huge variety of mail servers all across the world. I'm thinking of blocking email from all Non US/EU IP ranges, though I could probably just install a filter a basic lameness filter that check for too many zeroes in the message body :)
Re:Disagree (Score:5, Interesting)
Re:No brainer (Score:3, Interesting)
Re:Disagree (Score:5, Interesting)
Wow. Could you be more wrong? As sysad for two smallish ISPs, I've been seeing serious SPAM attacks as (random string)@domain.com.
As many as 200,000 attempts in 24 hours. Repeatedly, for multiple domains. From hundreds of different sources. (We even put in a double bounce handler to identify source addresses; it was rare to see any single IP addresses attempt to deliver more than 10-20 in a 24 hour period)
While your other points are valid ones, on this one you are dead, dead wrong.
And, to the article poster, NEVER USE A WILDCARD. EVER. A bayesian filter running at 99.98% effectiveness would still not be as accurate as sending all wildcard email to
Re:No big problems here (Score:3, Interesting)
Re:No brainer (Score:5, Interesting)
Joe Sixpack
Street, City etc...
You'd expect to get it.
If I sent a letter, but with the name in any of these variations:
JoeSixpack
J Sixpack
Joe T Sixpack
You'd still expect to get it, right?
Now do you understand why people are telling you it's spelt correctly, when infact there's an extra space in there?
Perhaps it's the original designers of the email systems we use, who's intelligence has been overestimated. Because they made addresses far to easy to get wrong.
Now, as a web designer. I understand why these things are that way. But many--including intelligent--people don't understand these little technicalites. Because the expectations of other things in life has taught them differently.
Re:No brainer (Score:2, Interesting)
Re:Disagree (Score:2, Interesting)
I used my old domain (which is still up) only for blogging (and not even adult content), but I now get [per day!!!] about 1000 spam messages, and all of them to a non-existant wildcard address on that domain.
I now only glance through it to see if any email gets through that needs to be forwarded to my new emailaddress...
Re:No big problems here (Score:4, Interesting)
BTW, you're intentionally inciting a DoS attack on the RFCI folks. Don't you know that's illegal? Maybe you should just step away from the computer now before you really get yourself into trouble.