The danger of catch-alls

Someone thought it necessary to have

@theirdomain.com junk-theirdomain-spam@gmail.com

as a forward here.

The problem: they get about 50,000 dictionary style email spams a day, their domain is being actively used by spam rings (so they get returns to gibberish@theirdomain.com) and the presence of a catchall accepts them into our queue.

So it starts over the last couple of days with Amavisd-Spamassassin-Clamd-et al constantly running, wiping out about 95% of these and forwarding the rest to gmail.

As we wonder why the scanners are nearly constantly running after the last few days, I decide let email through them while we look at their innards (that way email still get’s through and interestingly enough most spam is blocked before the scanners). Well, 30 minutes and 20,000 emails to theirdomain.com later, it seems to have filled up their gmail account, led to their gmail account being suspended and bidwell’s email queue found itself full of things that should have never even made it into the queue.

Catch-alls are dead, they shouldn’t be used and at the first sign of a problem, they need to be dropped.

What happens otherwise? A NOQUEUE that doesn’t even accept the email after an initial handshake is the only thing that allows for a relatively small number (tens of thousands) of email users not have to a million dollar email system.

Apr 13 17:45:51 bidwell postfix/smtpd<sup><a href="#fn78462">78462</a></sup>: 
NOQUEUE: reject:
RCPT from mail.t-intra.de[62.156.147.75]: 550 
<qukedvtwzhpu@theirdomain.com>: Recipient address rejected: 
User unknown in virtual alias table; from=<> 
to=<qukedvtwzhpu@theirdomain.com> proto=ESMTP 
helo=<mailc0911.dte2k.de>

{cross-published from the status blog}

·:· Posted 13 April 2005, 18:30 by Jason Hoffman to Stuff  |  

  1. Sounds very logical to me. I could never understand why someone would want to use a catch all email. If someone can’t use a contact form on your site or can’t find your email listed, or doesn’t already have it, then why would you want to hear from them? Did anyone that used catch all emails ever get anything that wasn’t junk in them?

    Colin    13 April 2005, 19:35    #
  2. I use catch-alls as a convenient means of creating disposable email addresses. Any address at my domain will get to me. If any address starts collecting too much spam I can then block that one address, but otherwise I can create email addresses on the fly. It works, and with a rather uncommon domain, it hasn’t generated mucn (any?) spam for me so far.

    andy    13 April 2005, 20:08    #
  3. Andy, I guess that makes sense, I just have a email address “random” hosted on one of my domains which I use to sign up for things that I think will generate spam.

    Colin    13 April 2005, 21:07    #
  4. I think this is a totally reasonable decision on TextDrive’s part. My question is: what does this mean for the average TextDrive user with a few domains? Anything?

    Dave Adams    14 April 2005, 14:18    #
  5. Ditto to Andy’s comment. I further use this to have email addresses of the form foo*@domain.tld and bar*@domain.tld go to foo and bar’s mailboxen respectively. For me, the boon of using all different disposable addresses is that I know where the spammer got my address from and that I can stem the flow of spam without invalidating all my disposable addresses (most of which I want to remain valid indefinitely).

    So far I have gotten zero spam to my relatively obscure domain with catch-all turned on.

    Jon    14 April 2005, 16:20    #
  6. Catch-all are not dead-dead-cannot-have. They’re “don’t you want them dead”? Otherwise there’s always going to be cleanup situations like this one.

    jason    15 April 2005, 07:56    #
  7. Jason,
    Can you suggest a different solution, perhaps at the MTA level, that would permit classes of addresses (e.g., foo*@domain.tld) but deny all others? Personally, I’ll always favor a policy of avoiding spam rather than filtering it, because I hate the idea of false positives, and a filtering solution is something that must be perpetually maintained as spammers adapt. If I could have that, I’d have no problem getting rid of the catch-all.

    Jon    15 April 2005, 15:11    #
  8. I also use catch-all for disposable email addresses. While my main domain’s mail is still directed to my home box, I take advantage of it by using a feature of qmail in that all mail directed to username-foo@domain.com will be redirected to username@domain.com’s mailbox. That way, all your disposable email addresses begin with the same word, and can be created on the fly, while invented ones won’t go anywhere.
    Could something similar be done with postfix?

    Victor    20 April 2005, 08:11    #
  9. I do something similar without a catchall. I just create aliases to my regular box like this 2005foo@mydomain.tld. Each year I kill last year’s alias. For entities that I will have an ongoing relationship with, I use an alias entity@mydomain.tld. As someone else pointed out, I can tell if someone has sold me out and act accordingly. So when TextPanel comes online with a front page instant email alias tool (right?), I’ll really be all set. Cheers.

    Alex    20 April 2005, 11:43    #
  10. if you want disposable addresses then check out spamgourmet.com. it’s free and you have variety of domains to choose from.

    hunox    6 May 2005, 16:06    #