Farewall Catch-All, I Will Miss You
Aug 23rd, 2007 by Alex
With a small degree of sadness, I removed the catch-all from my domain today.
I’ve owned this domain for almost a decade. In all of that time I’ve had a catch-all. It was convenient and handy to be able to create email addresses at the drop of a hat. At Bob’s Electronics Depot and need to provide an email address for registration of some new gadget? No problem, just write down bobsdepot@moundalexis.com. No accounts to create. No tables to update. No need to give out your real email address. If they sent something there, it’d be there waiting for me.
The only problem is backskatter. From time to time a spammer sends an email to someone and uses my domain on the “From” line. Most of the time they use a bogus address, such as s123jq12e@moundalexis.com. This causes two problems. There are the poor folks that actually receive the spam and think — incorrectly, but that’s a more technical matter — that its my domain responsible. Then there are all of the instances where the spam fails to be delivered; the receiving server sends a rejection message to the email address listed on the From line. Because of the catch-all, all of those come to me.
Once in a while is fine but when a spammer goes and spoofs my domain name and sends out hundreds of thousands of spam messages, thousands of those are destined to fail and be returned to me. Rather than deal with the large scale backskatter again, I decided to kill my catch-all. I will miss it, but it took too damned long to sort through all of that mail. I’m pretty sure I deleted a handful of valid emails in the process.
I did want to retain some of the vanity addresses that I’d be using, so I scanned the headers of my email archives to locate all of the addresses that I’ve used over the last 4-5 years. I went through and identified 37 named accounts to continue forwarding. I added them to my virtual mailbox table and then removed the catch-all.
I also got to comment the following bit out my procmailrc. Mail coming to these have been known to be spam for some time.
:0 * ^To:.*(fc|frommyheart|getpaid|wb|sales|oss)@moundalexis\.com IN.dead
Many of the vanity addresses are for newsletters and vendors. These days I’m more concerned with their ability to keep their user lists secured. In the past this was never a concern; I always felt it more likely that a vendor would sell their user list to marketing firms. It happened with CRN before, although I never found out whether they sold their data or whether it was compromised.
I tested from my Gmail account, sending a message to test@moundalexis.com.
Aug 23 16:11:29 vision postfix/smtpd[18927]: NOQUEUE: reject: RCPT from nf-out-0910.google.com[64.233.182.188]: 550 <test@moundalexis.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<XXX@gmail.com> to=<test@moundalexis.com> proto=ESMTP helo=<nf-out-0910.google.com>
The Gmail domain has been auto-whitelisted over time and doesn’t get greylisted, but I did confirm that greylisting is still taking place before the virtual mailbox table is checked.
Aug 23 16:12:12 vision postfix/smtpd[18927]: NOQUEUE: reject: RCPT from amy.aimforcute.com[65.98.99.18]: 450 <Kapil430@moundalexis.com>: Recipient address rejected: Greylisted for 5 minutes; from=<> to=<Kapil430@moundalexis.com> proto=SMTP helo=<splash.scarrot.com>
I’ll have to create vanity addresses by hand now. A little bit of effort and a little less spontaneity, but I’m looking forward to the less garbage in my mailbox.
I’ve never been a fan of setting up a mail server to have a catch all address. Too easy for spammers to get through. I’ve always gone through the added effort of adding a new alias for a new email address I use to sign-up for a website or online store.
This method actuall helps make writing procmail recipes easier since I know where legitimate email to that address should be originating from.