From the desk of: Sam C. Chan

Hosting Admin: Catch-All Email Alias

March 12, 2004

Modern hosting accounts have a "catch-all" feature. Be default, there's an alias "catch-all" pointing to the "admin" account. When someone email to a non-existent address, due to typo or account deletion, it'd be forwarded to the built-in "admin" account. Spammers are now known to send email to generated addresses, such as: resume@ sales@ info@ joe@ mary@, etc. In other words, they carpet bomb a domain in hope of hitting a recipient.

Your options:

1. Active, attended Catch-All. Leave catch-all alias active. Routinely login to admin account to process the stray legitimate email, notify senders or simply forward to the rightful recipients, and finally, delete the remaining junk. Failure to do so will result in junk mail eating up valuable space quota.

2. Disable catch-all feature by simply deleting the catch-all alias. This strategy is known as "bounce." All email sent to non-exisitent names will be bounced back to sender along with a notice. That means your mail server will send a copy of the inbound message (with attachments and all) to the return address, for each and every bad inbound recipient name! This could potentially incur significant bandwidth. For the average business, the bandwidth allotment is high enough (relative to actual usage) that it's a moot point.

3. Blackhole Catch-All. Delete the built-in alias to admin. Recreate a new Catch-All alias to Sender will not receive any notice of invalid addresses. This is considered appropriate and is common practice nowadays.

As of March 2004, the Bravo recommended option is #3. For those sites where we assume the role of administrators, we implement option #3 by default, unless otherwise specified.


#1 requires too much efforts if you receive astronomical amount of spam. Some people forward it to an existing user account (instead of admin, still unmanageable).

#2 is VERY dangerous! Bouncing is considered inappropriate and counter-productive nowadays. 99.9% of mail with bad inbound addresses use SPOOFED return addresses. Most likely, your bouncing will:

a. serve as "mail bomb," exploding the innocent victim's mailbox, whose address happens to be used by spammers as return address. Or,

b. become "accidental spammer" sending massive amount of email to non-existent addresses, which in-turn trigger a perpetual storm of double-bounce notices, etc.


Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us