|Are Catch-all E-mail Accounts Dead?|
When configuring a domain's e-mail, I used to set up a default catch-all e-mail address as a matter of course. That way, incoming e-mail with a spelling error in the address could still be caught, as well as items addressed to "webmaster", usernames of past employees, etc. I found that important communications often ended up in the catch-all address.
The spam deluge has made this strategy almost unusable now. Spam is addressed to common usernames like "info", past employees no longer receive business communications but live forever in spam lists, bounces from worm/virus e-mails that forged a return address flood in... The percentage of valid e-mails recovered is infinitesimal.
In a few important domains, I continue to review catch-all e-mail and let my spam filter do the initial sort, but the load of garbage is so great that I'm thinking of deactivating this and letting them all bounce. Am I the last person on the planet to even attempt to capture mis-addressed e-mails, or are there fellow-sufferers out there?
One thing I've done is to anticipate the most common errors and set up forwarding rules for those. For example, by far the most common error I see is the sender forgetting what the organization's naming protocol is and guessing incorrectly. Hence, if John Jones is email@example.com, items will regularly end up being sent to firstname.lastname@example.org. So, I set up a forward for "jjones" and perhaps even "john" - this corrects the most common errors without needing a catch-all account.
I'm still having difficulty flipping the final switch, though, on my last few domains with that feature...
All of my catch-alls are still in place. Between myself and Mailwasher Pro, we make sure that nothing important slips through the net.
My surname is extremely easy to mis-spell, and I have a significant number of communications from people I wouldn't want to miss picked up by catchalls.
Some of the mis-spellings are most odd ... makes me wonder sometimes if alcoholism is rife in the industries I cover :)
The joy of this forum is the relief to know that I am indeed not the last person left who checks mis-directed mail for legitimite bounces. Spam filters handle the bulk and we love (& need our customers) even if they can't spell our names correctly.
I still run catchalls as well - though not on all domains.
And yes - I get maybe 2000 emails on it a day, mostly from viruses - autogenerating usernames for a domain - and then hitting things really hard.
But - I still catch several emails a week that I am glad I could catch. I'm too wondering when the "downloading 1822 email" for the sake of 1 of minor importance no longer is worth it.
It's funny that this topic has come up. I was just speaking with my Server Admin yesterday about catch-all accounts and what steps we should take.
My recommendation is that they be eliminated altogether. Years ago before the UCE was out of hand, a catch-all account was an added feature of email. Today, it is a detriment.
Over the next two weeks, we are removing all catch-all accounts and will be disabling the feature in our email program. If there is one thing that is feeding the UCE, it is the catch-all accounts. I'd say at least 30-50% of the UCE received is to a catch-all account.
Users are viewing their catch-all accounts with a Preview Pane open. So, when they click the email subject link to review the body in the Preview Pane, I do believe they are phoning home and sending a message to the sender that the mail was read. This keeps that catch-all account name in the UCE list as it is a valid account (no bounce).
Our new plan is to tell clients to give us all email addresses that they think should be set up as forwards due to misspellings. We then set those up as aliases with a forward and then forget about them.
Before you make a decision that might cost you business, I'd advise waiting just a few more weeks until the effects of the new Sender Policy Framework on spam volumes can be evaluated. Some major ISPs plan to roll this out October 1st, and companies who send legitimate e-mail communications should be configuring and testing SPF [google.com] on their domains now in order to avoid having their messages blocked.
Catch-all addresses are dead, yes, but there are other things we need to do to manage the situation.
Common problems arise from employees who have left a company, and the eternal misspellings. The latter can be dealt with by defining some redirects, but an end-user receiving a bounced mail need to have more information than the simple default error message.
If I get an address wrong and the email bounces, then I should receive an error message which is tailored to the situation. Once, I emailed someone at a large company. I spelt the guy's name wrong, but it was a common name. The bounce came back saying something along the lines of "The user is unknown, but you could have been trying to contact one of the following:" followed by a short list of similarly-named people working for the company. After that, there were links to the company website, a general contact address and to a contact form on the website. The person I wanted to contact was in the list, I was able to update my address book and I knew how to spell his name in the future when preparing contracts, etc.
That showed to me that the email admin had taken the effort to manage the email service well, and it was great from a customer-service viewpoint - better than the catch-all which justs risks your important email being deleted with a million spam emails.
I just got rid of all mine recently, because of the spam. About 2000 a day. My life is much simpler now.
Catch All still there. But in the last 15 days, I have been setting message rules based on subject lines of spam emails. For example, any email with the subject line containing the word "apply now" goes to the JUNK folder.
My database of keywords is growing bigger everyday. And my keyword list is becoming exceedingly efficient in sorting out spam mails from business mails
>>> About 2000 a day
Is that from one domain? That's an incredible number.
It's interesting how many members still make use of catch-all addresses. I was ready to nuke a couple of my worst offenders, but perhaps I'll hold off.
2000 spam messages a day seems like a lot, but I suppose it depends on the number of domains and the characteristics of those domains. I'm finding a few hundred a day for popular domains is typical (i.e., domains that have been around for a few years, have good inbound linkage, etc.). Some of the spam comes to real addresses, the rest to bogus or guessed addresses.
killed all my catch-alls about 2 months ago - was getting upwards of 5000 spam emails a day at the end. Much better now.
Anyone who isn't troubled by a catch-all is lucky but only so far because it is only a matter of time before the tidal wave arrives. It will then grow exponentialy.
I have removed them from everywhere that I can remember putting them and have also offered to remove them FOC for Ex Clients who historically may still have them from years ago.
better to set up extemely aggressive spam filtering than cease to have the catch all domain
|Users are viewing their catch-all accounts with a Preview Pane open. So, when they click the email subject link to review the body in the Preview Pane, I do believe they are phoning home and sending a message to the sender that the mail was read. This keeps that catch-all account name in the UCE list as it is a valid account (no bounce). |
If you don't reply to the spam you get, and your e-mail is set to *not* "auto-load" inline images, then what's the harm with Catch-All? Just because you "Catch-All" doesnt' mean you have to "read all". You can. have a list of good addresses and common spelling of them, which you read, and then auto-delete the rest.
To me, bouncing some addresses, and not bouncing others, is effectively telling the spammers which e-mail addresses are valid.
So far, my favorite XP SP2 change is the fact in-line images are not auto-loaded in Outlook Express.