What are the real-world caveats of offering "catch-all" mailboxes (a.k.a. "nobody" aliases in IMail)?
The biggest risk is from dictionary attacks, where the mailbox server will accept all mail for a domain, rather than rejecting all msgs for unknown users (which more efficient, no msg actually received and queued and delivered).
A hosting provider, I have long denied this service to our customers for fear of spammers inundating our mail servers with fabricated addresses culled from a name dictionary.
good policy
Furthermore, I fear that when those spammers do not receive a "No Such User" error, they will catalogue the bogus addresses as "legit," share it with other spammers, and forever send thousands (millions?) of mis-addressed messages to a domain that has long since disabled the catch-all feature.
That fear is not worth acting upon.
Rejecting mail to unknown users is quite efficient (but of course at very high rates it can become resource-exhausting.)
Am I overreacting?
nobody domains are evil.
If you have good anti-spam defense, so what if some spammer knows your real addresses? Knowing an address is not sufficient to deliver to that address.
Len
_____________________________________________________________________ http://MenAndMice.com/DNS-training: Seattle; Chicago; San Jose; Wash DC IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
