We seem to run into a continuing problem with domain administrators pointing the catch-all to a valid email account or an account they setup called spam. This always make them vulnerable to spammer dictionary attacks. (We have captured spam going into the 'spam' account but this just adds much more). We try to educate them that they should always use 'set catch-all bounced' but it seems hard for them to understand.
Has anyone come up with a popup window, special alert message, etc. that shoots out a warning when they select anything other than 'select catch-all bounced'.
Best Regards,
Jeff Koch
