On 3/11/04 at 10:59, Timothy Binder wrote:
> On Mar 11, 2004, at 11:26 AM, Telcontar wrote:
>
> > I get regular spam to several such addresses at my domain. I set my
> > personal address to be a catch-all, so that I can use any address I
> > like and invent ones on the fly when I want to (a subdomain of mine
> > uses an address that doesn't exist, for example).
>
> Be careful. I do the same thing, but about a month ago, I started
> getting email to "ted", "alex", "mary", etc @mydomain -- just random
> first names. I don't recall if it was a spam or a virus, but I had to
> add a long list to the router. They're all tagged as spamtraps.
> Fortunately, it died down, once there were about 10 or so names listed.
Probably a dictionary probe by a spammer looking for valid addresses on
your server. If it looks to the sender like a message was successfully
delivered, the sender will assume that the recipient address exists and is
valid. This is a compelling reason to not have a general catch-all address
-- it only encourages the scum to keep flooding your server.
> As an alternate, I was considering setting up a limited catch-all,
> which would only allow email through that fit a pattern, such as
> [EMAIL PROTECTED]
A much more rational strategy. I have a line in my router for my personal
address:
<cbort-*> = cbort
That way, I can give an address to entities that I don't entirely trust not
to pass the address along to third parties. If I submit a form on XYZ's web
site, I can give my address as [EMAIL PROTECTED] and know that I
will receive mail sent to that address. If I subsequently start getting
mail to that address from a third party, I will know that XYZ sold me out.
If it gets bad, I can turn cbort-xyz into a spamtrap.
> > However, that means that I keep picking up mail directed to
> > webmaster@, sales@ and even contact@, which is a pain. I've set
> > sales@ to redirect everything to [EMAIL PROTECTED] (*evil grin*), and
> > Webmaster auto-responds telling the sender to use the address found
> > on the site (so one day I'll need to go clear that account out). I
> > should really set webmaster@ to bounce to [EMAIL PROTECTED] too, seeing as my
> > real address is plenty easy to find for any real visitors, and anyone
> > mailing me at webmaster@ is a clueless fsck :P
Rather than 'redirecting' to [EMAIL PROTECTED], you could simply route to NULL.
E.g.:
<sales> = null
> I would just set them up to route to "error", so the other side gets a
> proper bounce. That way you don't even bother eating up any of your
> bandwidth accepting the email body and mail just doesn't disappear from
> the Internet.
Yes, routing to error is better than routing to null. In the case of
dictionary probes, addresses routed to 'null' look, from the sender's pov,
like successful deliveries. Addresses routed to 'error' will receive a
proper bounce that will prevent the sender from adding that address to
their database as a 'good' one.
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
