In reply to a post by kwikbreaks:

In reply to a post by Andrue:

I have a rule on the primary mail server that deletes anything that doesn't match my templates. So although I have a catch-all, random junk is going to be silently deleted. Would it be better to bounce it instead?

As 99% of return addresses on spam are spoofed all that bouncing spam does is pass it back to the victim who's email addess is being used. Better to just drop it IMO.

That was my thinking. A couple of websites point out that this allows my domain to be used by spammers to legitimise sender addresses. I wasn't very convinced by that argument though. I doubt if many people verify their email senders like that. Most likely deleting incoming email requires fewer resources on both servers than a bounce.

It depends on what kind of catch-all it is.

I think the kind they are trying to kill off are the ones where every incoming email is guaranteed a home. In that case you can end up with hundreds of thousands of emails sat in a 'pending box'. My 'catch-all' is actually a 'catch-some'. If you send email with a random address to my domain it will most likely be deleted.

The wildcard template I currently use isn't very complicated so eventually spammers might add logic that can tailor their [censored] to just the right subset. OTOH since my system accepts everything as far as they know (no bounces) an automated system won't know how to figure out what my wildcard template is.

A dictionary based template attack might succeed eventually but in that case I change my template to something like:

dsfytgh65443.65e4dg455y54.*sader@<my domain>

Yes I have a fairly simple template for email addresses I give to "trusted" respondents. Transient or untrustworthy ones get my hotmail address. But definitely no bouncing. Never have, never will.

The cPanel guide is out of date c/w the current, but only as far as the appearance is concerned. It is now called cPanel Accelerated. Now they have completed their move to servers in the UK it all works a lot better and faster. There was a period where it was unreliable during the switchover. but I guess that is to be expected.

It certainly feels snappier than the USA web-hosting I use, definitely a bargain for a cheapskate like me!

Its Easy to set up in Outlook Express OPRN OUTLLO EXPRESS CLICK ON TOOLS/MESSAGE RULES / Mail / FOR ALL MESSAGES/ forward to people/
click on people and type in the address/s you want to forward to
Click ok and you're done

Lewis Palmer jilldaniels.com

I am pretty sure you do not understand the question as your answer is not relevant.

In reply to a post by gomezz:

I am pretty sure you do not understand the question as your answer is not relevant.

Heh, they aren't the only ones.

I started getting spam sent to my Avast email address last month. An address that I only gave out once, over a year ago when I registered. I tried to warn Avast and its users on their support forum but no-one could see the problem.

Some people suggested a dictionary attack.
Others suggested a trojan or virus infection.

Apparently they couldn't see anything odd about a spammer suddenly targeting (not the real address of course)

[email protected]

So much for security experts.

Edit:If anyone wants to see the responses I got:

http://forum.avast.com/index.php?topic=49786.0

Oh and I've not had any more addresses go bad since that one and after blocking it all spam stopped reaching my inbox.

Edited by Andrue (Tue 03-Nov-09 08:21:03)