Sunday, December 17, 2006

SPAM and the Catch All Feature

SPAM and the Catch All Feature

One of our domains had been receiving a huge amount of SPAM. The Catch All feature had been enabled due to the fact that usernames could be created on-the-fly and used without creating inboxes.

With this "feature" enabled, a spammer could load up a dictionary with a list of usernames and blast the domain with SPAM. The reason why all email would be received is because Catch All does not bounce non-existent addresses/usernames. Instead, it forwards all incoming email to a POP email address.

We disabled the feature today and voila! SPAM levels reduced by 90%!!

SPAM and the Catch All Feature

No comments: