When setting up a web and email host account, properly setting the default email address will save the web administrator headaches when it comes to dealing with spam. Recently I came across a great example that reenforces the importance of this fact. On the web host account for a small conference and training centre, the default email address had been set to ‘catch-all.’ After more than 2 years online, the default email address had received more than 18,000 spam messages, totalling just over 98MB! Now, that’s a lotta junk!
The default setting for the default email address for a web host account is as a ‘catch-all’. That is, all unrouted email sent to a particular domain but will be forwarded to the ‘catch-all’ address. The idea behind that is if, for example, a client tries to send an email to firstname.lastname@example.org instead of email@example.com, the email still stands a chance of delivery as the web administrator for the example.com domain can forward the ‘typo’ email along to the intended addressee.
Now enter spam to complicate the matter. As I have previously noted, about 75% of all email is spam. Much of spam is sent to a series of email addresses at a particular domain, with the hope that at least some of the email spam gets through. A spammer might send emails to firstname.lastname@example.org, email@example.com, tomanders@example, etc. If the true email address is firstname.lastname@example.org, then all the above spam would be funnelled into the ‘catch-all’ or default email address.
The decision that a web administrator must make then is to decide how to manage over-taxing the web server by accepting and dealing with misdirected email (the majority of which is deliberately mis-addressed). The web administrator would also need to consider the time requires of reviewing misdirected email.
My recommendation is to set the default email address to ‘blackhole’. The result of that is the deletion of all misaddressed emails, without being directed to the default email address. The benefits of this are two-fold: (1) it saves the web administrator the time-consuming task of reviewing misdirected emails and (2) it does not provide the spammer with any feedback as to the validity of an estimated email address.
An alternate option is to set the default email address to ‘fail: no such address’. This setting returns a ‘No such address’ email notification to the sender of any misdirected email. Whilst this might prove beneficial to a client or supplier who mispells an email address, the greater concern is providing spammers that sending such emails to every piece of spam that arrives. (I would argue that the average internet user is aware that emails do go missing from time to time and that it’s advisable to follow up with a phone call when sending important or time-sensitive matters.)