Catch-all Auto-Responders to be disabled

It’s established that catch-all email addresses are big ol’ spam magnets. With one of these active, you’re going to get spam, and very likely lots of it. Last month we disabled forwarding of catch-alls (in most circumstances) to external addresses because this puts our servers in the position of forwarding a whole lot of spam, which not only was putting strain on our servers, but was also resulting in spam complaints (and blocks) for email that didn’t even originate within our system.

We’re taking another step in tightening up the liability of catch-alls and have disabled the setup of new auto-responders for catch-alls, starting now. Existing catch-all auto-responders are still active, but we will be disabling those next Tuesday, July 18th. {An email is going out to those who have these set up… err.. now!}

The reasons for this are fairly simple: spammers often send to hundreds of random addresses at a single domain. With an auto-responder active for a catch-all, each of these will send an email back to the sender. What’s worse is that *almost always* the “From” field on a spam email is a spoofed address at an innocent domain. The owner of that spoofed address then receives a truckload of spam in the form of auto-responses, which they in turn submit complaints for to their ISP or RBLs such as Spamcop, which — you guessed it! — results in our servers getting blocked, or our abuse department getting flooded with complaints.

You will, of course, still be able to set up auto-responders for individual addresses. Given that the general purpose of an auto-responder is to toss back a temporary vacation message, or a “we’ll get back to you soon” acknowledgement in the case of a support desk, these sorts of things are better off with individual, specific email addresses anyway!