What you create by having a catch-all address domain, is an EXCELLENT resource for spammers. They will use your domain as a FROM in their spoofing spew. Any [misguided but popular] email software doing the [DDoS enabling] "sender address verification" will pass the sender as legit, when indeed it is not.
There are many ways to program around a catchall policy, and I encourage you to find one. Maybe someone on the list can even help. Tell us, why do you <think> you need a catchall? hth Dan -----Original Message----- From: smeevil [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 18, 2007 2:52 AM To: users@spamassassin.apache.org Subject: Catch all addresses and failure/undeliverable notification messages Hello all, I am looking for some advice regarding the following issue : I have some domains which are using a catch all address. On these addresses I get a lot of undeliverable / failure notices which are theoretically legit. Though they originate from spams spoofing the domains which makes those messages spam in practice. I am hoping any of you would know a solution to filter these message while retaining the legit ones. So far the only "solution" I can come up with is stop using catch all address which in some cases is not feasible. Thank you for your time :) Gerard. -- View this message in context: http://www.nabble.com/Catch-all-addresses-and-failure-undeliverable-notifica tion-messages-tf4101428.html#a11663462 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
