Catch-all and Mail Assure

Automated reports are suppressed to such recipient addresses as they cannot be validated.

Spammers often buy lists of email addresses and use these to send spam emails to servers with catch-all set up, as such, it leaves you more susceptible to spam mail.

By default, Mail Assure accepts all mail to valid recipients, based on the destination mail server response to a "recipient callout" query. If catch-all is enabled on the mail server, Mail Assure will quarantine and send quarantine reports to all the mailboxes addresses (as confirmed valid by the receiving server, to the callout) and the customer will be billed for it.

To prevent this from happening, and risk being billed for more mailboxes than expected, when the domain is added to Mail Assure, we will test if it has catch-all set up and if is detected, Mail Assure automatically logs that the destination mail server has a catch-all mailbox. Mail Assure now knows not to trust the mail server's response and will automatically switch off the sending of automated reports:

We strongly advise against disabling all catch-all behavior from all receiving servers. If this behavior is present, the following settings should be used:

  1. In Mailboxes Overview/Configuration at Domain Level, tick Reject mail to mailboxes not in the mailboxes list
  2. Turn Filtering to off by default
  3. Ensure the mailboxes and mailbox aliases lists are complete
  4. To assist with filling the mailboxes and mailbox aliases lists, consider Configuring LDAP Mailbox Sync to populate the lists from your Active Directory or Configure Microsoft 365 Sync when using Microsoft 365.

  5. Ensure each valid mailbox has filtering enabled by editing the mailbox settings