Catch-all and SpamExperts
Automated reports are suppressed to recipient addresses that cannot be validated. Spammers often buy lists of email addresses and use these to send spam emails to servers with catch-all set up, as such, it leaves you more susceptible to spam mail.
By default, SpamExperts accepts all mail to valid recipients, based on the destination mail server response to a "recipient callout" query.
If catch-all is enabled on the mail server, SpamExperts will quarantine and send quarantine reports to all the mailboxes addresses regardless of whether the mailbox exists in SpamExperts (as confirmed valid by the receiving server, to the callout) and the customer will be billed for it. To prevent this from happening, and risk being billed for more mailboxes than expected, when the domain is added to SpamExperts, we will test if it has catch-all set up and if is detected, SpamExperts automatically logs that the destination mail server has a catch-all mailbox. SpamExperts now knows not to trust the mail server's response and will automatically switch off the sending of automated reports:
- Auto ESRs (Automatic Email Scout Reports), see Configure Domain Settings
- Protection Reports
We strongly advise that you disable all catch-all behavior from all receiving servers. If this behavior is present, the following settings should be used:
- In Mailboxes Configuration > Configuration Tab when logged in to the Domain Level Control Panel, ensure Only accept email to your defined mailboxes is ticked
- Ensure Mailbox Protection And Processing Mode is set to Protect specific mailboxes only
- Ensure the mailboxes and mailbox aliases lists are complete
To assist with filling the mailboxes and mailbox aliases lists, consider LDAP Mailbox Sync to populate the lists from your Active Directory.
- Ensure each valid mailbox has filtering enabled by editing the mailbox settings