Catch All Email Account Policy
Effective immediately, WebECS will no longer be supporting “catch all” mail accounts on our shared and reseller hosting platforms. Recently, our mail server has been suffering from performance issues directly attributed to catch-all mail accounts being attacked by spammers.
The biggest impact they have on our servers is when a domain with a catch-all mail accounts configured is hit by a dictionary spam attack. This style spam attack randomly tries to send email messages to thousands of unique email addresses to a particular domain. When the catch-all account is configured, this causes the mail server to accept all of this spam and valuable processing time and resources are wasted dealing with the massive flood of messages. In some cases, the attack is so severe that it causes the mail server to become completely unresponsive.
A secondary impact of these dictionary attacks occurs after the catch-all account is deleted. Because the spammers have successfully delivered email to thousands of unique accounts, they now continue to send email to these email addresses on a daily basis. Even once the catch-all has been disabled for a domain, these repeated attempts to deliver mail to non-existent addresses can sometimes be so severe that the net effect is a denial of service attack on our mail server’s SMTP service.
Instead of using a catch-all mail account, we suggest that you configure mail forwarders for individual email addresses that you actually want to accept incoming email for, and then direct those forwarders to a single POP3 account. For example, if you want to accept email for email@example.com, firstname.lastname@example.org, and email@example.com, but want all of that email to be directed to firstname.lastname@example.org, you would setup a POP3 account for email@example.com, and setup the other email addresses as forwarders.
Please note, that if you already have a catch-all account configured, these will be disabled. We are sorry for an inconvenience this change may cause you, but taking this step is necessary in order to provide a reliable hosting platform.