Why a catch-all e-mail configuration may not be the best idea
I have been aware of the importance of a proper e-mail configuration and strict privacy for a long time, which is the main reason why I had left Gmail many years ago and migrated to another provider. One of advices I saw in many places on the Internet was to set up a catch-all e-mail domain, to ensure the convenience and privacy when using many accounts in various places online.
In normal circumstances a person has one e-mail address in a single domain, i.e. email@domain.com
. There is no explicit need to set up separate addresses for each and every service one uses their e-mail for. For example, I can use the same address with my social media accounts, utility companies, and so on. The issue that arises is, when many organisations, companies and individuals have one’s e-mail address in their databases, it is only a matter of time before one’s address leaks into the web and is used by third parties to send tons of spam. To avoid that, one can set up separate e-mail addresses, distinctive for each website and service they use. For example, one can set up an e-mail account (or simply just an alias forwarding messages to the main address) called email2@domain.com
and use it only to log into a single website or service. That way, if they start to receive spam to that address they can first, identify that the company for which an account has been set up with that address has leaked that address, either intentionally or unintentionally. And secondly, they can simply delete that e-mail account or remove/disable the alias in order to stop receiving spam coming to email2@domain.com
.
That approach would work easily for a dozen or so services or websites, but the more different accounts one would have on different websites, the more tiresome managing separate e-mail accounts or aliases can become. At one point I had over two hundred accounts on different websites, for various services, social media, discussion boards, etc. It would be simply impractical for me to manage that many separate accounts or aliases, so I turned towards a more systemic approach. Depending on one’s e-mail provider, it can be possible to set up a configuration called a catch-all. It allows the user to create e-mail aliases ad hoc, without any configuration, by simply allowing for messages sent to any e-mail address in their domain to be forwarded to their main e-mail account (or to any account they own). Of course, this option is only possible when one owns the domain in which they have their e-mail address. It is not possible to set up a catch-all configuration for a @gmail.com
address, for example. But if one owns the domain in which their e-mail address ends, it is possible to configure their e-mail so messages sent to any address whatsoever ending in @domain.com
will be forwarded to their inbox.
Such setting allows for a convenient creation of aliases on the go. Since e-mails sent to any address in one’s domain will appear in their main mailbox, there is no need to set up any aliases in e-mail configuration options — one could even type a random set of letters before the @domain.com
and message sent to such random address would still be delivered to them. With catch-all enabled one can type any e-mail addresses on any websites. If one is setting up a Mastodon account on one of many servers, they can use address mastodon@domain.com
. If they are configuring their account at the electricity provider, they can use an address like energy@domain.com
or just company@domain.com
. That way if they start receiving spam to the e-mail address they shared with that specific company only, they can be certain their address got leaked by the company.
When I finally enabled catch-all for my e-mail domain I decided to wait for few weeks before I would start changing e-mail addresses associated with each of my two hundred accounts to a unique one, clearly identifying the company or its service. Since I had no previous experience with catch-all, I was wary to observe any potential adverse effects of enabling that option. And indeed, once catch-all became active, I started receiving even more spam than before!
Initially, I was bewildered by that change. After all, I enabled that option to increase my privacy and reduce the usage of my primary e-mail address in places where it is not necessary. But quick analysis of new spam messages that started appearing after catch-all was turned on revealed that those were advertisements sent to some most common pre-defined e-mail addresses, like contact@domain.com
, info@domain.com
, office@domain.com
and so on. I did not see that spam previously because I simply did not have such addresses created in the first place, therefore the e-mail server kept rejecting those messages, since they could not be delivered to a non-existent e-mail address. But enabling catch-all changed server’s response in a way that any e-mail sent to a non-existent address would be forwarded to my main e-mail account (after all, that is what catch-all is all about). That resulted in an increased volume of spam that reached my inbox.
Perhaps spam filters of my e-mail provider would have eventually caught up with the new spam making its way into my inbox, but since those messages had not been reaching me before, my personal filter was not trained to block them effectively. After few weeks I have decided that catch-all was more trouble than it was worth and have disabled that option. My inbox instantaneously became cleaner, and few spam messages that still managed to reach my inbox were put in spam folder automatically by the filter.
Perhaps there is a way to set up catch-all in a way that takes into account a list of certain addresses it rejects messages sent to automatically, although it would became catch-some in that circumstances. I have not explored the topic any further but if you have any experience in that regard feel free to let me know.
This is article no. 5 from the 100 Days To Offload series.