About twice a year Matt from Pinkeye pokes his head around the virtual email filters and goes looking at the spam in person. It’s not a pretty sight – and invariably gives him cause for a rueful shake of the head.
The daily toll of spammy gadflies battering themselves hopelessly against our spam system has inexorably risen – here’s a few figures we collected some years back:
|Date||Spam stopped per day|
|December 2007||5000 (with a peak of 8000 on Christmas Day)|
Looks pretty much like a trend! You probably don’t need to get your graph paper out to see where this was all going. Now at that time we used Spam Arrest to filter our spam (These days, we use Gmail, but that’s another story, and the lesson in this post still applies whatever system you use). So it was with some alarm that in early 2008 we received an email from our friends at Spam Arrest to say:
Beginning February 2008… your Spam Arrest account will be subject to a fee of $0.25 for every 1,000 emails over the monthly 100,000 unverified email limit
That set us thinking – well, it would, wouldn’t it? At that time we already paid an annual fixed fee to Spam Arrest and were glad to. But if it’s bad enough to get all that spam, how galling if every single one costs extra money? Unthinkable! Time for a look even further into the email set-up.
Now the website we were working on in 2008 was set up back when email spam was still fairly unusual. So when we configured it, we set up what’s called a ‘catch-all’ email address. That means that if someone sends an email to firstname.lastname@example.org, the catch-all will catch it and forward it to the main inbox. Very handy if you’ve got various things going on, like other hosted websites, various family members, and no end of other flotsam and jetsam over ten years of internet use. But wait a minute – in those ten years something else has come along, the broadcast spammer. Rather than try to get hold of your email address spammers now send billions of emails to made-up addresses at random, hoping that just a few hit home. So if you have a catch-all address working, guess what? You get absolutely loads of spam to nonsense addresses. Up until 2008, that didn’t matter to us. But it suddenly did, and so the catch-all was unceremoniously turned off on 1 Jan 2008. A few forwarding addresses were created for the few active emails remaining of all the various old ones hanging around, and that was that. Take a look at the result – what a difference!
Down from 8000 spams per day on Christmas Day (really, have they no better way to celebrate?) to a mere 100 per day afterwards. That’s a 99% drop by merely changing one email configuration. We now do this for every domain we administer.
If you control the email for any domain, and you have the option to use a catch-all, let Pinkeye Graphics give you some advice you probably already know: don’t use a catch-all email. Turn it off, and avoid a massive dose of spam.