email

Catch-All | Delete Catchall | catch All Email

emailCatchall Addresses & Dictionary SPAM Attacks

Catchall (or wildcard) addresses are the addresses that receive all email for a domain, unless there is a specific address better suited to handle the incoming email. You may or may not have one on one of your domains. e.g.

Bloggs.com has two email addresses, “joe@bloggs.com” and “@bloggs.com” (the catchall). If a mail comes in addressed to joe@bloggs.com, it is delivered to the “joe@bloggs.com” mailbox. If a mail comes in addressed to sales@bloggs.com, it is delivered to the “@bloggs.com” mailbox.

With the ever increasing level of spam on the Internet, people are being more guarded with their email addresses. It’s therefore more difficult for spammers to obtain valid addresses to send their messages to. Rather than scour the WWW for a limited supply of well protected addresses, they’ve come up with a better idea: Find domains through search engines, and then send thousands of emails to common ‘local parts’ at those domains. (The ‘local part’ is the bit before the @ sign)

For example, they might find the bloggs.com domain through a search engine, or a domain registration tool, and then send to the following email addresses:

sales@bloggs.com, info@bloggs.com, webmaster@bloggs.com, john@bloggs.com, peter@bloggs.com, simon@bloggs.com, steve@bloggs.com, neil@bloggs.com, paul@bloggs.com, derek@bloggs.com, etc, etc.

There’s only a small amount of addresses listed here, but depending on the thoroughness of the spammer, there can be upwards of 20,000 variations for a single domain. And, because bloggs.com has a catchall email address – every single message will end up in the one mailbox..

Dictionary SPAM Attacks

This is called a ‘dictionary attack’, and is getting more and more popular with spammers. Quite often, they’ll send these messages out from a huge network of ‘zombie machines’ or ‘bots’, which are virus/adware infected home PCs. Because of this vast distributed network of infected machines sending the mail, there’s no reliable way of blocking the mail.

What’s worse is that some of the dictionary attacks check for ‘successful’ delivery, i.e. if a recipient is not refused at the destination mail server, then the recipient’s address is added to the ‘verified’ list, and possibly sold on to other spammers.

So now, the catchall mailbox at bloggs.com is overwhelmed with 20,000 messages, and because none of the mail was rejected, is on the list of ‘viable targets’ for another attack.

Recently, more and more domains that we host email for have been falling victim to dictionary attacks. A lot of them do not have catchalls, and the spammer’s mail is harmlessly bounced before even being allowed onto our servers, but a few domains have been effectively disabled for many hours, thanks to the catchall accepting the many thousands of email messages. Either the customer’s Exchange/Outlook server falls over under the strain, or the customer has to retrieve all the messages slowly, and then sift through, looking for legitimate mail. This isn’t limited to POP accounts either, as catchall forwards are affected. Both affect the performance of the servers, and impact the quality of service for your domains, and the domains of other customers.

How do I eliminate the SPAM generated from a dictionary attack?

The solution is to remove the catch-alls. We’ve disabled the creation of new catch-all accounts, as we believe that in 99% of cases, there is no need for them to be there. Any existing catchalls on the system have been left untouched, but you are encouraged to phase them out as soon as possible, before your domain finds its way onto a ‘viable target’ list.

Parked Domain Names

Login to your Domain Control Panel to disable the catchall for your domain name.

  • Login to https://www.uk-cheapest.co.uk/members
  • Select “Email Forwarding” from the Functions list
  • Select “Delete” on your [ CATCH-ALL ] alias
  • SPAM to your domain will be instantly reduced

Web Hosting Customers

The following documents will show how your catchall should be set

If you have any questions please contact the HelpDesk for support.

Email bounces with error DENIED_AUTH_REQUIRED

emailHow to fix DENIED_AUTH_REQUIRED Error

To reduce spam levels and eliminate damage caused by compromised web applications and plugins, it is no longer possible to send from OR receive to email addresses that do not exist.

If you have been using email addresses that do not exist to send emails, form submissions then you will find the emails are no longer sent. The fix is easy, see the steps below.

Sending Outgoing Emails (SMTP)

If you receive this error when sending emails from the server, then you need to ensure that

  • The email address must exist and show here: Plesk > Website & Domains > Mail
  • You are authenticating to the SMTP server correctly in your web application
  • You are using port 587 in your SMTP connection scripts (not port 25)
  • It does not matter if your MX records are externally managed

Receiving / Forwarding Emails Externally

If you receive this error when receiving emails and you are forwarding them externally

  • Are you using a catch-all email address? Don’t do it! Here’s why.
  • Ensure the email exists as either a mailbox, forwarding alias or receiving alias
  • You should be able to see this email in Plesk > Websites & Domains > Mail or as a receiving alias to an address in this list.
  • If this email does not exist, then you must create it

Still not working after fixing the above? Contact the Helpdesk

If you are suddenly receiving this problem then you must ensure the email address you are using (the one experiencing the problem) actually exists in your Plesk panel, as it may have been abused by spammers previously.

If in doubt, do not hesitate to contact the helpdesk after reviewing the above information and supply the following information so that we may assist:

  • Confirm you have waited 15 minutes since making changes in the Plesk panel
  • Explain if the problem is receiving or sending
  • Explain the email address experiencing the problem
  • Confirm that you are using SMTP authentication (if problem is outgoing)
  • Confirm that the email address exists (if problem is incoming)
  • Copy the bounce message into the helpdesk ticket

If you do not supply enough information it will take much longer to help you resolve the problem as we will need to gather this information before being able to help you to resolve the issue.

How to Reduce SPAM and Protect your Reputation

Dealing with email sent to non-existent mailboxes

Screen Shot 2015-06-03 at 12.28.22

Reducing SPAM and protecting your email reputation is an ongoing project, your job is never done. There are however some tricks, and this is one of them.

Spammers send emails to non-existent email addresses all the time. It’s part of their strategy. Here’s why.

Let’s imagine you have setup a mailbox for your domain, john.doe@yoursite.co.uk.

All email sent to john.doe@yoursite.co.uk will arrive at your inbox. So far, so good. So… What happens to emails sent to test@yoursite.co.uk?

This is determined in your Mail Settings in the Plesk panel. There’s three options.

1) Catch-all method: If you have setup a catchall to john.doe@yoursite.co.uk, then emails sent to test@yoursite.co.uk (and in fact any email for anyone@yoursite.co.uk) will arrive in your inbox – it won’t take long to fill this mailbox with this catchall email spam.

2) Forward to address method: To prevent john.doe@yoursite.co.uk filling up with spam, you may choose to send all your spam emails to an old Gmail account, john.doe@gmail.com. Great, no spam for your john.doe@yoursite.co.uk mailbox! Well, not so great i’m afraid. This is potentially disastrous. Now Google will receive all your spam, sent from @yoursite.co.uk – it won’t be long before your domain name and IP are blocked on the global blacklists. A nightmare to clear up.

Here’s the solution you have been waiting for.

3) Reject method: Using this method, the spam emails are not delivered at all. The connection attempt is rejected at the SMTP server level. No email to deliver, no email to bounce. This is the recommended and best method for dealing with emails sent to non-existent mailboxes – and it’s really easy to do.

Time to login to your Plesk Panel and set this up

Screen Shot 2015-06-17 at 14.57.31

This will not eliminate all SPAM emails, nor will it guarantee your domain/IP will never be blacklisted, but, it definitely helps. If you do not “Reject” then SPAM and blacklisting is eventually inevitable.

Getting BadMailFrom Error: Cannot Send Email

emailHave you triggered the BadMailFrom Spam Trigger?

If you are getting BadMailFrom message when trying to send email then one of the following has happened:
  1. You have sent a large number of emails from an account and the recipients have marked some of this email as SPAM
  2. Your account has been hacked and a spammer is sending emails from your account

The BadMailFrom filter stops SPAM before it gets ‘too’ serious. The filter is automatically removed after a short period of time. If the problem persists the lock will be in place for a longer period.

The recommended actions you should take are:

  • Ensure you are sending emails only to recipients that are expecting the email
  • If you are sending to a large number of recipients try spreading out the mailshot (over a number of hours or days)
  • If you did not send a quantity of outgoing mail then change your mailbox password straight away.
It is not possible for our Support Staff to reset the BadMailFrom trigger. Simply await it to reset. The trigger does not affect incoming mail.

Apple Mail Cannot Send Emails

emailSMTP Send Problems with Apple Mail

If you are having problems with Apple Mail SMTP using IMAP, ensure you are using the following settings:

Mail > Preferences > SMTP > Edit SMTP Server List > Advanced

Automatically detect and maintain account settings: No
Port: 587
Use SSL: No
Authentication: MD5 Challenge-Response
Allow insecure authentication: Yes

For more information: How to setup Apple Mail