Hacker News new | past | comments | ask | show | jobs | submit login

> If you have your own domain you can use a catch all/wildcard address, eg. @mydomain.com

I've done this before. You will get a shitload of spam. I recommend suffixing the user of all addresses with something you want to go to your inbox.

E.g. I use *.r@mydomain.com (r for "real"). Anything that doesn't end in .r@mydomain.com never hits my main inbox.




Been using a wildcard for one of my email domains for years (facebook@..., linkedin@... etc) and never once have I had issues with spam. Everything for services I dont care about goes through SpamAssassin on the mail server and items that pass get dumped to Gmail, where only "ham" messages will get forwarded through to my real inbox.


I think they were using their catch-all for non-transactional/newsletter emails. I have a catch-all for websites and then another that I give to people to email me on. This lets me see emails sent to me by a person easily while having separate email addresses for each site.


Do you have catchall directly on the second level domain (@mydomain.com) or do you only catchall a specific subdomain (@mail.mydomain.com)? I'd expect a very big difference in the volume of blue sky spam between those two. If GP sbov has the catchall directly on mydomain.com, then restricting the value space to *.r will make a meaningful difference.

Having the "validating substring" in front of the @ will actually make it easier when you have to use the email address in vocal communication: many humans are unaccustomed to encountering more than one dot after the at.


Yep, directly on the second level domain. I do not use a mail subdomain.


> I recommend suffixing the user of all addresses with something you want to go to your inbox.

I use a subdomain. *@abc.example.com goes to my CatchAll folder. usernames@example.com go to their respective users. There are no equivalent names between @abc.example.com and @example.com so if anyone gets cute[0] and tries stripping out subdomains, the messages are rejected. Also, subdomains are common enough that no one thinks anything of it.

As a nice bonus, the subdomain can also be directed elsewhere. I've aimed it at various "we automatically file your e-mail" type scripts and services before, just to try them out.

0 - Spammers absolutely try to get cute and drop the subdomain. For example, in the Dropbox leak, dropbox@abc.example.com and db@abc.example.com of mine were leaked. I see tons of spam attempts to dropbox@example.com and db@example.com daily.


Thats a good solution. For 15 years or so I just used the user.site@domain.com approach. But in the last 4 or 5 years, the spammers have gotten smarter and now are stripping off the site and just emailing user@domain.com.

Yours is a good solution.


Since we’re sharing anecdotes: I do this presently and get very little spam to random addresses. I’ve been on this scheme for about a decade now. All spam is to a specific address, which I’d given out.


I use a wildcard on my domain. Spam filtering is _really_ good these days. It truly is not a problem. I get tons of spam, and it's all filtered.


You don't use wildcard addresses for this, you use sub/plus-addresses. That way the spam problem is completely avoided and multiple users per domain will work normally.


I'd use something else not plus because gmail uses plus so spammers may be aware they can change the plus to anything




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: