Here are some drawbacks to setting up catch-all email.
Last week I wrote about how to set up catch-all email on Squadhelp. Setting this up means you’ll receive any emails sent to your domains.
While this could provide you with insight about your domains, there are some drawbacks.
John Berryhill explained some legal considerations in a post a couple of years ago. There is certainly a chance that collecting email (or even setting up MX records) can open you to suspicion or legal consequences.
Another drawback is that people might start spoofing your domain name with outbound emails.
That said, you can add an SPF record to your domain to prevent spoofing. I updated last week’s article with instructions. Basically, you’ll add a TXT record with v=spf1 -all.
Like many things, there are potential benefits and drawbacks that you need to weigh.
I previously tracked inbound email using a service that sold the data to help companies clean their lists. It was interesting to see which domains received a lot of emails, but I can’t point to a single instance of it leading to a domain sale.
Mike says
What I can say is that I have seen some very interesting ,political emails which were misdirected, including some which one would class as highly classified. That eventually
is what made me decide not to use catch all as I did not fancy a hitman coming around
to my house when they found out, and yes they were of the type that potentially could.
John says
Some observations:
1. Screw anyone’s “suspicion.” As the new registrant, and ESPECIALLY if you are an end user (hello, we’re not all just “domainers”) – you have a legitimate need to know.
2. Legal: same as #1 above, plus – it is patently absurd to impute any actionable wrongdoing unless you actually do something genuinely/legally wrong. Collecting and examining some incoming email in good faith is beyond legitimate. Deciding to wrongfully take advantage of some incoming financial or account related email in order to steal or defraud for example, among other such things, is obviously not.
So don’t even try it if nothing wrong has been done and only legitimate and normal need-to-know activity has taken place. Unless you’re begging for worse than what happens when RDNH occurs. Unless you’re a masochist. If you’re not on the right side of this issue then all the high powered and high cost help in the world will probably not be able to save you from the consequences.
John says
PS:
3. And AS IF IT EVEN NEEDS TO BE SAID, when you are an actual end user then it is frequently a basic fact of life, and no-brainer the size of Netune, that sometimes you have to implement “Default Address” catchall or whatever one wants to call it, simply for your own legitimate business and commercial purposes, and having nothing whatsoever to do with whether any unexpected and unknown prior email comes in or caring about that. If anyone here is a real end user, you may already know that too, though depending on the depth and extent to which you are a real end user since it’s also not always necessary to implement that.
MapleDots says
Hello Andrew, I know I made a short comment on your other article but adding a simple SPF record does not fix all the issues with catch all addresses. I had them active on a few domains including on DN.ca and had nothing but issues. I used so many addresses I stopped creating them and relied on catch all instead. I used sponsor@, donate@, news@ etc. I received error after error and gmail did not like it. I had to add many other things in my settings at my registrar and even when I had it perfect they went to spam. I only had one legitimate address which was admin@ but even that started to become affected. In short the domain took a hit on the gmail level and I would not advise anyone to do it. Receiving mail from addresses that don’t exist will eventually harm the standing of your domains rating on the gmail end. Even when you follow the instructions in Google Workspace the paid version of gmail the errors keep coming. I also had people signing up for email list with joe@dn.ca etc and my inbox got clogged. Now multiply this by 10 or more so because I had it active on a number of businesses and domains and it created a nightmare for me. Plus then the legitimate errors where people meant cn.ca and addressed it to dn.ca, try to get all of theses removed. I was forever responding with no such person because I had thousands of emails that did not belong to me for the 10 or so domains had catch all on for. I will never do that again and advise other people to do the same.
Andrew Allemann says
Fair point. It won’t fix all issues.