Why is a catch-all account dangerous?
Some e-mail accounts are designed to catch any mail sent to the domain, regardless of the person named as the recipient. Such accounts can receive a disproportionate amount of spam.
For example, for the domain companydomain.com you could set up e-mail accounts for each of your staff. You you could have accounts for, say jack@.. and mike@....
But you could also include a catch-all account that would accept mail for anything@companydomain.com. So even if there wasn't a named account called sales@companydomain.com, the mail would still get through, as would mail sent to enquiries@..., info@.... Someone will have the task of routinely checking the catch-all account, or this account is set up so that all incoming mail is forwarded to one of the named accounts.
Catch-all accounts are very useful. Someone misspelling a recipient's name (for example, believing Mike is Mic or Michael and sending mail to mic@companydomain.com) will still get their mail delivered. Their big disadvantage is that spammers guessing account names - and automatically trying every name in a huge dictionary - will also get their message through. A 'dictionary attack' can generate many thousands of e-mails. And a catch-all account will, nor surprisingly, catch them all!
So, sadly, the disadvantages of a catch-all account outweigh their advantages. Turn yours off, and get your ISP to set up named accounts, appropriate aliases (to cope with common misspellings) and then reject all other mail.
There is a danger that you will lose a few e-mails that cannot be delivered. But the sender of such an e-mail will be immediately notified that the "user is uknown". The sender will then, usually, realise that they have misspelt the recipient's name and send the e-mail again, but his time correctly addressed.
