How I solved my junk email overload

Unti l recently, my problems with junk email far exceeded the norm. On a typical day, I would get several hundred junk messages, sometimes approaching 1000. Still worse, despite my best efforts at using various junk mail filters, many of these worthless missives evaded detection and wound up in my main Inbox.

Long ago, I accepted what I thought was my fate and routinely spent a small but annoyingly significant part of my day flushing junk mail down the virtual trash chute. If there was a better solution, I was too busy to figure it out.

Until last week.

About a week ago, I woke up and, while still rubbing my eyes and making coffee, went to check my email. Entourage (my email client) started chugging and informed me that it was "getting messages." After a brief wait, the number of messages to be downloaded appeared: 10,387. My jaw dropped. What the...?

At first, I assumed it was an error in Entourage. It wasn't. I was indeed downloading over 10,000 email messages. Yes, ten thousand. It took well over 30 minutes just for the emails to download.

It turned out that almost all of the emails were bounce-back messages -- those automated replies stating that an email you sent was not delivered for some reason. Of course, I hadn't actually sent out all the failed emails. What had happened was that some spammer was putting my email address in the header of their junk messages. As most of their spam went undelivered (sent to non-existent addresses that they just guessed might exist), I began getting the bounce-back emails alerting me to the failures. [That spammers can get away with something like this without being castrated on the spot remains a problem for Congress to address. But that was not my immediate concern.]

I had had enough. I was determined to put a stop to this onslaught and get my junk email under control.

The key, I decided, was to prevent these emails from ever getting to the point where they download to my Mac. I wanted to stop them at the source. Although I have several email addresses (such as a gmail and a .mac address), the one causing almost all my problems was the one associated with my personal Web domain. I use as my Web host for the domain. So I contacted them for advice.

Their initial reply was disheartening, to say the least: there was nothing they could do. "We are not able to stop this because the spammers are not using any of our services." In an apparent attempt to cheer me up a bit, they added that I needn't worry about getting into trouble: I would not be held responsible for sending out the spam. Great news! That's like, after being hit in the head with a baseball, being assured that you won't be held liable for interfering with the play.

Happily, the people offered a further suggestion: "Eliminate your catch-all email addresses."

That did it! I'll explain the details in a moment. But let me cut right to the punch line: After following their advice, my junk email dropped down to almost zero. I could kick myself for not thinking of this before. I guess I just didn't want to spend the time to figure out exactly what I needed to do. Until now.

But wait! If you're hoping to use this solution to solve your own junk email problems, chances are you will be disappointed. The technique only works if your email address comes from a personal domain.
    The details. When you sign up with a Web host, you are assigned one or more domains. Your domain name may be, such as In this setup, you commonly have an almost infinite number of possible email addresses. You may choose [email protected] as your official email address. But all messages sent to will be sent to you. For example, if an annoyed someone sends an email to [email protected], it will arrive in your Inbox. This is what meant by a "catch-all" address.

    This setup actually has at least one practical advantage. You can assign different addresses for different uses, allowing for easy sorting of your email. For example, when you create an account at a Web site, you can use a site-specific email address, such as [email protected]. You can then set up a rule in your email client, directing what happens whenever email with that address is received. As a bonus, if a vendor should ever sell your email address to a spammer, you can easily identify the culprit -- because the vendor's name is the front part of the email address.

    But there is a dark side to this email setup. Spammers may get a hold of your domain name and start sending emails to random addresses within that domain, such as [email protected] and [email protected] -- hoping that at least one of them gets delivered. This was a large part of my daily junk mail problem. Further, as was the case with my 10,000 spam message disaster, they can send out email using your domain as the return address. In both cases, almost every email they send leads to a message arriving in your Inbox.

    Web hosts typically offer a way to deal with this. In the case of, you can create "recipes." These are rules that tell the mail server at what to do with your email before it is potentially sent to you. In the simplest case, you can set it up so that email addressed to any valid addresses (such as [email protected]) gets delivered to you, but all other email is immediately deleted. The deleted email never shows up at your doorstep, so you don't even have to worry about filtering it.

    I confess that it made me more than a bit nervous when I selected "discard all e-mail by default" in's email management settings. But after creating the needed recipes to act as exceptions to the default, it all worked as promised.

    As I said, this solution may not apply to you. If you have an ISP-generated email address, such as [email protected], this solution won't work -- because you don't have multiple addresses under your control. But then, you probably aren't getting 10,000 emails a day. However, if you are bothered by junk email at all, there a numerous other things you can do (check out this article for some good suggestions).

So that's how I managed to reduce my junk email to near zero. I hesitated to post this blog entry; I didn't want it to serve as a challenge to spammers to seek out a new line of attack. In the end, in the interest of spreading the good news, I decided to take my chances.

P.S. None of this has affected the spam I still receive as phony comments to this blog. That's another kettle of fish; I'll save that discussion for another day.