What Is a Catch-All Email Address?
A catch-all email address (also called a wildcard email) receives any message sent to your domain that does not match an existing mailbox. If someone sends an email to [email protected], [email protected], or [email protected], the catch-all mailbox receives it instead of bouncing the message back to the sender.
Think of it as a safety net. Without a catch-all, any email sent to a non-existent address at your domain gets bounced with a "550 User unknown" error. With a catch-all, those emails are quietly collected in a designated mailbox where you can review them.
When Should You Use a Catch-All?
Catch-all addresses are powerful but come with trade-offs. Here are the scenarios where they make sense — and where they do not.
Good Use Cases
- Small businesses where customers might mistype employee names
- Privacy-conscious users who give unique addresses to every service (netflix@, amazon@, bank@)
- Tracking signups to identify which services sell your email address
- Legacy domains where former employees still receive important correspondence
- Sales/lead capture to ensure no potential customer inquiry is lost
- Transition periods after restructuring email addresses or rebranding
Bad Use Cases
- High-traffic domains — catch-all attracts massive spam volume
- Domains used in marketing — spammers probe catch-all domains with random addresses
- Shared hosting — catch-all spam can exhaust disk quotas quickly
- Domains without spam filtering — unfiltered catch-all is unusable within days
- Large organizations — individual aliases with directory reject provide better security
Setting Up Catch-All in Postfix
Postfix is the most widely used MTA (Mail Transfer Agent) on Linux servers. Setting up a catch-all requires configuring virtual_alias_maps to redirect unmatched addresses to a specific mailbox.
Method 1: Virtual Alias Maps (Recommended)
This method uses Postfix's virtual alias mechanism to create a catch-all for a specific domain.
# Add specific aliases FIRST, then the catch-all LAST
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
# Catch-all: the @ symbol catches everything else
@example.com [email protected]
# Step 2: Generate the hash database
$ sudo postmap /etc/postfix/virtual
# Step 3: Ensure virtual_alias_maps is configured in main.cf
$ sudo postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
# Step 4: Reload Postfix
$ sudo systemctl reload postfix
Method 2: Virtual Mailbox Maps with Catch-All
If you are using Postfix with virtual mailbox delivery (common with Dovecot), the catch-all configuration goes in virtual_mailbox_maps.
[email protected] example.com/info/
[email protected] example.com/sales/
[email protected] example.com/catchall/
# /etc/postfix/virtual (alias catch-all to real mailbox)
@example.com [email protected]
# Generate and reload
$ sudo postmap /etc/postfix/virtual_mailbox_maps
$ sudo postmap /etc/postfix/virtual
$ sudo systemctl reload postfix
Method 3: Database-Backed Catch-All
For production servers managing multiple domains, a database-backed approach scales better than flat files. Postfix can query MySQL or PostgreSQL for virtual aliases.
user = maildb
password = securepass
hosts = 127.0.0.1
dbname = mail
query = SELECT destination FROM virtual_aliases
WHERE source = '%s'
OR source = CONCAT('@', '%d')
ORDER BY CHAR_LENGTH(source) DESC
LIMIT 1
# In main.cf:
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
The query checks for an exact match first (%s = full email address), then falls back to the domain catch-all (@%d). The ORDER BY CHAR_LENGTH DESC ensures specific aliases always take priority over the catch-all.
Catch-All with Email Forwarding
Instead of delivering catch-all emails to a local mailbox, you can forward them to an external email address. This is useful if you want to review catch-all emails in your existing Gmail or Outlook account.
@example.com [email protected]
# Or forward to multiple addresses:
@example.com [email protected], [email protected]
The Spam Problem: Managing Catch-All Volume
The biggest challenge with catch-all email is spam. Spammers routinely probe domains by sending to randomly generated addresses like [email protected]. With a catch-all enabled, every single one of these probe emails lands in your mailbox.
Filtering Strategy 1: SpamAssassin Integration
SpamAssassin scores each incoming email and tags it. You can then filter high-scoring (spammy) messages using Sieve rules before they reach your inbox.
content_filter = spamassassin
# Postfix master.cf — SpamAssassin service
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Filtering Strategy 2: Sieve Rules
Sieve is a server-side email filtering language supported by Dovecot. You can write Sieve rules that automatically sort catch-all email into folders based on the original recipient address.
require ["fileinto", "envelope", "variables"];
# Sort by original recipient into subfolders
if envelope :matches "to" "*@example.com" {
set :lower "addr" "${1}";
fileinto "CatchAll/${addr}";
stop;
}
# Discard obvious spam patterns
if envelope :matches "to" ["*test*@*", "*admin*@*", "*root*@*"] {
fileinto "CatchAll/Suspicious";
stop;
}
Filtering Strategy 3: Rate Limiting
Use Postfix's built-in rate limiting to prevent catch-all from being overwhelmed during spam floods.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
# Limit connections per IP
smtpd_client_connection_rate_limit = 10
smtpd_client_message_rate_limit = 20
Catch-All vs. Individual Aliases
Before committing to a catch-all, consider whether individual aliases would better serve your needs.
| Feature | Catch-All | Individual Aliases |
|---|---|---|
| Setup effort | One rule for all | Create each manually |
| Spam volume | Very high | Low (only known addresses) |
| Missed emails | None — everything captured | Typos bounce back |
| Security | Accepts all incoming | Rejects unknown addresses |
| Disk usage | High (spam accumulates) | Predictable |
| Directory harvest | Cannot detect probing | Bounces reveal nothing useful |
| Maintenance | Set and forget | Update as needed |
The Plus Addressing Alternative
Plus addressing (also called sub-addressing or tagged addressing) offers many benefits of catch-all without the spam problem. With plus addressing, [email protected] delivers to the user mailbox, and the +tag part can be used for filtering.
$ postconf -e "recipient_delimiter = +"
# Usage examples:
[email protected] → delivers to john@ (tag: netflix)
[email protected] → delivers to john@ (tag: amazon)
[email protected] → delivers to john@ (tag: banking)
# Sieve filter by tag:
require ["envelope", "variables", "fileinto"];
if envelope :detail "to" "netflix" {
fileinto "Entertainment";
}
+ character in email fields, though this is becoming less common.
Performance Impact of Catch-All
Catch-all has measurable performance implications that you should consider before enabling it.
Disk Usage
A catch-all mailbox on a moderately popular domain can accumulate 1-5 GB of spam per month. Without regular purging or quota limits, disk usage grows unbounded. Set a mailbox quota and auto-purge messages older than 30 days.
I/O Load
Every spam email triggers disk writes, SpamAssassin processing, and potentially Sieve filtering. On busy mail servers, catch-all for multiple domains can noticeably increase I/O load and CPU usage for spam processing.
plugin {
quota = maildir:User quota
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
}
# Auto-purge old catch-all messages (cron job)
0 3 * * * find /var/mail/vhosts/example.com/catchall/new \
-type f -mtime +30 -delete
When NOT to Use Catch-All
There are clear situations where catch-all does more harm than good.
Monitoring Catch-All Volume
If you do enable catch-all, monitor it regularly to detect abuse and track legitimacy.
$ grep "to=
| grep "$(date +%Y-%m-%d)" | wc -l
347
# Show which "to" addresses were used (top 20)
$ grep "to=
| grep -oP 'orig_to=<\K[^>]+' \
| sort | uniq -c | sort -rn | head -20
89 [email protected]
67 [email protected]
43 [email protected]
12 [email protected]
3 [email protected] ← Legitimate typo!
Review the monitoring output weekly. If you see recurring legitimate addresses (like john.smith@), create dedicated aliases for them. If a random address receives persistent spam, consider blackholing it specifically.
How Panelica Manages Catch-All
Panelica's email management lets you configure catch-all addresses per domain through the panel. You can enable or disable catch-all with a single toggle and specify which mailbox receives the caught emails. Combined with the built-in spam filtering and email forwarding options, you can capture all incoming mail without drowning in spam.
The email statistics dashboard shows catch-all volume separately from regular mailbox traffic, making it easy to spot when catch-all spam is increasing and whether the filtering is keeping up. You can also set per-domain catch-all policies — enabling it only for domains where you actually need it and keeping it disabled for the rest.