Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Catch-all (*) setup is the best, until a spammer hits a gibberish localpart (on purpose) and your domain cheerfully accepts it.

Don't get me wrong, I use catch-all too (don't tell spammers).



I whitelist using regular expressions (specific prefixes mostly). Gibberish and random localparts are unlikely to match those, it effectively never happens.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: