About once a week now, we help a client fix an email problem that is caused by using catch-alls. Don't use catch-alls for email. They are evil, evil creations that I wish had died along with the the Pets.com sock puppet.
Catch-all emails typically do nothing more than catch spam and dictionary attack messages. On Ensim, Plesk and cPanel, catch-alls can all lead to email overload. Ensim is a bit nasty in that it enables a catch-alls by default. Plesk has a bug with mail being enabled for domain aliases, and cPanel is often not configured to reject email to unknown users. We often fix much of this as part of our server deployment services, but often we see catch-alls getting reintroduced by end-users.
When I get the time, I will try to post a bit more on this, but for now, we recommend disabling all catch-alls. We've seen a spike in dictionary attacks against email systems lately. These attacks can really cripple a improperly configured server.
We see catch-alls causing increasing number of email problems ranging from slow email delivery to blacklisting. In short, don't use them. When I get the time, I will outline but for now, just get rid of them.
