It varies. It likely is an exaggeration for you, but for someone else it isn’t. It only needs to target a few domains to act as a DDOS. Rejecting invalid recipients reduces spam scanning overhead. It’s very significant at scale, for someone managing enough domains to see it.
The problem seems to be that while many domains don’t see this behavior, it seems random which ones do. Having the catchall in place when someone finally does target your domain like this seals the deal: Every one of the 16,000 recipient addresses that were accepted were just added to a list of working email addresses to be sold to spammers for the next 15 years. One hour to ruin your domain, and maybe it never happens to you, or maybe it happens to you tomorrow.
I’ve seen it go down like this at least a few hundred times in the last decade. Safe to say I’ve managed email for a few domains during that time. Enough to say it doesn’t happen to most people, but the ones it happens to usually end up having to disable their catchall or buy a new domain.
As an admin of shared mail servers you often have to base protections and actions on the worst of events, as those are the ones that threaten your infrastructure.
The problem seems to be that while many domains don’t see this behavior, it seems random which ones do. Having the catchall in place when someone finally does target your domain like this seals the deal: Every one of the 16,000 recipient addresses that were accepted were just added to a list of working email addresses to be sold to spammers for the next 15 years. One hour to ruin your domain, and maybe it never happens to you, or maybe it happens to you tomorrow.
I’ve seen it go down like this at least a few hundred times in the last decade. Safe to say I’ve managed email for a few domains during that time. Enough to say it doesn’t happen to most people, but the ones it happens to usually end up having to disable their catchall or buy a new domain.
As an admin of shared mail servers you often have to base protections and actions on the worst of events, as those are the ones that threaten your infrastructure.