Several years ago I realized that using a catchall address on your domains is a double-edged sword. The obvious disadvantage is that you cast a very wide net and catch a lot of spam. This isn’t so bad if you take the time to block addresses that seem to be receiving the most spam. On the other hand, the advantage of using a catchall address is in the ability to give out a unique address that identifies the business or person you gave it to. For example, say you want to buy a book from amazon.com and you need to provide an email address during account setup. Instead of giving amazon the same address you give everyone else, you give them firstname.lastname@example.org. Now if you get spam that was addressed to email@example.com, you can be fairly certain that amazon sold or published your supposedly private information.
This has worked well for me for several years, but now there’s an easier solution that requires only a single address: it’s called Plus Addressing. Many webmail providers like GMail support Plus Addressing as a way to identify people and companies who play loose with your data. Using the above example again, the address you would give to amazon would be firstname.lastname@example.org. Similarly you might also give out email@example.com and firstname.lastname@example.org. An added benefit to Plus Addressing is the inherent simplicity in filtering incoming mail by sender.
The primary disadvantage to using Plus Addressing today is the lack of support. Although the specification for properly-formatted email addresses (1982 RFC 822) places virtually no restrictions on the content to the left of the @ sign, many sites still refuse these addresses as invalid due to the special character. Hopefully this will change as more people learn about and understand the value of this system. If you’re in a position to influence the validation of email addresses at your company, please make sure that your system supports Plus Addressing – your customers will thank you for it.