Let’s say that you own acmewidgets.com, and there are 4 mailboxes in that domain: beepbeep@acmewidgets.com, roadrunner@acmewidgets.com, kaboom@acmewidgets.com, and coyote@acmewidgets.com. Email sent to any of those email addresses will undoubtedly make it to the intended recipients.

If you have a catch-all address, that mailbox will receive all the mail sent to other addresses at acmewidgets.com: if someone mis-spells your email address and instead of coyote@acmewidgets.com sends a message to cotoye@acmewidgets.com, the email will still be delivered somewhere (your email server can be configured to forward all email to one of the mailboxes that actually exist), and it wouldn’t be missed.

Another good reason to use catch-all addresses is for services you subscribe to. Not giving out your true email address to companies and web sites that require it, keeps your true address private – if you wanted to subscribe to the New York Times, for example, you’d use nyt-subscription@acmewidgets.com. If a year later you decide that you’re no longer interested, and they keep sending you email, all you have to do is set up a filter to automatically delete all emails sent to that address. Also, if this address starts receiving actual spam or emails that do not come from the New York Times, you’ll know that they either sold your address or suffered a breach.

A client had been doing this with their own email for nearly 20 years and it was working great. “Had” and “was;” you read that correctly.

Last week, their domain got flooded with spam at an unprecedented rate and it became so bad that gmail refused to accept more email. This particular client uses gmail for their email (each mailbox – and the catch-all address – is set up to forward all incoming emails to a gmail account).

The good thing about gmail is that it’s free and their spam filtering is really excellent. The bad thing about gmail is dealing with google – there isn’t a single human to email, let alone call, when you’re not a paying customer. It took some digging to find out what the problem was, as there was no message informing our client of the problem, let alone a warning when their limits were about to be reached. The only indication that something was amiss was that there were no new emails one morning (not even spam), and the only clue was in the mail server, where thousands of emails were piling up, all with the same warning – something along the lines of “this gmail user’s getting emails at a rate that exceeds our limits.”

After a bit of additional research, I discovered that there are, indeed, limits, that email is not accepted by gmail once they’re reached, and that normal service was restored “usually” in 24 hours.

Since the mail server where the emails were accumulating already had a bit over 6,000 in the queue, once gmail would resume accepting mail, the limit would be reached again within minutes and we’d be back at square one.

The only way to make sure that this wouldn’t happen was to go through all 6,000 emails, one by one, and manually delete the spam. After a few hours of nit-picking, the queue was reduced to maybe 40 legitimate emails, and another gmail account was set up temporarily to receive new incoming messages until the original gmail account went back to normal (took about 3 days, and not the 24 hours promised on google’s support site).

The client still wanted to be able to use ad-hoc email addresses, so we found a work-around that would allow him to do so without overwhelming his gmail account. I’ll write about this next time.

NoIp is a company that provides Dynamic DNS service. What this means, is that if you need to be able to reliably access and operate remote computers without going through the hassle of registering your own domain (i.e. myhouse.com) and spending hours getting your own DNS service working, you can open a free or paid account with them, and access your remote computer as mycmptr.no-ip.org (or some unique name right before the “.no-ip.org” part). The same applies if you want to host a web site and not have to go through the extra expense of registration and commercial hosting.

Microsoft’s claim is that many criminals (they allege 18,000 – out of 4 million!) also used noip.com’s service to point to servers operating in furtherance of their criminal activities, however, to sue, and with it to bring down, the service is as asinine as shutting down google because people have managed to infect their computers through web sites listed along with legitimate search results. By the complaint’s very logic, Microsoft’s own cloud service ought to be shut down because it’s also allegedly-infested with malware-hosting sites, and unlike NoIp, Microsoft DOES DO THE ACTUAL HOSTING. Really, it makes as much sense as a man suing the friend who introduced him to the woman he married and later divorced!

I wholeheartedly hope that this lawsuit gets thrown out of court and Microsoft be harshly reprimanded because (1) it just screwed up my workday, (2) my clients will now have  to pay for me to work around the issues created, (3) Microsoft’s crappy products, when it comes to security, are far more liable for the proliferation of malware than anything else, and (4) it sets a terrible precedent for other companies in the Dynamic DNS business and their millions of users and clients. (Internet service providers are likely to want this to succeed, as they charge extra for issuing static IP addresses to their clients – the alternative to dynamic DNS, which is a rather abusive practice.)

I hope that Microsoft is hit with a Class Action for their show of complete irresponsibility and disregard for the consequences to millions of legitimate users of the service and the losses they will endure because of this. I certainly will encourage my own clients to join the Class if it comes to this, and so should you.

You can read the actual complaint at http://www.noticeoflawsuit.com
Microsoft’s main counsel on this case seems to be Randal Haimovici – rhaimovici@shb.com
To express support, write to NoIp’s Marketing Manager, Natalie Goguen - press@no-ip.com
The Judge presiding over the case is the Honorable Gloria M. Navarro at the US District Court in the District of Nevada

Actually, there weren’t as many problems, just three: a strange DNS problem that baffled even our technicians at our new host (Dotster.com), an issue with WordPress (the engine behind this web site and blog – changing its directory structure and moving it at the same site wasn’t the wisest decision I’ve ever taken), and an Apache (web server) configuration setting that had me go to bed at 2am last night instead of midnight maybe: our old vps was running Ubuntu and our new one’s running Centos.

While the intelligentsia insist that there’s no functional difference between Linux distributions, and the main differences from one to another, if any, lies on the software that’s available for each, I found out the hard way that that’s not necessarily true for Apache: configuring the server in Ubuntu is different from doing so in Centos (the distribution our new VPS is running.

In order to have “pretty” links to all the pages on this web site (i.e. “tcs-usa.com/custom-software” instead of “tcs-usa.com/1332913209″) Apache needs to load a specific module (mod_rewrite). Under ubuntu, there are about a dozen different, task-specific, configuration files, while in Centos there is only one. This little, seemingly insignificant detail, ate up about two hours of potential sleep last night.

I guess this one’s just one more of about a dozen things to watch-out for when moving from one distribution to another.