Disable Default Address (catchall) to block unwanted emails

Using this tutorial you can disable emails that are addressed to non-existent email addresses in your domain. This is also called catchall address. We strongly recommend that you do not forward them to any of your email address and never to an email address hosted outside of the server.

The reason for disabling “Default Address” is to reject spam (junk emails) addressed to random addresses on your domain. Spammers use regular persona names and common email addresses to send junk email with the hope that some of it may reach you. They can generate thousands of emails to your domain e.g. whatever@yourdomain.com, whatever123@yourdomain.com and the list goes on. This can create a denial of service attack on your email service. To avoid such attack, default address should never be used because it accepts emails for all non-existent addresses exposing your domain for email attacks. You should always create proper email accounts that you want to use. You can create any number of accounts you like as part of your Web Hosting service with no extra cost.

In addition to the above, if you forward your emails to another server or email provider (e.g. gmail.com, hotmail.com, or yahoo.com), the junk email will pass through your server as it is. This can cause your server and domain to be blamed as the source of spam for the email provider.

We assume that you have already logged into cPanel.

Click on Default Address under Email section.

Select the domain from the drop down for which you want to disable default address.

Select the radio button that says: Discard the email while your server processes it by SMTP time with an error message.

Optionally you can set a failure message as well, such as No such account here.

Click Change button to save the setting.

That is all. Now your domain is safe and will reject emails for addresses that do not exist. You should do this for each domain hosted in your account.