Well, including using free subdomain services for the same purpose, I've been doing this since around 1999. I worked for a local ISP and learned lots of neat tricks. I also have noticed a short list of weird, specific address names which I know I've never used before, but still revisit me every once in a while. The disadvantage with my use of a catch-all mailbox is that any random string@ will produce a deliverable email -except- for the blacklisted ones. My guess is someone once made some random email names, which they expected to be rejected, to get a baseline on my email server's behavior towards truly unknown recipients. Somehow they didn't realize I simply had a catch-all, and start bombarding me with spam. But perhaps the test email addresses still got shuffled into a list of valid, delivered ones and then got redistributed for general spamming. Oddly, few others have ever tried sending to random addresses at my domains, so the list, all blacklisted, rarely grows. This suggests that spammers actually avoid domains with catch-alls because they can't be bothered to generate a few thousand random email addresses to sell. If that changes, I'll have to switch to a whitelist scheme and set up disposable email addresses before I use them.