Don’t use the catch-all email addresses for your domain name, instead use email aliases
A catch-all is a way to collect all email sent to a domain name that does not have its own email inbox. Many merchants use this to collect email that is sent to different email addresses in a single inbox. The advantage of a catch-all is that if a email is misspelled it will still be delivered to your inbox. The disadvantage of catch-alls is that it greatly increases your spam. Many spammers will send email to random emails at your domain name hoping to find one that you will receive. Ie emily@mystore.com, john@mystore.com, billy@mystore.com and so on. If you have a catch-all setup for the mystore.com domain name you would receive all of these emails that the spammer sent out. If you do not have a catch-all setup for your emails then any email addressed to an address that does not exist is rejected. If you would like to have a single email address that collects email for multiple names this can still be accomplished using email aliases instead of the catch-all. Email aliases will ensure that you only receive email for addresses that actually exist.
To check and remove the catch-all for your domain first login as the main email administrator for your domain name. This can be done from general–>email–>setup instructions. Click on the button labelled Login to Manage Email. Go to Settings–>Domain Settings–>Aliases. Click on the set catch-all icon. Make sure that the catch-all alias is set to No Catch-All and save your changes. If you remove a catch-all and were having all mail directed to a single inbox then you shoud now setup aliases for the email addresses that you DO want to receive email for. From the alias screen select the New icon. You can now add the name which will be the alias name, ie if you want to accept mail for the user sales@mystore.com in your inbox then the alias name would be sales. In the email address box type in the email address that should receive email for the alias. For instance if sales@mystore.com should go to your inbox and your inbox name is john@mystore.com then the name would be sales and the email address would be john@mystore.com
Don’t setup your own domain name/email address as a trusted sender
When a trusted sender is added you are telling the email server to not check any email from that address and/or domain name as spam. So if your domain name is mystore.com and mystore.com is on your trusted senders list, then any email from anyaddress@mystore.com is automatically delivered to your inbox without checking if its spam or not. Spam senders know that many email users mark their own domain name as trusted and they take advantage of this and they send email and make it look like it was sent by yourself, ie from sales@mystore.com and to sales@mystore.com
Check and modify your trusted senders list inside of webmail from Settings–>My Settings–>Trusted Senders. And if you are logged in as the main administrator of your domain email you can also view and edit your trusted senders for the entire domain name from Settings–>Domain Settings–>Trusted Senders