That's an extremely
send back a RCPT failure by using :fail: on the Default Address for a domain.
The alternative that you're looking for is to set the Default Address to :blackhole: but that is a bad idea for several reasons. The main one in this case is that you're encouraging the spammer to keep sending emails to those addresses because you're effectively telling them that the email has been received and accepted for delivery. The other reasons are explained here: