Using a mail verification source that allows a catch-all alias is not recommended
SecurityGateway's mail verification sources are what it uses to determine whether a recipient or sender of a message is valid and should be allowed. If one of your mail verification sources allows 'catch-all' or 'wildcard' for one or more domains, this could potentially cause your SecurityGateway server to run out of user licenses.
For example, if domain.com is 'dictionary attacked' and spammers send to 1000 made up addresses on domain.com, SecurityGateway will contact your mail verification source to verify these addresses. Since the mail verification source is configured to accept any address at domain.com as valid (with the catch-all alias), the source will respond positively to SecurityGateway. SecurityGateway will then create 1000 unique users on domain.com - one for each message from the spammer. Depending on your user license size, this could cause mail for legitimate users to be refused.