I’ve never been content to just have a regular old e-mail address. In an effort to foil spammers, I’ve tried a number of different schemes. The entry is to discuss my current method.
General Flow
- All e-mail coming in to this domain that doesn’t go to a specific e-mail account is routed into one e-mail account (a “catchall” address).
- SpamArrest checks this address every 2 minutes.
- If the sender is known, the e-mail passes.
- If the “To:” address is whitelisted, the e-mail passes.
- Otherwise, the sender gets an automated reply that requires them to verify their humanity.
- E-mail that passes SpamArrest is forwarded to two places: an archive e-mail box, and my GMail account.
- I check my e-mail through GMail’s POP3 access when I’m on my computer, and on the GMail website when I’m away.
Subaddresses
Whenever some site needs an e-mail address, I don’t provide them with my direct address, but instead give them a “subaddress.” For instance: myname.ebay@mydomain.com I then will whitelist that “To:” address on SpamArrest using the “Mailing List” feature.
This e-mail will get routed to my main account and be checked by SpamArrest. As long as the “To:” address is on my SpamArrest whitelist, the e-mail will pass, no matter who sends it. That is, the autoreply “verify your humanity” e-mail will never be sent to anyone using this particular address.
This gives me the benefit of disposability — the ability to “quarantine” my e-mail into separate subaddresses that can be shut off, if need be. Say that I sign up for an account at WebsiteX. I give them mark.websitex@mydomain.com as my e-mail address and whitelist it in SpamArrest. Then, one day, I see a spam in my inbox. A quick look at the “To:” address tells me who sold me out. I promptly set my server to block all e-mails set to mark.websitex@mydomain.com and I don’t have to worry about my e-mail address being “out there.” That’s the problem with giving people or sites your main address… once spammers get a hold of it… game over, man.
This requires a bit of work, obviously. Every time I “create” a new e-mail subaddress, I have to take 10 seconds or so to whitelist it in SpamArrest. I think, however, that it is worth it, in the end. I’ve had 3 subaddresses become compromised, which means that’s 3 times that my main e-mail address could have been compromised, but wasn’t. E-mail spam simply isn’t a problem for me… and that’s a big relief. I do worry sometimes that the whole auto-reply e-mail thing is burdensome to people, but you have to realize that it’s very rare that it gets used.
- All outgoing mail that I send goes through SpamArrest’s SMTP server, and is automatically whitelisted.
- I rarely give out my main e-mail address (i.e. I usually give a whitelisted subaddress)
Really, the only times that it is triggered is if someone gives my main address to someone else, or if someone I know changes their e-mail address.
So that’s how I’m doing it. If you have your own server, and the benefit of a “catchall” address, I strongly recommend the use of “subaddresses”… it’s a technique that works.
So I guess I’m one of the lucky few that get’s the “real deal” from you, eh?
Cool!
Nice setup. One question: which address do you use in your “From:” address for e-mails you send out?
Steven,
That’s a good question. I use several. For people I trust, I use my real address. For specific purposes, I’ll use other addresses, using Thunderbird’s “identities” feature to select that specific address from a dropdown list. Other times, when it’s not for a specific purpose, but it’s not someone I trust, I’ll use a series of numbered addresses. myname.1@domain, myname.2@domain, etc. These are just general purpose ones. I just found a Thunderbird extension that allows me to specify any return address I like (without having to create an “identity” for that address), so that will allow me to create subaddresses on the fly.
That sounds like a cool extension for my thunderbird application, thanks for the tip.
Hello,
I found your site while looking for a way to better handle subadresses. Do you know a MUA which allows you to reply with the subaddress, without having to manually insert the subaddress in the configuration (let’s call this wanted feature “reply with To”)? For instance, if I receive a mail from you, I’d like my mailer to reply with a david+txfx.net@domain.tld, without having to manually insert david+txfx.net@domain.tld in a configuration file. Sort of “on-the-fly” address, if you want.
I hope it is clear and thank you for your answer.
Hello,
I found your site while looking for a way to better handle subaddresses. Do you know a MUA which allows you to reply with the subaddress, without having to manually insert the subaddress in the configuration (let’s call this wanted feature “reply with To:”)? For instance, if I receive a mail from you, I’d like my mailer to reply with a
david+txfx.net@domain.tld, without having to manually insertdavid+txfx.net@domain.tldin a configuration file. Sort of “on-the-fly” address, if you want.I hope it is clear and thank you for your answer.