My E-Mail Situation
I’ve never been content to just have a regular old e-mail address. In an effort to foil spammers, I’ve tried a number of different schemes. The entry is to discuss my current method.
General Flow
- All e-mail coming in to this domain that doesn’t go to a specific e-mail account is routed into one e-mail account (a “catchall” address).
- SpamArrest checks this address every 2 minutes.
- If the sender is known, the e-mail passes.
- If the “To:” address is whitelisted, the e-mail passes.
- Otherwise, the sender gets an automated reply that requires them to verify their humanity.
- E-mail that passes SpamArrest is forwarded to two places: an archive e-mail box, and my GMail account.
- I check my e-mail through GMail’s POP3 access when I’m on my computer, and on the GMail website when I’m away.
Subaddresses
Whenever some site needs an e-mail address, I don’t provide them with my direct address, but instead give them a “subaddress.” For instance: myname.ebay@mydomain.com I then will whitelist that “To:” address on SpamArrest using the “Mailing List” feature.
This e-mail will get routed to my main account and be checked by SpamArrest. As long as the “To:” address is on my SpamArrest whitelist, the e-mail will pass, no matter who sends it. That is, the autoreply “verify your humanity” e-mail will never be sent to anyone using this particular address.
This gives me the benefit of disposability — the ability to “quarantine” my e-mail into separate subaddresses that can be shut off, if need be. Say that I sign up for an account at WebsiteX. I give them mark.websitex@mydomain.com as my e-mail address and whitelist it in SpamArrest. Then, one day, I see a spam in my inbox. A quick look at the “To:” address tells me who sold me out. I promptly set my server to block all e-mails set to mark.websitex@mydomain.com and I don’t have to worry about my e-mail address being “out there.” That’s the problem with giving people or sites your main address… once spammers get a hold of it… game over, man.
This requires a bit of work, obviously. Every time I “create” a new e-mail subaddress, I have to take 10 seconds or so to whitelist it in SpamArrest. I think, however, that it is worth it, in the end. I’ve had 3 subaddresses become compromised, which means that’s 3 times that my main e-mail address could have been compromised, but wasn’t. E-mail spam simply isn’t a problem for me… and that’s a big relief. I do worry sometimes that the whole auto-reply e-mail thing is burdensome to people, but you have to realize that it’s very rare that it gets used.
- All outgoing mail that I send goes through SpamArrest’s SMTP server, and is automatically whitelisted.
- I rarely give out my main e-mail address (i.e. I usually give a whitelisted subaddress)
Really, the only times that it is triggered is if someone gives my main address to someone else, or if someone I know changes their e-mail address.
So that’s how I’m doing it. If you have your own server, and the benefit of a “catchall” address, I strongly recommend the use of “subaddresses”… it’s a technique that works.
So I guess I’m one of the lucky few that get’s the “real deal” from you, eh?
Cool!
[...] Bryan discovers an efficient way to clean install Windows XP. Owen would like to see you on on August 6th for Blogathon 2005. Brian is curious about the lack of Flash support for mobile devices. Michael shares his views on MCI’s Premier Customer Service. Jim is looking for some Yasu feature suggestions. Craig is looking for a plugin to add links inside posts as footnotes rather than hyperlinks. Chris publishes his “SVN on MacOS X” tutorial. Angsuman discovers a passionate commencement address from Steve Jobs. Mark discusses his recent attempt to foil email spammers. And, Tom compares Microsoft Virtual Earth to Google Maps. Tags: blogroll, blogs [...]
Nice setup. One question: which address do you use in your “From:” address for e-mails you send out?
Steven,
That’s a good question. I use several. For people I trust, I use my real address. For specific purposes, I’ll use other addresses, using Thunderbird’s “identities” feature to select that specific address from a dropdown list. Other times, when it’s not for a specific purpose, but it’s not someone I trust, I’ll use a series of numbered addresses. myname.1@domain, myname.2@domain, etc. These are just general purpose ones. I just found a Thunderbird extension that allows me to specify any return address I like (without having to create an “identity” for that address), so that will allow me to create subaddresses on the fly.
That sounds like a cool extension for my thunderbird application, thanks for the tip.
our resources for ways to stay up to date with all the latest change of mailing address information. Why they love LauraA single answer ran through virtually all the e-mails addressing my question why conservatives adore Laura Bush: she is not… My E-Mail Situation I’ve never been content to just have a regular old e-mail address. In an effort to foil spammers, I’ve tried a number of different schemes. The entry is to discuss my current method. General Flow All e-mail coming in to this domain that doesn
Hello,
I found your site while looking for a way to better handle subadresses. Do you know a MUA which allows you to reply with the subaddress, without having to manually insert the subaddress in the configuration (let’s call this wanted feature “reply with Toâ€)? For instance, if I receive a mail from you, I’d like my mailer to reply with a david+txfx.net@domain.tld, without having to manually insert david+txfx.net@domain.tld in a configuration file. Sort of “on-the-fly†address, if you want.
I hope it is clear and thank you for your answer.
Hello,
I found your site while looking for a way to better handle subaddresses. Do you know a MUA which allows you to reply with the subaddress, without having to manually insert the subaddress in the configuration (let’s call this wanted feature “reply with To:â€)? For instance, if I receive a mail from you, I’d like my mailer to reply with a
david+txfx.net@domain.tld, without having to manually insertdavid+txfx.net@domain.tldin a configuration file. Sort of “on-the-fly†address, if you want.I hope it is clear and thank you for your answer.