[SC-Help] Method to use unique email address to eliminate spam

Enw spamcop-help@news.spamcop.net
Tue, 09 Apr 2002 11:40:07 -0400


On Wed, 03 Apr 2002 19:35:10 GMT, bnelsonxyzspamcop
wrote:

>This posting made from the web-site.  Please reply via
>email in addition to the group.  Thanks.
>------------------------------------------------------

Done, assuming I've despammed the address correctly.

>I was thinking a good way to be able to eliminate spam from
>my mailbox would be if I could uniquely identify every email
>address that I have given out.  That way when one address
>gets compromised, I can apply mail-filtering rules to automatically
>delete mail which comes to that address.

Another way of doing this would be to get an email account with
sneakemail.com; there are other people here who could tell you more
about that option.  Each entity you want to give an email address to
gets a unique email address, which can't be 'decrypted' - so, in a
way, it's better than your idea, or my explanation of an alternative
below.

>An easy way (for the user) would be if they could create 
>email addresses on the fly in this format:

>	[user][pattern][anything]@mycompany.com

>For example, if my real address is joesmith and 
>I'm subscribing to an email list called hitsongs, I would 
>not register joesmith  I would register an
>address like this:

>	joesmithxyzhitsongs

>Now when the incoming mail is received by the sendmail server,
>it strips off the pattern (xyz) and everything after to determine 
>the real mail address.  When the mail is delivered to my inbox, it
>can still retain the original To: field of joesmithxyzhitsongs
>or perhaps the sendmail server can create an X-header with the
>original email address.  In any case, I will now be able to
>identify when the joesmithxyzhitsongs address has been 
>compromised by the spammers.  If I get spam addressed to that
>address, I can have my mail program automatically delete the
>mail.  I can also re-register a new address with the hitsongs
>mailing list.

Some mail servers support what's called 'user+box' or 'plussed'
addressing, where you can use an address of the form
realname+magic (note: '.invalid' used as TLD to ensure
non-resolvable address for this discussion).  It ends up in the same
mailbox as realname, but can be filtered on for special
processing.  ISPs that have this enabled effectively give you what
you're looking for; instead of the pattern being 'xyz',it's just '+'.

>The pattern selected by the IT group would have to be something 
>which could not appear in a normal address.  Also, it should be 
>something that they come up with so that all companies did
>not have the same pattern.  If everyone used xyz, then the
>spammers would eventually figure that out.

>If you have your own domain with a catch-all email address, you
>can already do something like this.  You can send mail to any 
>address at your domain and it all gets sent to a single email 
>address.  This works well for one person, but obviously everyone 
>is not going to have their own domain.

True, now - but maybe not in the future.  More ISPs may start doing
something like what Demon UK does - you get a subdomain of their
domain, which gives the same effect - if you send to
anything (should be .uk), it goes to whoever
has the 'someone' account.

>I think this type of solution would work well for how people
>use email addresses today.  Many websites require a valid 
>email address when you sign up so that a password can be
>sent to you.  Or when you make a purchase, the order status
>is sent to you. Or when you join a discussion list.  There
>are many times when you have to give your email address 
>where you have very minimal control (if any) over how that
>address gets handled.  Many mail systems do allow aliases,
>but the time and effort to get a real alias setup would 
>deter most users.  But with this way, a user can create a
>dynamic mail alias at anytime with virtually no effort.
>And other than the initial setup of a pattern and sendmail
>filter, there is no load put on the IT group.

This is why sneakemail.com exists - and it's very nearly a perfect
solution to what you're looking for; I encourage you to check out how
they make it work.

-- 
Enw
(SpamCop subscriber, not staff/admin)