Thursday, July 15, 2010

Jack of All Inboxes

Benefits:No-spam

  • Eliminate spam completely
  • Partially typo-proof your email address
  • Create yourself new email addresses on the fly – no messing with settings or accounts involved
  • Experience increased email security – never share your sign in name
  • Avoid annoying anonymous email services
  • Use your favorite mail client like you’ve always done

I doubt I'm the first one to think of this, but I've never heard of someone doing it before.

I've always tried to be judicious about where I stick my email address, especially my primary email address, but somehow I still get spam and I don't know where it comes from. New idea: enter stage left. One inbox to rule them all! or more specifically, one inbox with unlimited email addresses.

Here's how it works.

When you buy a domain name from Google (or probably from anyone else for all I know) there is an option to direct any emails that are sent to the domain with a nonexistent recipient to a ‘catch all’ account, as I call it. For example, if someone meant to send me an email and they sent it to jck@mydomain.com instead of jack@mydomain.com then that email would be directed to the ‘catch all’ inbox instead of my own inbox and instead of being rejected as undeliverable. You can set your own inbox as the ‘catch all’ account, or you can have an account set up just for the purpose of catching these. We can use this to our advantage.

Say you want to sign up for service on the internet, but they require you to click a link in a confirmation email and you suspect that the site will then spam you and distribute your email address to other spam engines. Suppose this service is offered by www.shadysite.com. You can go ahead and sign up for this service with the email address of shadysite@mydomain.com and the email will come to your ‘catch all’ account. If shadysite.com does start spamming you- even if they try to hide it by sending you spam from all kinds of deceptive sender addresses- then you’ll know it’s from them (or their associates) because it’s being sent TO shadysite@mydomain.com. Then you can easily filter into oblivion any emails sent to that address. Although it is better to unsubscribe, this is a method that will work even on email without an unsubscribe link. I use this even for reputable looking sites because there will inevitably be a time when a site fails to be as reputable as they seem and they end up giving my email address to a spam engine.

If there are multiple people on your domain who want to use this method, that should be no problem. Suppose that Jane and Tarzan are married and have email addresses tarzan@example.com and jane@example.com. The administrator can set up a ‘catch all’ account with filters that forward all mail that comes with Tar.*@example.com to tarzan@example.com and all mail that comes in to grape.*@example.com can be forwarded to jane@example.com. You probably didn’t realize how much Jane loves grapes until now. Now Jane can sign up for an account at shadysite.com using the address grape.shadysite@example.com without fearing spam. Infinite obfuscation engenders ultimate security!

Speaking of COMSEC, Tarzan and Jane have a son, Jehoshaphat, who is a site security administrator and doesn’t have an @example.com account at all. His personal email address is something similar to 9as908eh34@S3kurm4il.com. He has emails forwarded to his preferred email service when they are addressed to fat.*@example.com. The email address he gives out to his friends is fat.KingOfTheWord@example.com. A few of them have tried all kinds of hacks to sign into example.com with all variations of the user name fat.KingOfTheWorld, without success.

No comments: