[Techtalk] Dealing with allegedly respectable company who send spam

Magni Onsoien magnio+lc-techtalk at pvv.ntnu.no
Tue Dec 1 06:46:37 UTC 2009

On 2009-11-30 18:54:22 -0800, Akkana Peck said:
> TraceyC writes:
> > To avoid this in the future, I second the suggestion to use throwaway
> > e-mail addresses for businesses you aren't sure will spam you. You can
> > search the web, there are a few services which provide one time e-mail
> > addresses that will forward to your real e-mail account. Good luck :)
> I'm not really disagreeing, but there is one downside to using a
> lot of email addresses like this if you don't manage it carefully.
> I find I've ended up with a slew of email addresses (maybe 20)
> and I'm not sure which ones I've given to which companies, so
> I'm nervous about turning any of them off because some of them might
> sometimes get useful mail.
> However, some (many) of them did get leaked to spammers -- *in
> addition to* maybe being used for useful purposes. What that
> means is that I have spam coming in on 20 addresses instead
> of just one, so my spam volume is way higher with lots of duplicates.
> If I had managed this properly from the beginning, taking careful
> note of when and to whom I gave each address out, this might not
> be a problem since I could move the useful stuff and then close
> out the bad addresses. As it is, though, it's too big a project
> to monitor which addresses are attracting the most spam, and also
> watch them for several months to see if any get non-spam, to figure
> out which ones I can close out.

My university computer club used qmail at some point in history, and a
fancy functionm of qmail at that time (say, 90-something) was the
ability to make email addresses by adding +something to your username -
everything adresses to username+something would be delivered to
username, and you could do any filtering you wanted there, simpler than
with procmail (and as you can see from this email's headers, I still use
this, although now with postfix and procmail). No configuration needed
until you wanted to filter it, so it was very useful for making new
addresses for the purposes discussed here. I used to make
magnio+company-adress for any company I dealt with, and made sure its
email went into the bitbucket if they started spamming. 

I also learned that few companies actually share their address database
with spammers - I got next to no actual spammer-spams to these
"company-addresses", but they would send me offers from themselves and
sometimes their partners (but they always said where they had gotten the
address from).

Today most email servers accept such addresses (with a simple
configuration line, sometimes), so if you run your own server that may
be worth a try. It can also be worth a try to test your mail provider 
by sending an email til youraddress+something at mailprovider.com - worst
case it is returned to sender with an error.
It's worth to note that gmail accepts such emails, so you can add
+something to your regular username in your gmail address to have this
functionality. Then filter it when it gets to your inbox, either by
adding a filter for any address containing  "username+" or on a case by
case basis.
See http://mail.google.com/support/bin/answer.py?hl=en&answer=12096

A different approach is to use a disposable email address, one that will
stop working after a number of emails, or one that will simply delete
emails after a few hours.

One of the latter is Mailinator, http://www.mailinator.com
They will accept mail to any address at mailinator.com, you can go read the
emails at their site, they are deleted after a few hours. It looks very
simple, no signup or password, you only need the email address to read
the email. On the negative side, there is no privacy whatsoever, since
you don't need to sign up - just type the email address and you've got
the inbox. 

They have "alternate inbox names" that add SOME privacy, see the second
last answer in their FAQ at http://www.mailinator.com/faq.jsp 

Used with care this could be a good alternative for some places, but not
if you are going to get a username and password from the company.
They basically accept anything at anydomain.com, so you can point your own
subdomain (like somemail.yourdomain.com - NOT yourdomain.com if you use it
for email - they WILL eat all your email then) there and have more 
personalized addresses.

I think there are other similar services that let you sign up and add
more configuration to your email addresses, like adding a limit to how
many emails you will accept before the address is deleted. These
services adds a lot more privacy since you need to sign in, but also
requires a bit more administration.

Myself I unfortunately stick to manual deletion (or actually moving
every spam to a spam folder, which I plan to analyze when I retire in 30
years time. See you at some conference with my spam analyzing research
project then ;)), and I have learned to live with a few spams after my
mail provider (said computer club) have done some filtering that may or
may not be false positives (that's why I have a folder for them, too!)

Magni :)
sash is very good for you.

More information about the Techtalk mailing list