Receiving based e-mail separation en

By magiel on Sunday 7 December 2014 12:00 - Comments (9)
Category: -, Views: 2.135

About three years ago I bought a domain, lets call it domainX, with the purpose of using it primarily for incoming e-mail. The plan was to create a catch-all (*@domainX.tld) in Postfix and automatically let Dovecot create a subfolder in my primary inbox based on the left-hand side of the e-mail address (left-hand-side@right-hand-side.tld). So, when submitting my e-mail address to Tweakers, I would use “t.tweakersnet@domainX.tld”. In this way, every site or system I had to leave my e-mail address, would get a unique address for sending e-mail.

I started this for several reasons:

1. Better automated archival of my e-mail
2. Reduced disclosure of my personal e-mail address (which I now only give to humans and not to automated processes)
3. Better determination of spam origins (where did the spam sender got my e-mail address from)

You might find the first two reasons nonsense but the third reason could have given some nice results.

After using this principle for a little less than 3 years I can conclude the following:

1. Some sites refuse using their own name in a users/customer's e-mail address
2. Humans incline to react confused and qualify the address as invalid or spam
3. Sites get hacked or sell customer information less often than I expected beforehand

After using this principle for ~140 diverse sites I only received three e-mails on one address which were not sent by the site I expected the mail to originate from. Unfortunately, senders of spam often use the BCC option so the e-mail still ends up in my normal inbox and I do filter incoming e-mail using Spamassassin. So I might have missed a lot of e-mails which were sent to one of my addresses.

The reason I am posting this now is that these three e-mails arrived quite recently (the last one this morning). I am contacting the website (a simple webshop) later today (writing this blog in more important :+ ) but I'm not expecting a response/result. They don't seem to be part of a bigger organisation nor are one themselves so I doubt they have the capabilities to act properly on this. I'll advise them to contact their hoster and hope that the hoster can take the necessary actions to detect the hack, prevent further abuse. If it is still vulnerable of course.

I am curious to hear your opinions on the matter.

Volgende: [RPi] Switching lights 10-'13 [RPi] Switching lights

Comments


By Tweakers user vanaalten, Sunday 7 December 2014 12:38

I have my own domain more then ten years now and use a similar scheme for e-mail as you do.
1. Some sites refuse using their own name in a users/customer's e-mail address
2. Humans incline to react confused and qualify the address as invalid or spam
3. Sites get hacked or sell customer information less often than I expected beforehand
'1': is new for me, never had an issue like that. Which sites are that?
'2': yes, humans indeed react surprised... :)
'3': well, it happens and if it is just 3 times, it would still give a flood of mail for years to block. It's not the amount of selling/hacking that is relevant, but the amount of spam you get as a result.

Plus, category '4':
Forums or companies that ignore 'unsubscribe' requests. Seems to be the majority nowadays.

And, category '5':
spam to made-up addresses. "brook_fujakova@<mydomain>" was popular for a long time.

Oh, category '6': spam to popular addresses like webmaster@, accounting@, administrator@...


So there is already a list of 'ignore' addresses in my Postfix setup. It's not always specified for what reason I added it, but roughly:
'3': 10
'4': 10
'5': 4
'6': 12

Still very happy with my setup, good spam control. It's just a lot of frustration & work before every mailserver accepts mail from my Ziggo mail address (or, before that, XS4ALL address). Getting Sender-ID and similar things to work...

By Tweakers user Xantios, Sunday 7 December 2014 12:59

Jep, ik doe dit ook al jaren op deze manier.
dat werkt bijzonder goed :-)

enige waar je even rekening mee moet houden is inderdaad de vreemde reacties die je van mensen krijgt als je ze een E-Mail adress geeft.

(
Kpn Helpdesk: Wat Is Uw e-mail?
ik: allereerst is het een E-Mail address, maar de post mag naar Kpn@MijnDomein.TLD
Kpn: Goh, dat is uw e-mail address?
)

Dat soort gesprekken.

Echter, ik krijg vrijwel nooit spam of andere zooi.

By Tweakers user analog_, Sunday 7 December 2014 13:49

Dont we have a RFC for this? account@domain.tld == account+randomstring@domain.tld

By Tweakers user azerty, Sunday 7 December 2014 16:44

analog_ wrote on Sunday 07 December 2014 @ 13:49:
Dont we have a RFC for this? account@domain.tld == account+randomstring@domain.tld
There are enough websites that aren't accepting a + in the email string sadly enough, just like there are sites that won't accept more than one dot in the right-hand-part, so you cannot use email addresses that are from subdomains -_-

By Tweakers user Mattie112, Sunday 7 December 2014 22:45

Ik gebruik een catchall voor mijn domein. Spamassasin haalt het meeste er uit. Krijg ik op een "adres" toch veel spam dan maak ik die aan zegmaar en stuur ik hem gaan /dev/null

By Tweakers user Qwerty-273, Monday 8 December 2014 10:17

Probleem van een catch all, is dat een eventuele directory harvesting attack ( http://en.wikipedia.org/wiki/Directory_Harvest_Attack ) alleen maar positieve resultaten geeft voor je domein en je dan dus bergen spam kan gaan verwachten. Moet je domein natuurlijk wel aantrekkelijk genoeg er voor zijn. En dat zal met een persoonlijk domein haast niet voorkomen.

By Tweakers user Kenhas, Monday 8 December 2014 12:14

just like there are sites that won't accept more than one dot in the right-hand-part,
Never heard that one before. How do people with a @domain.co.uk handle this? They have to registere with a google, outlook, ... adress ?

By Tweakers user azerty, Monday 8 December 2014 20:15

Kenhas wrote on Monday 08 December 2014 @ 12:14:
[...]


Never heard that one before. How do people with a @domain.co.uk handle this? They have to registere with a google, outlook, ... adress ?
No idea, but all I know for example, is that Origin does accept a .co.uk, but for example not mysubdomain.domain.be -_-

By Tweakers user DaLass, Friday 12 December 2014 10:50

Interessante manier van mailafhandeling. Heb je niet toevallig een mooie how-to hoe je dit hebt opgezet?

Comments are closed