Receiving based e-mail separation en

By magiel on Sunday 7 December 2014 12:00 - Comments (9)
Category: -, Views: 2.209

About three years ago I bought a domain, lets call it domainX, with the purpose of using it primarily for incoming e-mail. The plan was to create a catch-all (*@domainX.tld) in Postfix and automatically let Dovecot create a subfolder in my primary inbox based on the left-hand side of the e-mail address (left-hand-side@right-hand-side.tld). So, when submitting my e-mail address to Tweakers, I would use “t.tweakersnet@domainX.tld”. In this way, every site or system I had to leave my e-mail address, would get a unique address for sending e-mail.

I started this for several reasons:

1. Better automated archival of my e-mail
2. Reduced disclosure of my personal e-mail address (which I now only give to humans and not to automated processes)
3. Better determination of spam origins (where did the spam sender got my e-mail address from)

You might find the first two reasons nonsense but the third reason could have given some nice results.

After using this principle for a little less than 3 years I can conclude the following:

1. Some sites refuse using their own name in a users/customer's e-mail address
2. Humans incline to react confused and qualify the address as invalid or spam
3. Sites get hacked or sell customer information less often than I expected beforehand

After using this principle for ~140 diverse sites I only received three e-mails on one address which were not sent by the site I expected the mail to originate from. Unfortunately, senders of spam often use the BCC option so the e-mail still ends up in my normal inbox and I do filter incoming e-mail using Spamassassin. So I might have missed a lot of e-mails which were sent to one of my addresses.

The reason I am posting this now is that these three e-mails arrived quite recently (the last one this morning). I am contacting the website (a simple webshop) later today (writing this blog in more important :+ ) but I'm not expecting a response/result. They don't seem to be part of a bigger organisation nor are one themselves so I doubt they have the capabilities to act properly on this. I'll advise them to contact their hoster and hope that the hoster can take the necessary actions to detect the hack, prevent further abuse. If it is still vulnerable of course.

I am curious to hear your opinions on the matter.