Sunday, 11 September 2005

Address Protection HOWTO

Please note, this is not about spam filtering. Filtering is like shutting the barn
door after the horse has bolted. Having said that, it is often necessary, but luckily can be
done when it is.
This document is about protecting your email address so that it does not get into the hands
of those who would abuse it. Now that is easier said than done. Consider all of these things
that you may do on the internet:
  • Post to a publically viewable forum, mailing list or usenet group
  • Sign up for a "special offer"
  • Register for access to a site
  • Put your contact details on a web page
  • etc, etc ...
Each of these things (and no doubt many more that I haven't thought of) put your email
address within reach of friendly spammers. Once they have it, it has a tendency to multiply
as those helpful people share their information with each other!
... So prevention is much better than cure ...

How to do it?

Only one option:
Never. Give. Your. Email. Address. To. Anyone.
That's it, problem solved, no more spam.
What? You want to get email?Then why are you reading this?
Oh, you want email from friends?Well, that's different!
OK, you can't not give your email address, but you can be careful who you give it to. My
advice is this:
  1. Never put your true email address on posts to mailing lists or forums.
  2. Never give a company your true email address.
  3. Never put your true email address anywhere on the web where it can be freely read.
  4. Be very careful which people you give the address to. Are they likely to send
    pointless messages to everyone in their address book, which then get forwarded on and on
    and on, with the entire history of to: and cc: there for the whole world to see. Unfortunately,
    you may be related to such people and have no choice, but just think about it.
Notice I said TRUE email address. The alternative is to use an address that is not true. What do I mean?
  • Wherever possible you could just make up an address, but
    we are assuming that you want to receive at least some mail from this person or group (even
    if it is just a confirmation to your registration). This option is obviously limited.
  • For web pages etc, you could always do something like this: myusername at bigpond dot com.
    Spammers use "robots" that scan web pages for text in the format of abc@def.net. This avoids
    that, but the spammers and their bots are getting smarter, so this way wouldn't work for
    long
  • Use an unimportant webmail address (hotmail, yahoo, gmail etc) for spam-attracting stuff. This
    could lead to problems later, but you could always delete it and start again.
  • I consider the best option to be ...

    Disposable Email Addresses

    . This is basically what this document is about. I personally use a combination of two systems,
    which I will outline here.

Address Guard by Yahoo!

This method requires that you have a Yahoo! account and have activated your web mail with them. If you don't want to give Yahoo your true email address, go to the following section first then come back here.
From the main yahoomail page, click on "Mail Options", then click on "Address Guard".
I suggest you take the time to go through the "tour".
First of all, you will need to create a "base name". This forms (as you would expect) the "base" of your disposable email addresses. Make it different to your Yahoo! ID.
Then you can create a disposable email address as you want one, just follow the prompts. The addresses take the form of:

BASENAME-AFFIX@yahoo.com


where BASENAME is your base name and AFFIX is whatever characters you want
(make it something related to what you are using it for so that you can recognise it later!)

A few points:

  • It is possible to use the addresses so created to send mail from (using Yahoo mail) if you
    set them up to allow that.
  • It is possible to filter the email so that all the messages to the DEA go to a certain folder
    (again, this is set up when you first create the address, but you can go back and edit these settings later.
  • If you start getting spam to that address, simply delete the address (It's disposable, remember!) And as an added bonus, you also know who is responsible for selling your address (you only gave this address out to one person/organisation right?)
The disadvantage to this system is that each disposable email address must be set up manually first.
To counter that problem, see the next section!

Spam Gourmet

Spam Gourmet (www.spamgourmet.com) is the ultimate in on-the-fly disposable email addresses. The name comes from its creators desire to "eat" as much spam as possible! Its use is somewhat complicated at first, so listen carefully...
First, go to www.spamgourmet.com and create an account. Standard fare, nothing to see here folks. Just two quick points though:
  • They do ask for an email address. This is important as they forward the "real" mail that
    comes through their system to it. So don't make one up!
  • Try to make your username as small as possible (ie with as few letters/numbers as possible). This just makes your disposable email addresses shorter. Handy, but not essential
That's basically it. You do not need to create your addresses first like you do with Address Guard, they are literally created "on-the-fly".
The addresses have the following format:

EMAILNAME.NUMBER.USERNAME@spamgourmet.com


Where:
  • EMAILNAME = the name you give the address. This could be anything. For example, if you are signing up for an amazon account, you could make it "amazon"
  • NUMBER = How many message do you want to receive to this address before they start getting "eaten". This can be any number (but the most you can set it to is 20, any higher number will still only allow 20 through) or any letter or word. If alpha is included instead of numberic, then the point at which the first letter of the word appears in the alphabet is the number allowed (a=1, b=2 etc). NB: It is possible to "reset" this number on the spamgourmet page, but I won't go into that here.
  • USERNAME = your spamgourmet username
  • @ spamgourmet.com - there are other alternatives (all the domains registered by the spamgourmet folks). I personally use xoxy.net because it is the shortest.
So when you sign up to amazon, put your address at amazon.10.user@xoxy.net and you will get up to 10 messages from them (or whichever spammers they have shared your address with) and then all further messages will be "eaten".

A few points:

  • You can add "trusted senders" (or domains) so that all messages from that address will get
    delivered and not advance the number of messages. You can add any number or senders to your account (which will work for any of your addresses) and/or each individual address can have one trusted sender.
  • If you reply to a message that comes through the spamgourmet system, it goes back via
    spamgourmet and looks to the recipient as if it had come from your disposable email address.
  • You can (using a form on the spamgourmet page) generate an address to send a message to so
    that it will appear as if it has come from one of your email addresses (this works in the same way as the reply trick above)
  • The home page has heaps of added features for managing your addresses. Please explore
    further (though I am happy to help if I can, email me at public.email.mule@xoxy.net
    for assistance)
  • If you start to get lots of unwanted messages from an address you can always drop the number of messages remaining down to zero and hide it and not use it any more. You do not delete these addresses, because if you did, it would just get regenerated the first time someone emailed it again!

Conclusion

OK, this is a real hack of a document, but it's a start.
Bottom line is: prevention is better than cure. Watch who you give your unprotected address
to and where you put it where it can be seen!

Mmmm, delicious….


OK, online tip #1.
One of my great finds of the last year has been an online bookmarking service called "delicious", which you will find at http://del.icio.us
Anyone familiar will this sort of thing will tell you that there are a number of similar services around, but this is the one I found first, and even after flirting with one of the others (spurl.net) I have come back to delicious.
When I first discovered delicious, I was using about 5 different computers (and perhaps more at certain times) every week. All of which I might take online, find something useful and want to come back to it. This creates a very difficult situation with respect to bookmarks.
I tried a couple of firefox extension which had the potential to act as synchronisers, but didn't have much joy.
Then along came delicious.
You have to see it to realise what it can do. And then sign up and play with it to really have a good look!! It's like a lot of things on the net, unless you have a play, you will miss out on most of the good features.
Go and have a look at my bookmarks
What you will hopefully see is a list of my most recent bookmarks. You will read the title, which will be in larger font and will be a hyperlink. Click on it if you want to see it... Underneath that there may or may not be a comment and underneath that, the "tags" that I have used to classify the link and a figure of how many other people have marked it too! (Oh, and the date)
Down on the right hand side you will see a (very) long list of all the tags that I use. You can click on any of these to see all of the links I have put that tag on to. Try it, click "computer"...
You will see that the link has taken you to http://del.icio.us/wynter/computer, I'm sure you can see the pattern. But wait, there is more! You will notice that there is now a second column of links to the left of the other one. These are the "related tags" and that means that these are all the tags that I have used ALONG WITH "computer". If you click on one of them (don't at this point) you will go to that list of links. But the better trick is to click on the plus-sign next to the tag. Try it, click on the one next to "esperance".
You should now be at http://del.icio.us/wynter/computer+esperance - get it? These link(s) (there is only one at this stage - the google group home page) are all the ones that I have tagged with both "computer" and "esperance".
Two quick tips before I go:

  1. replace my user name (wynter) with the word "tag" to see all (ie everyone's) links with those tags, eg http://del.icio.us/tag/computer+esperance - this shows the same stuff at the moment, but if any of you were to decide to bookmark any pages that might be of interest to the "Esperance+Computer" Club might be interested in, then they would show up here!
  2. Do you understand RSS? If not, ignore this bit. If you do, have a look at the link that is under the orange icon with RSS on it. Copy the link and put it in your newsreader or whatever you use (I use one or both of Firefox and Thunderbird, depending on the type of link). Now, whenever a new link is posted, it will show up in your reader, a bit like an email....

OK, this was a long post, but I suggest you sign up (no email required, but necessary if you ever want to recover your password) and have a play. Make sure you read the help section but be warned, this is not all that easy to get your head around straight away.
Go and enjoy your delicious meal.