I want to use my main mail address everywhere, even public places. But I doubt if I can guard myself against spam.

Is there a provider specialized in spam protection? Or at least good at it?

At last, given your experience, should I even do it?

  • hiajen@feddit.de
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    9 months ago

    every provider who supports aliases. like [email protected] where everything after the + is exchangeable. so you can use a ‘different’ mail for every service you use and just block where spam comes from via the alias.

    • ccunning@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      Isn’t it pretty widely known that many email providers support this?

      I just assume spammers would know enough to remove everything from the ‘+’ until the ‘@‘. It’s not like they’re trying to be sparing with recipients. Why not just send to both?

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        9 months ago

        Isn’t it pretty widely known that many email providers support this?

        Personally I’m not a fan of “plus aliasing” because it gives away your base address, and it’s trivial for spammers to strip the alias. I prefer aliases that completely hide the base address.

        • AtmaJnana@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          Its also VERY poorly and haphazardly handled in websites. Often they won’t let me create an account with it. Or I will be able to create an account using the alias, but then I am left unable to login.

          • lemmyvore@feddit.nl
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            9 months ago

            That’s why we need formal rules. Once regulations are in place (with big penalties) websites magically start to function properly.

      • kevincox@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Yes. It is pretty easy to work around, but if that is the only tool you have it still can be used to junk a majority of the crap.

        If you want a robust solution you can use disposable aliases (which are basically randomly generated) or signed addresses.

        I do the latter. So I would generate an email like lemmy-example-59273625@kevincox.ca. If you strip or change the string at the end (which is a small HMAC) your message will go straight to junk. It isn’t perfect because there is only 4 bytes of entropy in the signature but a dedicated attacker will find a better way to spam me anyways.

    • syd@lemy.lolOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      Not best solution I guess. How about generic sites? Like Git commit mail, my website, Mastodon etc. where I can’t add that postfix.

      • kevincox@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        What I do is have some general mailboxes then signed addresses on top of that.

        So if you email blog@ or kevincox@ you will get a fairly high level of spam filtering. I also have a few other “memorable” addresses that get reduced spam filtering. If you use the unique signed address that I use for signing up to services, newsletters or whatever where the address is private to a specific service then you basically skip spam filtering. Of course if you abuse that privilege then I will outright block the signed address.

        Basically by allowing friends and “trusted” services through the spam filter I can crank up the difficulty for unknown senders.

        • AtmaJnana@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          9 months ago

          They strip the part after and including the plus. And yea, that’s exactly what is done. People need to stop assuming malicious actors are dumb and incapable of reading an RFC.