I want to use my main mail address everywhere, even public places. But I doubt if I can guard myself against spam.
Is there a provider specialized in spam protection? Or at least good at it?
At last, given your experience, should I even do it?
I want to use my main mail address everywhere, even public places.
No you don’t. It’s not quite as simple, but buy your own domain, get an email provider such as Fastmail that will let you use a catch-all, then use a unique address for every site you visit.
Then if one starts receiving spam, you can block that specific address and voila, no more spam. Plus you know what sites have either poor customer detail hygiene or are actively selling your details.
I own my domain but I’m not sure about provider. I want to use “name@surname.net” on my public profiles so unique mails for services trick wouldn’t work for me.
I like this one. I guess I can use this for registrations. Thanks
I like Zoho. It can be free as long as you use the web/mobile app. If you want to use your own email software, it’s $1/mo for the lowest paid tier.
This is exactly what I have done since 2005 with them. Showed me years ago that 1800Flowers either was compromised or sells their email addresses.
I know it’s “big evil corporate overlord”, but Gmail is pretty damned good at it, really.
If I get spam from a company I recognize I gave my email to, I’ll go in it and click the unsubscribe button and do it that way. Anyone else and I just mark it as spam and Gmail does a pretty good job of sending swaths of junk emails into the spam folder. I don’t get much that slips through. Very occasionally I’ll sign up for something I’m supposed to get an email for but don’t, and I’ll find it in the spam folder. If I think I’ll want more emails from that company, I move it to my regular folder.
There’s a large org (@ hope.net) that has a non-profit convention every few years. It maintains a e-mail list to let its > 1000 previous attendees know about the upcoming convention and related info. In the past decades everything was fine.
This year (con in July) Gmail has been spam-binning ALL of those reminder e-mails aimed at attendees who use Gmail. Quite clearly it’s not the users making that choice. The org is left with no other way to contact those attendees.
Then my guess is that someone got ahold of that email list and started using it to send spam and that caused Gmails algorithm to start flagging anything sent out to a bunch of members of that email group at the same time as such.
Maybe someone spoofed the From field on some spam, using their email address. Thereby marking that From address as a spammer. I’ve seen this happen both ways.
Most spam i get is from a random @gmail address as source, can’t be that great. And they are shit with attachements.
Tell us you don’t understand how the “From” header works without telling us.
FYI, that is really just a text string. Most providers don’t let you change it, but its not exactly hard to falsify. People are largely ignorant of the fact that email mostly isnt trustworthy. Spammers abuse this ignorance constantly.
In order to send email as another address, gmail requires you to verify the address by sending you an email there first. AFAIK, they never re-verify, but that’s the main weakness I see.
I created an email provider called Port87 that specializes in spam prevention, phishing prevention, and organization.
You use it by giving a labeled address to all your accounts, so to Netflix, you would give something like yourname-netflix@port87.com. Then that becomes a label in your account that you can set quick settings for like mark as read or even just block that address if you’re done with it. And if you get something claiming to be from your bank there, you know it’s phishing.
Then you can have labels that are meant for real people like yourname-friends@port87.com, and when someone emails them for the first time it will email them back and ask them to verify they’re human.
And your bare address (yourname@port87.com) doesn’t go through, but rather responds with a list of your “public label” addresses. So that one you can share all over the internet and you won’t get spammed.
Sounds like you have qmail at the root. I ran that with spamassassin, barracuda and some other custom rules for years. Didn’t add on the auto response you have described, but really liked it back in the day.
Did I guess kinda close to what you have running?
I’d think the annoying part would be that you’ve forced the work to prove they are human back on the sender. Might be a good way to go though given how much spam there is.
It’s actually built on Haraka. All of the queueing is custom written so I can do things like make it a flip of a toggle whether you want push notifications, sender screening, mark as read, etc. for a label. And there’s no inbox, since the bare address is not a usable address. Every email you receive already has at least one label.
The paid proton accounts let you use several custom domains, although I’m not sure if you can combine custom domains with email aliases. For random sites the email alias with the stand @proton.me would probably suit your needs.
After about 3 years of use I’ve been very happy with proton’s spam filtering.
I use proton coupled with my own domain and SimpleLogin (which is now merged with Proton) to create infinite custom email addresses in my domain. I then use filters to move the recipient address to folders and I can turn off one of my SL addresses if it’s compromised or sold and create a new one.
OP: Asks about spam filtering
Lemmy: Recommends everything but spam filtering
lol
I self-host my own mail server but for anything else I use my anonymous @duck.com email address.
every provider who supports aliases. like foo+baa@bzz.tld where everything after the + is exchangeable. so you can use a ‘different’ mail for every service you use and just block where spam comes from via the alias.
Isn’t it pretty widely known that many email providers support this?
I just assume spammers would know enough to remove everything from the ‘+’ until the ‘@‘. It’s not like they’re trying to be sparing with recipients. Why not just send to both?
Yes. It is pretty easy to work around, but if that is the only tool you have it still can be used to junk a majority of the crap.
If you want a robust solution you can use disposable aliases (which are basically randomly generated) or signed addresses.
I do the latter. So I would generate an email like
lemmy-example-59273625@kevincox.ca. If you strip or change the string at the end (which is a small HMAC) your message will go straight to junk. It isn’t perfect because there is only 4 bytes of entropy in the signature but a dedicated attacker will find a better way to spam me anyways.
… Until they randomize the part before the plus
Not best solution I guess. How about generic sites? Like Git commit mail, my website, Mastodon etc. where I can’t add that postfix.
What I do is have some general mailboxes then signed addresses on top of that.
So if you email blog@ or kevincox@ you will get a fairly high level of spam filtering. I also have a few other “memorable” addresses that get reduced spam filtering. If you use the unique signed address that I use for signing up to services, newsletters or whatever where the address is private to a specific service then you basically skip spam filtering. Of course if you abuse that privilege then I will outright block the signed address.
Basically by allowing friends and “trusted” services through the spam filter I can crank up the difficulty for unknown senders.
Why can’t you use ±aliases in Git, Mastodon, etc.?
Edit:
git config --local user.email "something+someotherstuff@example.com"shouldn’t cause any issues.
spams
Mass nouns don’t need the ‘s’
sure fixed it
Protonmail with https://simplelogin.io aliases. If your email has spam, get a new email. But proton already has good spam filtering. Aliasing helps make your emails less identifiable to your identity.
Anonaddy
Use unique bullshit addresses for every site, that way WHEN they sell your data out or get hacked you know who is responsible.
Anonaddy forwards everything to your one true email address knowing that only anonaddy really knows your address.
Addy and Firefox Relay
Tildes/pubnixes since nobody knows about them not even the spammers. sdf.org is the oldest pubnix but I prefer tilde.team
What is a pubnix?
Edit: Short for Public access UNIX apparently.
deleted by creator
Self hosted.
That’s not a good idea anymore. Especially if you want any assurances that your email will actually be delivered. You’ll be spending a lot of time dealing with non-delivery, blacklists, and spam filters.
I’ve found that you’re fine as long as you pass all the SPF/DKIM steps, have an SSL cert and use your ISP’s mail relay.
The biggest issue I face is that occasionally a legit mail server refuses to support SSL/TLS and my server drops the connection. The other 99% of unencrypted mail is spam.
What self-hosted solution do you recommend?
I would not suggest self-hosted, but if you really want to then Mailcow is the easy suggestion.
