I want to use my main mail address everywhere, even public places. But I doubt if I can guard myself against spam.

Is there a provider specialized in spam protection? Or at least good at it?

At last, given your experience, should I even do it?

  • hiajen@feddit.deEnglish
    61·
    5 months ago

    every provider who supports aliases. like foo+baa@bzz.tld where everything after the + is exchangeable. so you can use a ‘different’ mail for every service you use and just block where spam comes from via the alias.

    • ccunning@lemmy.worldEnglish
      5·
      5 months ago

      Isn’t it pretty widely known that many email providers support this?

      I just assume spammers would know enough to remove everything from the ‘+’ until the ‘@‘. It’s not like they’re trying to be sparing with recipients. Why not just send to both?

      • kevincox@lemmy.mlEnglish
        1·
        4 months ago

        Yes. It is pretty easy to work around, but if that is the only tool you have it still can be used to junk a majority of the crap.

        If you want a robust solution you can use disposable aliases (which are basically randomly generated) or signed addresses.

        I do the latter. So I would generate an email like lemmy-example-59273625@kevincox.ca. If you strip or change the string at the end (which is a small HMAC) your message will go straight to junk. It isn’t perfect because there is only 4 bytes of entropy in the signature but a dedicated attacker will find a better way to spam me anyways.

    • syd@lemy.lolOPEnglish
      21·
      5 months ago

      Not best solution I guess. How about generic sites? Like Git commit mail, my website, Mastodon etc. where I can’t add that postfix.

      • madsen@lemmy.worldEnglish
        1·
        4 months ago

        Why can’t you use ±aliases in Git, Mastodon, etc.?

        Edit: git config --local user.email "something+someotherstuff@example.com" shouldn’t cause any issues.

      • kevincox@lemmy.mlEnglish
        1·
        4 months ago

        What I do is have some general mailboxes then signed addresses on top of that.

        So if you email blog@ or kevincox@ you will get a fairly high level of spam filtering. I also have a few other “memorable” addresses that get reduced spam filtering. If you use the unique signed address that I use for signing up to services, newsletters or whatever where the address is private to a specific service then you basically skip spam filtering. Of course if you abuse that privilege then I will outright block the signed address.

        Basically by allowing friends and “trusted” services through the spam filter I can crank up the difficulty for unknown senders.