this post was submitted on 24 Feb 2024
78 points (90.6% liked)

Technology

60084 readers
2175 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

I want to use my main mail address everywhere, even public places. But I doubt if I can guard myself against spam.

Is there a provider specialized in spam protection? Or at least good at it?

At last, given your experience, should I even do it?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 54 points 10 months ago (2 children)

I want to use my main mail address everywhere, even public places.

No you don’t. It’s not quite as simple, but buy your own domain, get an email provider such as Fastmail that will let you use a catch-all, then use a unique address for every site you visit.

Then if one starts receiving spam, you can block that specific address and voila, no more spam. Plus you know what sites have either poor customer detail hygiene or are actively selling your details.

[–] [email protected] 10 points 10 months ago (3 children)

I own my domain but I'm not sure about provider. I want to use "[email protected]" on my public profiles so unique mails for services trick wouldn't work for me.

[–] [email protected] 13 points 10 months ago (1 children)
[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

I like this one. I guess I can use this for registrations. Thanks

[–] [email protected] 7 points 10 months ago

I like Zoho. It can be free as long as you use the web/mobile app. If you want to use your own email software, it's $1/mo for the lowest paid tier.

[–] [email protected] 3 points 10 months ago (1 children)

Then you're going to get spammed to hell, live with it.

There's no spam filters that will protect you 100% from putting the same email address everywhere.

Using personalized aliases for everything and never showing a public address if you can help it is the only way to fight spam these days.

[–] [email protected] 2 points 10 months ago

There's no spam filters that will protect you 100% from putting the same email address everywhere.

Well, you could curate your own whitelist, but that's not very practical for most use cases.

[–] [email protected] 9 points 10 months ago

This is exactly what I have done since 2005 with them. Showed me years ago that 1800Flowers either was compromised or sells their email addresses.

[–] [email protected] 21 points 10 months ago (4 children)

I know it's "big evil corporate overlord", but Gmail is pretty damned good at it, really.

If I get spam from a company I recognize I gave my email to, I'll go in it and click the unsubscribe button and do it that way. Anyone else and I just mark it as spam and Gmail does a pretty good job of sending swaths of junk emails into the spam folder. I don't get much that slips through. Very occasionally I'll sign up for something I'm supposed to get an email for but don't, and I'll find it in the spam folder. If I think I'll want more emails from that company, I move it to my regular folder.

[–] [email protected] 3 points 10 months ago (1 children)

There's a large org (@ hope.net) that has a non-profit convention every few years. It maintains a e-mail list to let its > 1000 previous attendees know about the upcoming convention and related info. In the past decades everything was fine.

This year (con in July) Gmail has been spam-binning ALL of those reminder e-mails aimed at attendees who use Gmail. Quite clearly it's not the users making that choice. The org is left with no other way to contact those attendees.

[–] [email protected] 0 points 10 months ago (1 children)

Then my guess is that someone got ahold of that email list and started using it to send spam and that caused Gmails algorithm to start flagging anything sent out to a bunch of members of that email group at the same time as such.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

Maybe someone spoofed the From field on some spam, using their email address. Thereby marking that From address as a spammer. I've seen this happen both ways.

[–] darreninthenet 1 points 10 months ago

Have a read on the trouble the 2600 guys have been having sending out emails for the next HOPE conference - the junk filter is also great at filtering out topics it deems unsuitable.

load more comments (2 replies)
[–] [email protected] 17 points 10 months ago (1 children)

The paid proton accounts let you use several custom domains, although I'm not sure if you can combine custom domains with email aliases. For random sites the email alias with the stand @proton.me would probably suit your needs.

After about 3 years of use I've been very happy with proton's spam filtering.

[–] [email protected] 9 points 10 months ago

I use proton coupled with my own domain and SimpleLogin (which is now merged with Proton) to create infinite custom email addresses in my domain. I then use filters to move the recipient address to folders and I can turn off one of my SL addresses if it's compromised or sold and create a new one.

[–] [email protected] 17 points 10 months ago (2 children)

I created an email provider called Port87 that specializes in spam prevention, phishing prevention, and organization.

You use it by giving a labeled address to all your accounts, so to Netflix, you would give something like [email protected]. Then that becomes a label in your account that you can set quick settings for like mark as read or even just block that address if you’re done with it. And if you get something claiming to be from your bank there, you know it’s phishing.

Then you can have labels that are meant for real people like [email protected], and when someone emails them for the first time it will email them back and ask them to verify they’re human.

And your bare address ([email protected]) doesn’t go through, but rather responds with a list of your “public label” addresses. So that one you can share all over the internet and you won’t get spammed.

[–] [email protected] 6 points 10 months ago (1 children)

Ok but you can do this with aliases with any decent email service.

I guess an aliasing service like yours can be useful if you're stuck with a bad email provider, but since OP is looking to set things up they can just pick a decent one to begin with.

[–] [email protected] 4 points 10 months ago

Ok but you can do this with aliases with any decent email service.

As far as I know, there’s no email provider that lets you choose to enable sender screening on individual aliases. I also don’t know of any that explicitly do not use the bare address.

You can kind of achieve the same thing with Sieve scripts and a catch-all address (which is how I developed the prototype), but there is a lot that Port87 does automatically that you’d have to do manually in that system.

For example, you don’t need to set up a label before you use it with Port87. You can just give out a [email protected] address and it will create the whatever label for you. These labels show up in your “Pending Labels” section. You can then approve them to move them into your regular labels, block them, or just let them expire.

I wrote this service around this concept, so it’s not like you’re using a regular email system a special way. The system is designed and built to be used this way.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago) (1 children)

Sounds like you have qmail at the root. I ran that with spamassassin, barracuda and some other custom rules for years. Didn't add on the auto response you have described, but really liked it back in the day.

Did I guess kinda close to what you have running?

I'd think the annoying part would be that you've forced the work to prove they are human back on the sender. Might be a good way to go though given how much spam there is.

[–] [email protected] 4 points 10 months ago

It’s actually built on Haraka. All of the queueing is custom written so I can do things like make it a flip of a toggle whether you want push notifications, sender screening, mark as read, etc. for a label. And there’s no inbox, since the bare address is not a usable address. Every email you receive already has at least one label.

[–] [email protected] 12 points 10 months ago (1 children)

OP: Asks about spam filtering

Lemmy: Recommends everything but spam filtering

[–] [email protected] 4 points 10 months ago
[–] [email protected] 6 points 10 months ago

I self-host my own mail server but for anything else I use my anonymous @duck.com email address.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago) (1 children)

Anonaddy

Use unique bullshit addresses for every site, that way WHEN they sell your data out or get hacked you know who is responsible.

Anonaddy forwards everything to your one true email address knowing that only anonaddy really knows your address.

[–] [email protected] 5 points 10 months ago

Agreed with the unique addresses but why not use aliases directly at your email provider? Why use a 3rd party service?

[–] [email protected] 5 points 10 months ago (3 children)

every provider who supports aliases. like [email protected] where everything after the + is exchangeable. so you can use a 'different' mail for every service you use and just block where spam comes from via the alias.

[–] [email protected] 5 points 10 months ago (2 children)

Isn’t it pretty widely known that many email providers support this?

I just assume spammers would know enough to remove everything from the ‘+’ until the ‘@‘. It’s not like they’re trying to be sparing with recipients. Why not just send to both?

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago) (1 children)

Isn’t it pretty widely known that many email providers support this?

Personally I'm not a fan of "plus aliasing" because it gives away your base address, and it's trivial for spammers to strip the alias. I prefer aliases that completely hide the base address.

[–] [email protected] 2 points 10 months ago (1 children)

Its also VERY poorly and haphazardly handled in websites. Often they won't let me create an account with it. Or I will be able to create an account using the alias, but then I am left unable to login.

[–] [email protected] 1 points 10 months ago

That's why we need formal rules. Once regulations are in place (with big penalties) websites magically start to function properly.

[–] [email protected] 1 points 10 months ago

Yes. It is pretty easy to work around, but if that is the only tool you have it still can be used to junk a majority of the crap.

If you want a robust solution you can use disposable aliases (which are basically randomly generated) or signed addresses.

I do the latter. So I would generate an email like [email protected]. If you strip or change the string at the end (which is a small HMAC) your message will go straight to junk. It isn't perfect because there is only 4 bytes of entropy in the signature but a dedicated attacker will find a better way to spam me anyways.

[–] [email protected] 1 points 10 months ago (1 children)

... Until they randomize the part before the plus

[–] [email protected] 2 points 10 months ago (1 children)

They don't need to randomize it, just strip it.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

They strip the part after and including the plus. And yea, that's exactly what is done. People need to stop assuming malicious actors are dumb and incapable of reading an RFC.

[–] [email protected] 1 points 10 months ago (2 children)

Not best solution I guess. How about generic sites? Like Git commit mail, my website, Mastodon etc. where I can't add that postfix.

[–] [email protected] 1 points 10 months ago

What I do is have some general mailboxes then signed addresses on top of that.

So if you email blog@ or kevincox@ you will get a fairly high level of spam filtering. I also have a few other "memorable" addresses that get reduced spam filtering. If you use the unique signed address that I use for signing up to services, newsletters or whatever where the address is private to a specific service then you basically skip spam filtering. Of course if you abuse that privilege then I will outright block the signed address.

Basically by allowing friends and "trusted" services through the spam filter I can crank up the difficulty for unknown senders.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

Why can't you use +-aliases in Git, Mastodon, etc.?

Edit: git config --local user.email "[email protected]" shouldn't cause any issues.

[–] [email protected] 5 points 10 months ago (1 children)

spams

Mass nouns don't need the 's'

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

sure fixed it

[–] [email protected] 4 points 10 months ago

Protonmail with https://simplelogin.io aliases. If your email has spam, get a new email. But proton already has good spam filtering. Aliasing helps make your emails less identifiable to your identity.

[–] knobbysideup 4 points 10 months ago

You can look for a service that provides a mail security gateway, or host your own. My personal solution is mimedefang milter on sendmail which will blow away any canned solution you will find. But you have to know what you are doing with it.

There is barracuda, but they are $$. Another option is proxmox mail gateway. Not as fast as mimedefang, but it has a nice gui.

https://www.proxmox.com/en/proxmox-mail-gateway/overview

[–] [email protected] 4 points 10 months ago

Addy and Firefox Relay

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

Tildes/pubnixes since nobody knows about them not even the spammers. sdf.org is the oldest pubnix but I prefer tilde.team

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

What is a pubnix?

Edit: Short for Public access UNIX apparently.

load more comments
view more: next ›