I want to use my main mail address everywhere, even public places. But I doubt if I can guard myself against spam.
Is there a provider specialized in spam protection? Or at least good at it?
At last, given your experience, should I even do it?
I want to use my main mail address everywhere, even public places.
No you don’t. It’s not quite as simple, but buy your own domain, get an email provider such as Fastmail that will let you use a catch-all, then use a unique address for every site you visit.
Then if one starts receiving spam, you can block that specific address and voila, no more spam. Plus you know what sites have either poor customer detail hygiene or are actively selling your details.
I own my domain but I’m not sure about provider. I want to use “name@surname.net” on my public profiles so unique mails for services trick wouldn’t work for me.
I like this one. I guess I can use this for registrations. Thanks
I like Zoho. It can be free as long as you use the web/mobile app. If you want to use your own email software, it’s $1/mo for the lowest paid tier.
Then you’re going to get spammed to hell, live with it.
There’s no spam filters that will protect you 100% from putting the same email address everywhere.
Using personalized aliases for everything and never showing a public address if you can help it is the only way to fight spam these days.
There’s no spam filters that will protect you 100% from putting the same email address everywhere.
Well, you could curate your own whitelist, but that’s not very practical for most use cases.
This is exactly what I have done since 2005 with them. Showed me years ago that 1800Flowers either was compromised or sells their email addresses.
I know it’s “big evil corporate overlord”, but Gmail is pretty damned good at it, really.
If I get spam from a company I recognize I gave my email to, I’ll go in it and click the unsubscribe button and do it that way. Anyone else and I just mark it as spam and Gmail does a pretty good job of sending swaths of junk emails into the spam folder. I don’t get much that slips through. Very occasionally I’ll sign up for something I’m supposed to get an email for but don’t, and I’ll find it in the spam folder. If I think I’ll want more emails from that company, I move it to my regular folder.
There’s a large org (@ hope.net) that has a non-profit convention every few years. It maintains a e-mail list to let its > 1000 previous attendees know about the upcoming convention and related info. In the past decades everything was fine.
This year (con in July) Gmail has been spam-binning ALL of those reminder e-mails aimed at attendees who use Gmail. Quite clearly it’s not the users making that choice. The org is left with no other way to contact those attendees.
Then my guess is that someone got ahold of that email list and started using it to send spam and that caused Gmails algorithm to start flagging anything sent out to a bunch of members of that email group at the same time as such.
Maybe someone spoofed the From field on some spam, using their email address. Thereby marking that From address as a spammer. I’ve seen this happen both ways.
Have a read on the trouble the 2600 guys have been having sending out emails for the next HOPE conference - the junk filter is also great at filtering out topics it deems unsuitable.
Most spam i get is from a random @gmail address as source, can’t be that great. And they are shit with attachements.
Tell us you don’t understand how the “From” header works without telling us.
FYI, that is really just a text string. Most providers don’t let you change it, but its not exactly hard to falsify. People are largely ignorant of the fact that email mostly isnt trustworthy. Spammers abuse this ignorance constantly.
In order to send email as another address, gmail requires you to verify the address by sending you an email there first. AFAIK, they never re-verify, but that’s the main weakness I see.
I created an email provider called Port87 that specializes in spam prevention, phishing prevention, and organization.
You use it by giving a labeled address to all your accounts, so to Netflix, you would give something like yourname-netflix@port87.com. Then that becomes a label in your account that you can set quick settings for like mark as read or even just block that address if you’re done with it. And if you get something claiming to be from your bank there, you know it’s phishing.
Then you can have labels that are meant for real people like yourname-friends@port87.com, and when someone emails them for the first time it will email them back and ask them to verify they’re human.
And your bare address (yourname@port87.com) doesn’t go through, but rather responds with a list of your “public label” addresses. So that one you can share all over the internet and you won’t get spammed.
Ok but you can do this with aliases with any decent email service.
I guess an aliasing service like yours can be useful if you’re stuck with a bad email provider, but since OP is looking to set things up they can just pick a decent one to begin with.
Ok but you can do this with aliases with any decent email service.
As far as I know, there’s no email provider that lets you choose to enable sender screening on individual aliases. I also don’t know of any that explicitly do not use the bare address.
You can kind of achieve the same thing with Sieve scripts and a catch-all address (which is how I developed the prototype), but there is a lot that Port87 does automatically that you’d have to do manually in that system.
For example, you don’t need to set up a label before you use it with Port87. You can just give out a yourname-whatever@port87.com address and it will create the whatever label for you. These labels show up in your “Pending Labels” section. You can then approve them to move them into your regular labels, block them, or just let them expire.
I wrote this service around this concept, so it’s not like you’re using a regular email system a special way. The system is designed and built to be used this way.
Sounds like you have qmail at the root. I ran that with spamassassin, barracuda and some other custom rules for years. Didn’t add on the auto response you have described, but really liked it back in the day.
Did I guess kinda close to what you have running?
I’d think the annoying part would be that you’ve forced the work to prove they are human back on the sender. Might be a good way to go though given how much spam there is.
It’s actually built on Haraka. All of the queueing is custom written so I can do things like make it a flip of a toggle whether you want push notifications, sender screening, mark as read, etc. for a label. And there’s no inbox, since the bare address is not a usable address. Every email you receive already has at least one label.
The paid proton accounts let you use several custom domains, although I’m not sure if you can combine custom domains with email aliases. For random sites the email alias with the stand @proton.me would probably suit your needs.
After about 3 years of use I’ve been very happy with proton’s spam filtering.
I use proton coupled with my own domain and SimpleLogin (which is now merged with Proton) to create infinite custom email addresses in my domain. I then use filters to move the recipient address to folders and I can turn off one of my SL addresses if it’s compromised or sold and create a new one.
OP: Asks about spam filtering
Lemmy: Recommends everything but spam filtering
lol
I self-host my own mail server but for anything else I use my anonymous @duck.com email address.
Anonaddy
Use unique bullshit addresses for every site, that way WHEN they sell your data out or get hacked you know who is responsible.
Anonaddy forwards everything to your one true email address knowing that only anonaddy really knows your address.
Agreed with the unique addresses but why not use aliases directly at your email provider? Why use a 3rd party service?
every provider who supports aliases. like foo+baa@bzz.tld where everything after the + is exchangeable. so you can use a ‘different’ mail for every service you use and just block where spam comes from via the alias.
Isn’t it pretty widely known that many email providers support this?
I just assume spammers would know enough to remove everything from the ‘+’ until the ‘@‘. It’s not like they’re trying to be sparing with recipients. Why not just send to both?
Isn’t it pretty widely known that many email providers support this?
Personally I’m not a fan of “plus aliasing” because it gives away your base address, and it’s trivial for spammers to strip the alias. I prefer aliases that completely hide the base address.
Its also VERY poorly and haphazardly handled in websites. Often they won’t let me create an account with it. Or I will be able to create an account using the alias, but then I am left unable to login.
That’s why we need formal rules. Once regulations are in place (with big penalties) websites magically start to function properly.
Yes. It is pretty easy to work around, but if that is the only tool you have it still can be used to junk a majority of the crap.
If you want a robust solution you can use disposable aliases (which are basically randomly generated) or signed addresses.
I do the latter. So I would generate an email like
lemmy-example-59273625@kevincox.ca
. If you strip or change the string at the end (which is a small HMAC) your message will go straight to junk. It isn’t perfect because there is only 4 bytes of entropy in the signature but a dedicated attacker will find a better way to spam me anyways.
… Until they randomize the part before the plus
They don’t need to randomize it, just strip it.
They strip the part after and including the plus. And yea, that’s exactly what is done. People need to stop assuming malicious actors are dumb and incapable of reading an RFC.
Not best solution I guess. How about generic sites? Like Git commit mail, my website, Mastodon etc. where I can’t add that postfix.
Why can’t you use ±aliases in Git, Mastodon, etc.?
Edit:
git config --local user.email "something+someotherstuff@example.com"
shouldn’t cause any issues.What I do is have some general mailboxes then signed addresses on top of that.
So if you email blog@ or kevincox@ you will get a fairly high level of spam filtering. I also have a few other “memorable” addresses that get reduced spam filtering. If you use the unique signed address that I use for signing up to services, newsletters or whatever where the address is private to a specific service then you basically skip spam filtering. Of course if you abuse that privilege then I will outright block the signed address.
Basically by allowing friends and “trusted” services through the spam filter I can crank up the difficulty for unknown senders.
spams
Mass nouns don’t need the ‘s’
sure fixed it
You can look for a service that provides a mail security gateway, or host your own. My personal solution is mimedefang milter on sendmail which will blow away any canned solution you will find. But you have to know what you are doing with it.
There is barracuda, but they are $$. Another option is proxmox mail gateway. Not as fast as mimedefang, but it has a nice gui.
Addy and Firefox Relay
Protonmail with https://simplelogin.io aliases. If your email has spam, get a new email. But proton already has good spam filtering. Aliasing helps make your emails less identifiable to your identity.
Tildes/pubnixes since nobody knows about them not even the spammers. sdf.org is the oldest pubnix but I prefer tilde.team
What is a pubnix?
Edit: Short for Public access UNIX apparently.
deleted by creator
Self hosted.
What self-hosted solution do you recommend?
I would not suggest self-hosted, but if you really want to then Mailcow is the easy suggestion.
That’s not a good idea anymore. Especially if you want any assurances that your email will actually be delivered. You’ll be spending a lot of time dealing with non-delivery, blacklists, and spam filters.
I’ve found that you’re fine as long as you pass all the SPF/DKIM steps, have an SSL cert and use your ISP’s mail relay.
The biggest issue I face is that occasionally a legit mail server refuses to support SSL/TLS and my server drops the connection. The other 99% of unencrypted mail is spam.