Came up in another thread just a few days ago, but I can't seem to find it right now. I'd link to that thread if I could, because it was the thread that made me aware of the RFC. Oh, well.
Anyway, I posted this in today's thread, and I don't want to lose track of it, because I want to start setting my filters up this way.
It won't be perfect, but it will surely help find false positives among the junk e-mail.
This looks a bit complex, but you don't have to do it all at once.
Until the Internet has a bit better standards for e-mail, and until the ISPs quit being miserly with domain names, RFC 5233 addresses can help a lot, if used wisely.
RFC 5233 describes a way to implement sub addresses for your primary e-mail addresses. Simply put, you hang a "+" on your basic address, and then you tag some string on it after that.
Let's start with an example basic address:
user@isp.example
(Think of exampleisp.com or exampleisp.org or exampleisp.jp or some such, but the example top level domain is reserved for, hey! examples, where the example 2nd level domains are not.)
A sub address could look like this:
user+subaddress@isp.example (or, something like user+subaddress@exampleisp.com)
Another kind of sub address could look like this:
user#boxnumber@isp.example
If your mail provider supports these, they allow you to make the sub-addresses up as you want, and route your mail to you via the base part. That lets you filter the "to" address by the sub-address.
Okay. Now you know what they are. What else should you know about them? Many ISPs do not yet implement them which may be a problem. Google mail does, which helps a lot.
Obviously, if the spammers can steal your user@isp.example address, they can steal your user+subaddress@isp.example address as well. How does this help?
How do use these RFC 5233 addresses wisely?
First, assume that your base address will soon be harvested, if it isn't already. Thus, your base address of user@isp.example is essentially an alias for user+spam@isp.example . Pre-filter it that way.
Second, set up a suffix for bulk purposes, such as user+bulknnnnn@isp.example . "bulk" is okay, but you might prefer something a little more original to yourself, like "klub" (mix it up), or "hanbai" (Japanese for "sales"). The serial number could also come before, nnnnnbulk, or in the middle, like bunnnnnlk, and you might want to use pseudo-random serial numbers instead of just cycling through from bu00000lk to bu99999lk.
Hmm. bu23645lk would be harder to filter than bulk23645 with the simple non-RE filters that are most common. Okay, for this, let's stick with the sequence number after the tag.
Now you can give "bulk" sub-addresses out when you sign up for stuff on-line, instead of your "important" addresses. Write the made-up address down. Then, when you open up your MUA (your mail browser), you can set up a filter to grab that address and filter it to a filter for that kind of whatever it was to be filtered to. The first few mails you get from them, you find out what domains to expect.
If you start getting unrequested advertisements at that address, you can contact them and tell them they're somehow leaking their users' addresses, or you can change your filter to dump all mail to that address in Round File Q. Or you can add the sender address to the filter so that only legitimate senders for that address go to that folder. And then you can add another filter that dumps any mail to that address that comes from any other sender to the SPAM dump for consideration when you have the time, and/or for automatic deletion.
You can set up similar sub-address suffixes for mail lists. For example, user+listnnnnn@isp.example or user+listname@isp@example .
Then you can do the same thing for friends, family, church, school, clubs, etc. Maybe have filters for user+churchnnnnn@isp.example, user+schoolnnnnn@isp.example, and so on. For family and friends, maybe something user+frankl@isp.example for Frank Lemmon.
(You might expect spammers to try things like automatically cycling through user+joe, user+mary, user+john, etc., so you may want a little more than that. Or, you might adjust the address for joe, mary, and john when the spammers start doing that.)
And if Suzanne Roberts's computer suddenly gets infected with something, and you start getting spam for user+suzier@isp.example, you write her and urge her (yet again) to switch from MSWindowsX 10.77 to Ubuntu 12 or Fedora 15 or openbsd 6 or whatever. Tell her you'll send her a new address once she has either re-installed and MSWindows with service pack 109 or whatever the latest is, or moved to a reasonable OS. And warn her that, until she does, you might lose mail from her in the deluge.
Okay, while she is recovering from that, you have set up additional filters on the sender address, so that the spammers have to at least spoof her address as the sender to get into her folder, and that might actually be enough, but at least she'll have a little of the fear of nature in her, and maybe she'll start being sensible and start looking at alternatives to MSLeviathan.
In case you're curious, this is what private white listing works like. It can be controlled, because you have an idea who and where mail should be coming from, by the receiver address it is sent to. Two or three sets of filters for each address or set of addresses, one that white-lists known senders, one that diverts unknown senders to a "probably-junk" folder, and maybe one that (temporarily or permanently) black-holes known offender senders who have latched onto that group of suffixes.
Finally, you have a set of doorbell or knock addresses that you give out at business meetings and other parties: bellnnnnn@isp.example . You enable filters for the one you gave out last night, then, after a week or a month, you disable them again. Or, if the spam to that address is not too bad, you just leave it enabled and keep using it.
When you get legitimate mail at that address, you reply and tell them the real address they should send stuff for you at.
Of course, with a little time, you can actually set up a domain of your own for cheap with a little help from a place like google.com and a place like dyndns.org. Google will run your mail server for you if you have a web server and a domain name pointed to it.
Of course, there's that thing about letting Google spool your mail, but it is possible. Read the terms of use and make sure that's okay for the kind of mail you expect first.
Posts
No comments:
Post a Comment
Courtesy is courteous.