Spam defence

For quite a long time I used to use Yahoo! Mail. Even though I was lucky enough to get an invite for Gmail in its early stages, Yahoo! Mail had (IMO) one killer feature: Address Guard

The idea behind Address Guard was simple, you make your primary email address, say [email protected], and then a secondary “base name”, such as johno007. This base name was not just another email address, infact all mail sent to [email protected] would get dropped. Instead, use that base name to create an unlimited number of “disposable addresses”, such as [email protected], etc.

The idea was that if you follow the simple 3 click process (settings -> addressGaurd -> add new address!) to create a new disposable email address every time you signed up for a new website, if ever they spammed you, you simply delete that address and they wont be able to bother you any more - brilliant!

I avoided Gmail because they didn’t have the same “whitelist” approach to email addresses, but when I bought my domain name and started using Google Apps for email, I decided to use Gmail as my primary email provider. Naturally this forced me to look for a similar way to defend again spam (albeit Gmails spam filtering is quite good).

Google Apps provides “nicknames”, which works in much the same way, you can have an unlimited number of aliases for an account, except the process was a bit longer (settings -> manage domain -> users -> Your user -> Add a nickname) and I got too lazy for that after a little while. I still use nicknames for certain things, but not for every website I sign up for.

That’s when I discovered the + symbol in Gmail. Unlike Yahoo! Mail that uses the “whitelist” approach (only addresses you created will accept mail), you can use Gmail with a “blacklist” approach (all addresses accept mail unless you block them).

Assume your email address is [email protected], you can append a + and then any (valid) characters you like to the end, such as [email protected] and it will still get delivered.

If some rogue website starts sending spam to [email protected], then you can go into the Gmail settings and setup a filter to delete all mail that is sent to: [email protected].

I don’t think it’s quite as nice as Address Guard, but it is a bit more convenient because there is no set up. The biggest downside is that quite a few websites consider an email address to be invalid if it has a + symbol in it, but most are fine.