quote:

Originally posted by mark123:

quote:

Originally posted by ensigmatic:

quote:

Originally posted by mark123: Yeah, it’s the same idea as tagged email addresses. I don’t use tags as I have unlimited forwarders.

To each their own, but, by your own admission, by doing that you've kind of limited where you can go for a new email provider.

I’m not sure I understand what you mean.

Well, the instant point was you earlier wrote you were limited as to where you could go for an email provider because some (many? most?) don't/won't support unlimited email forwarders (probably actually email aliases, btw).

quote:

Originally posted by mark123:
I’m not sure tagging offers the same security as using unique email addresses.

Depends upon one's definition of "security" and the context.

It does offer equivalent security in that:

• A bad guy, in attempting to brute-force an account, has to know both the unique tag and the password
  
• You can verify the legitimacy of a sender by looking at the tagged email address to which the email was sent.
  
• If you start getting spammed to a tagged email address you know the vendor sold or gave away your email address, or their databases were 0wn3d.
  
• If a tagged address is compromised you can change the tag and reject email to the old tagged address (if you have control over the mail server) or simply bin email sent to it (if you do not).

quote:

Originally posted by mark123:
Anyone that got the Epik list surely stripped out the tags.

One would think, but, oddly enough: They did not. At least not in email I've seen. (N.B.: Or maybe some did. I get so much spam/scam email to my unadorned email address there's no way to know.)

quote:

Originally posted by mark123:
Unless you specifically don’t allow email addresses without a tag to be delivered.

In my case: Email to tagged email addresses is "pre-approved," bypassing all but the most strictly necessary anti-spam/-abuse checks. Unadorned email has to run the whole gauntlet. So kind of: Yes.

I will concede your point that entirely different email username parts for each contact is somewhat better for avoiding spam/scam email, because, as you noted, a spammer/scammer need only strip the tag to get a (probably) deliverable email address when relying on tagging.

(Though, it just occurred to me, a compromise solution may be best: A single email alias to which you don't accept delivery w/o a tag. Hmmm... Perhaps I'll play with that today?)

I could have all the email aliases in the world I wanted. That's way too much trouble, to my way of thinking, and would limit my options should I ever choose to go to hosted email provisioning.

Then there's my wife, who I've taught to also use tagged email addresses.

Yeah, if you could reject all untagged email and only accept specific tags, that’s pretty secure. I like it. Easily done with regular expressions.

quote:

Originally posted by mark123:
Yeah, if you could reject all untagged email and only accept specific tags, that’s pretty secure. I like it. Easily done with regular expressions.

Just tested it

Created an email alias. Added "alias+<anything>@example.com" to the pre-approved list. Added "alias+compromisedtag@example.com" to the "compromised" list and "alias@example.com" to the reject list.

Works as designed

The order the lists are checked is critical. The server checks "compromised," "pre-approved," "reject," in that order.

quote:

Originally posted by mark123:
Service@domain_name.com is a good idea. Thanks.

Contact@domain_name.com also seems to be a good idea.

I have 4 domain names registered, the main one since 1997, and that is where my primary email sits. I have probably 3 dozen or so alias addresses that all forward to my primary account. Each domain has status@, which seems to be a benign address.