Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mindly.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mindly.Social is an English speaking, friendly Mastodon instance created for people who want to use their brains and their hearts to make social networking more social. 🧠💖

Administered by:

Server stats:

1.2K
active users

mindly.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
C.

Something happens to me occasionally, and I don't know where to put it in the ridiculous - infuriating - preposterous feelingspace. It happened again today.

Backstory: I'm an email geek, who has been running mail servers for three decades, and who has written a lot of mail-handling software. I've worked as a consultant on email systems for companies large and small.

When you run your own mailservers, have deep experience with MTAs, and are a bit of a privacy nut, you might have a tendency to want to know exactly who does what with your email address when you give it to them. For most people, this desire is just a dream; it's not possible with their email system.

Thanks to a technique semi-related to - variable envelope return-path, a mailing list feature with the qmail MTA - it's possible for email geeks. Basically the idea is that you give a different email address to everyone you deal with, and keep track of who you gave it too. Then, when you receive email, you can tell from the address the email was delivered *to* - one of your many addresses - where they got your address from.

Example:

Say I own the `example.net` domain. I arrange for all email to that domain to come to me.

I decide to order something online from (ask a Canadian). When the Crappy Tire website asks for my email address, I type in "crappytire@example.net".

1/x

#FeelingSpace#ColourSpace#email
Public
C.

Then, a couple of months later, I get spam from a seller trying to get me to buy knockoff designer handbags, or a Nigerian prince trying to secret his fortune away, or something else odious.

But look -- the email was sent to the address "crappytire@example.net"!

Now I know, with absolute certainty, that this spammer got my address, directly or indirectly, from Crappy Tire. Maybe they sold their mailing list far and wide. Maybe their systems were hacked and every customer's email was exfiltrated.

I can now take action. If I think they sold my address, I can write a nastygram referencing their privacy policy or Canada's PIPEDA act, or Europe's GDPR, or whatever. If I think my address was stolen from their systems, I can report the security incident to them, or publicize it so others know it may have happened to them.

And most importantly, I can disable that email address. Just refuse all mail sent to it. It's no longer of use to spammers or crooks. If I ever deal with Crappy Tire again, I give them a new unique address.

Anyway, that's a lot of backstory. I use this technique extensively. I have caught many, many companies selling/renting their mailing lists in violation of their own policies. I have caught many others that have been hacked, and they didn't even know it.

So what's the thing that happens to me occasionally regarding this?

2/x

#privacy#hack#MailingList
C.

The thing that happens is, I create a new unique address for a business I'm dealing with. I put the company's name in the local-part of the email address I give them (that's the part before the "@" symbol in an email address).

And then they contact me demanding to know why (or how) I'm using "their" email. They see their company name or domain name in the local-part of my address and get incensed, thinking it's impossible, or illegal even. It makes no sense; would the greeting card mafia have a case against a big webmail provider if one of their users created the "hallmark@BigWebmailProviderDomain" address?

On more than one occasion, I have picked up the phone to find someone YELLING at me about "hacking their server" because of this.

I spend some time explaining it to them. Half the time, they kinda/sorta get it and calm down. The other half refuse to even stop yelling and think about what I'm telling them.

And this isn't some random one-person business I'm dealing with. Today, it was *my bank* that called me to demand to know why my support request email address had "their email" in it.

You would hope a bank, operating an online banking site, would have staff that have at least a passing familiarly with email and the internet. But nope.

To make it worse, this is actually the second time my bank has gotten upset about it.

3/3

#security#hacker#ignorance
Apr 05, 2025, 12:37 AM·Public·Web
1boost·3favorites
Public
🆘Bill Cole 🇺🇦

@cazabon Must be a Canadian thing.... 😀
In 30 years of using single-purpose email addresses I've had only a few confused queries, the last one sometime in the '00s.

ExploreLive feeds
About