Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Gmail has an interesting idea to thwart spammers

Gmail has an interesting idea to thwart spammers

  • Comments 7

A reader sent me a link to a list of points that make Gmail really great.  I'm not sure whether or not these points are enough to convince me that Gmail is fantastic, but I admit that it does do some things well (Hotmail does a few things well, also). 

One of the things that I found interesting from supporting points is that Gmail allows you to find out who sold your email address to spammers.

Here is how to use it:

  1. While signing up for any new website enter your Gmail address as your_user_name+website_name@gmail.com.

  2. Don’t worry, you will receive the mails as usual because Gmail doesn’t recognize any combination of words or numbers after the “+” sign.

  3. Whenever you get any spam message just click on the “Show Details” link to expand the email header and find out the email address to which it was sent. 

  4. If you had signed up according to the step number 1, you will be able to find out who gave your email address to the spammer.

This assumes, of course, that you're going to enter in the website where you sign up to receive stuff or get access to something else.  If you do that then I think that you're going to have a pretty good clue who is farming out your email address to spammers.  It lets you track down those guys who say they'll protect your privacy but really don't.

The one drawback to this is that some web pages may get wise to this trick and start cleaning up email addresses by removing everything after and including the + sign up to the @ symbol.  Until they do, I think that this trick has some merit.

Leave a Comment
  • Please add 2 and 3 and type the answer here:
  • Post
  • This is a known hack for those users who use procmail for message filtering.  Unfortunately, there is nothing to stop the address sellers from parsing the LHS of the email address and discard everything from the plus sign up to the at sign.

  • You are aware that this has been available in Sendmail and Postfix (and most likely other MTAs) since many, many years?

  • yeah, this is an old UNIX trick.  works great ;)

  • Old school trick that the spammers are well aware of I'm afraid.

    Postfix has had VERP support since version 1.1 and the recipiennt_delimiter configuration even longer.

    See http://is.gd/kdA for more info.

  • I actually use a variant of this on my home mail server that fixes the problem of spammer's knowing this trick: Don't make the LHS of the + version of your email the same as your real email address.

    So my real email address is mdouglass@...

    When I give out my email address, I give out md+website@...

    If they drop the +website and just send to md@..., the email is thrown away as obvious spam.  

    Yes, it's more polluting of the email namespace, but there's no way for the spammer to get back to my real address and I can still track down who sends me my spam (which is an interesting list, btw).

    I'll also note that this occassionally gets funny reactions when you have to speak to real people at a company.  Someone at vonage gave me a month free because they thought it was so cool I loved their service enough to have it in my email address.  I tried to explain, but she just didn't understand.

  • I find services like sneakemail.com to be preferable.  I can generate as many unique addresses as I want and label each with the web site name I will use it at, I can track how many emails each sneakemail address is receiving (and who they were from), and I can simply delete any sneakemail address that is being spammed.

  • FYI (as a developer of FastMail) I'd like to point out we support this with a few extra tricks as well.

    1. You get an entire sub-domain. So if your account is joe@fastmail.fm, you can sent email to anything@joe.fastmail.fm and it'll get to your account. This is more supported in webforms than +'s as well. Internally anything@joe.fastmail.fm is transformed to joe+anything@fastmail.fm

    2. If you have a folder called "anything", then sending to joe+anything@fastmail.fm or anything@joe.fastmail.fm will automatically go to that folder. Additionally, it'll "fuzzy match" folder names, with case-insensitive matching, and with _, - and space all being equal. Also . will act as a folder separator. So if you send to mailing-lists.listname@joe.fastmail.fm and have a folder called "Mailing Lists/ListName", it'll automatically be put in that folder

Page 1 of 1 (7 items)