top | item 42865754

(no title)

KarlKode | 1 year ago

Yup. Got my own domain(s) and use a different address for all my services (like with Gmail where you could append +service to your email but with a completely distinct email per service like paypal@mydomain.com). Helped my several times to identify spam & phishing without even having to check the E-Mail itself.

discuss

nzach|1 year ago

My guess is that you probably know what I'm going to write, but a lot of people don't realize this 'Gmail trick' doesn't really work.

The problem is that foo+bar@gmail.com and foo@gmail.com are delivered to the same inbox, so if you are trying to scam someone it is safe to remove anything after the + in a gmail address.

And having a custom domain on gmail doesn't improve your situation, because with just a simple 'dig mx' you can know if the domain is hosted on gmail and apply the same regex to remove all labels.

So, to be less inflammatory the feature works as expected. But it only protects you if the bad actor is really dumb/lazy or if he is honest.

jamesboehmer|1 year ago

I do the same as the person you're responding to. There is no '+' in my email, I just create random strings @mydomain. It's impossible for a scammer to know they all go to one inbox.

fiddlerwoaroof|1 year ago

The other thing Gmail does is ignore `.` in the local part. So, one other trick would be to use particular dot patterns for specific accounts.

johnmaguire|1 year ago

If everything goes to a + address, then any email sent to your base address is invalid and can be trashed.

unknown|1 year ago

[deleted]

joseph_b|1 year ago

I have a feeling spammers don't "dig" anything before removing labels, if they remove them at all.