Tanguy Ortolo

For hurried readers: do not give your main email address to Moneybookers or to deviantART, since they may give it (unintentionally, I hope) to spammers.

Dedicated addresses

Since I have set up my own email server, when a company or an unknown individual asks for an address I give it a dedicated one. For instance, to make a payment I had to give an address to Moneybookers: instead of giving them my main address <tanguy@>, I used <tanguy+moneybookers@>.

Thanks to Postfix's address extension feature (look for “recipient_delimiter” in postconf(5) manpage), these <tanguy+whatever@> are all implicit aliases to my main address. This practice has several benefits, since it allows me to:

• easily sort messages to dedicated mailboxes;
• identify who sold or gave away my address to spammers when I start receiving tons of spam to <tanguy+moneybookers@>;
• easily block that kind of spammers.

Working around lamers

Some systems are coded by lamers that think the “+” sign is forbidden for email addresses, so I have to work around that. My current solution it to use a static alias <tanguy-2012@>, which I simply drop after a year to replace it by a new one.

Two years report

After two years collecting spam, the first noticeable thing is that, among 5.5k spams I received, only 78 are the result of an information leak from an organization. I excluded from that count the addresses I use in public mailing-lists, for instance <tanguy+debian@>. So, after some fine exclusion and checking of messages, these are the only two organizations that somehow gave my address to spammers:

1. Moneybookers: 43 spam messages received;
2. deviantArt: 35 spam messages received.