On 2/25/07, talkinghorse wrote:
> Hello,
> I am a new e4ward member. I thought it might be helpful to start a
> discussion with tips from other members on creating aliases to use for
> their DEAs. I am coming over from Mailshell where I was used to just
> creating an alias based on the name of the web site or company I was
> giving the DEA to. For instance, when signing up for an Amazon.com
> account, I would give out amazon@[myuserid].mailshell.com. However, I
> am wondering if I should take a more secure approach with E4ward. So
> far, I have started to use the random alias generator to create my
> DEAs. Below, I have made a list of my thoughts of the pros and cons of
> using a simple alias vs. a random alias when creating DEAs.
> Using simple aliases (i.e., the name of the web site you're giving the
> DEA to)
> Pros:
> + easy to remember what alias you used for the web site
> + easy to tell someone what your email address is, for instance, if
> you need to call the web site's customer support
> Cons:
> - if a spammer knows your domain, they can start spamming random
> addresses and might hit one of your aliases like "amazon"
> - when you tell customer support what your email address is, they'll
> think you're weird for using their company name as part of your email
> address
> Using cryptic aliases (i.e., using E4ward's random alias generator)
> Pros:
> + a spammer will never guess one of those addresses
> Cons:
> - you won't remember what alias you used for a web site without
> logging into your E4ward account and checking first
> - it will be harder to read your DEA aloud in case you need to call a
> company and they ask for your email address
> - all of the aliases look alike, so you might accidentally copy the
> wrong one and paste it onto the wrong web site
> Other ideas:
> Another thought I have is to use a combination of the two options
> above. For instance, when signing up for Amazon.com, I could use the
> random alias generator and then replace part of the alias with the
> word "amazon," but leave a few of the random characters to make it
> harder to guess the address. This approach could also make it easier
> to manage your aliases and to see which alias you are using for a
> particular site. I fear that if I only use the random generator, I
> might accidentally give out the wrong alias to the wrong site because
> their is no word in the address that connects it to that site.
> Please post your thoughts on creating aliases!
Nice, your analysis hits all the points.
True, reading back the the company name or person's name nearly always
befuddles or arouses suspicion. We still have not come up with a 25
word explanation of disposable email addresses, that doesn't make most
casual user's eyes glaze over! (but almost everyone knows what spam
is).
And yes, using a random address is not great if it has to be read
aloud. We usually just go with the website or company name. Aliases
for sites like amazon never seem to leak out. It just depends on the
website or company.
But to combat alias leaks, we recently added a feature called reverse
path filter. Basically it allows you to whitelist a forward, which has
proven surprisingly effective. See
http://help.e4ward.com/e4ward/30#reversePathFilter for instructions
and caveats.
Adding a random character or two to the alias seems like a good
insurance against guessing attacks, if you want that coverage and
don't mind the 'premium'. FWIW though, random guessing have been rare,
at least for <user>.e4ward.com domains as opposed to personal domains.
|
