tips for creating new aliases?
talkinghorse
I am a new e4ward member. I thought it might be helpful to start a
discussion with tips from other members on creating aliases to use for
their DEAs. I am coming over from Mailshell where I was used to just
creating an alias based on the name of the web site or company I was
giving the DEA to. For instance, when signing up for an Amazon.com
account, I would give out amazon@[myuserid].mailshell.com. However, I
am wondering if I should take a more secure approach with E4ward. So
far, I have started to use the random alias generator to create my
DEAs. Below, I have made a list of my thoughts of the pros and cons of
using a simple alias vs. a random alias when creating DEAs.
Using simple aliases (i.e., the name of the web site you're giving the
DEA to)
Pros:
+ easy to remember what alias you used for the web site
+ easy to tell someone what your email address is, for instance, if
you need to call the web site's customer support
Cons:
- if a spammer knows your domain, they can start spamming random
addresses and might hit one of your aliases like "amazon"
- when you tell customer support what your email address is, they'll
think you're weird for using their company name as part of your email
address
Using cryptic aliases (i.e., using E4ward's random alias generator)
Pros:
+ a spammer will never guess one of those addresses
Cons:
- you won't remember what alias you used for a web site without
logging into your E4ward account and checking first
- it will be harder to read your DEA aloud in case you need to call a
company and they ask for your email address
- all of the aliases look alike, so you might accidentally copy the
wrong one and paste it onto the wrong web site
Other ideas:
Another thought I have is to use a combination of the two options
above. For instance, when signing up for Amazon.com, I could use the
random alias generator and then replace part of the alias with the
word "amazon," but leave a few of the random characters to make it
harder to guess the address. This approach could also make it easier
to manage your aliases and to see which alias you are using for a
particular site. I fear that if I only use the random generator, I
might accidentally give out the wrong alias to the wrong site because
their is no word in the address that connects it to that site.
Please post your thoughts on creating aliases!
Me
Like you I'm switching over from Mailshell which I've been using for
years. For me, using an alias that best describes the site/person
you're giving it to is now the way to go. If on the odd occasion I
have also to give a 'disposable address explanation' then to me it's a
small sacrifice (and it doesn't happen all that often for me).
It's just that as I've been switching over, I've been looking through
those hundreds of Mailshell addresses (that's just the active ones)
trying to work out who they were given to. For the most part, because
I've used descriptive aliases it hasn't been too hard, but there's
been plenty of more cryptic ones that I've created. And of course I've
stupidly never used the Mailshell note system. :-( A mistake I'm
rectifying this time around.
But to be honest from a spam point of view I'm not sure it really
makes any difference whether you use descriptive or random aliases.
I've never had more than a couple of descriptive ones compromised due
to any type of dictionary attack. If one has been compromised it's
been because I've posted it somewhere where it was harvested, or it
leaked from the site I used it for. It wouldn't have mattered then how
cryptic it was.
Looking back through my deleted addresses list, I have around 400 of
them. By far the majority of them have been as a result of a
dictionary spam attack, or as a result of bounce backs due to one of
my aliases being faked to send spam or a virus, and because I had the
Mailshell version of 'catchall' turned on they got through. Using
either descriptive or random aliases wouldn't have changed that.
However the deciding factor for me was the fact that I realised
descriptive disposable addresses make it easier to check if an email
is legit or if it's a phishing email. For instance if I sign up for a
service with the alias "service@", and I receive an email from that
service at another address, then I know it's a fake. If it's the same,
then it warrants further investigation to see if it's legit. Using
random aliases makes that phishing test a bit harder to do, because
you can't easily remember which address was used for each site.
Cheers,
Darren