Comment by partomniscient

Comment by partomniscient a day ago

3 replies

View on Hacker News

But we haven't started using regular expressions yet...!?

I was fortunate enough that my solution was to host my own mail server 20+ years ago and create a separate email address per relationship with a company, so I can tell the moment some 3rd party has been comprimised when I receive spam on a specific address. My personal spam has been minimal over time.

If for example moc.elgoog@mydomain.com gets spam - I know they're compromised or have sold me out.

Yes gmail has had something similar using the + character, but most people don't know about/make use of this and still abdicate spam filtering to things they don't understand like bayesian algorithms which suffer from false positives. (Have you checked your spam folder for our very important message...?)

Email has never been secure and despite modern updates, I still don't consider it as such. Then again I don't have much to worry about, so I'm ambivalent most of the time. That said, special 'fuck you' shoutouts to Ticketek for being compromised and their general ineptitude and shitfuckery in so many ways... It took them 2 months to respond to an issue I raised with them only to ask whether it was still an issue... (yes, it still is).

Unfortunately I don't know if you could easily manage to convince majority email providers you're legitimite with a new domain in this day and age - I suspect its now a major hurdle to overcome as I've read often enough of mail bouncing because "we've never heard of you until now, so we don't trust you" - which makes communicating with the majority of the world via email almost impossible to build up the trust level you're considered legitimite and that's despite all this extra DMARC, DKIM, and SPF and SSL/TLS supposed safeguards which have appeared over time and I've had to comply with.

Security as an afterthought means its still probably never going to be secure. I've always considered email the equivalent of transmitting plaintext and have always treated it as such. This has led to some pretty difficult situations where I don't email important stuff to a 3rd party just because they expect it and everyone else does it.

kevin_thibedeau 15 hours ago

Google '+' addresses aren't really safe anymore as thieves and some spammers will be sophisticated enough to strip them. You also run into broken validators that reject '+'. Much better to have on-demand wildcards with a custom domain in any format you wish.

Reply View 0 replies
selkin 21 hours ago

It can be summarized that the romanticized ideal of Email is long gone, if it ever existed. Today email is a way for others, mostly automations, to send you notifications.

Once you realize this, the "just keep whatever I have right now" is often the best solution.

Reply View 0 replies
immibis 19 hours ago

Just don't send lots and lots of email. I haven't had a problem yet. But I mostly use my server to receive.

Speaking of which, receiving is free. There are no spam checks when other providers send email to yours. So feel free to only use Gmail when you need to send an email out to a big provider. It's still a 95% win.

Reply View 0 replies