Pascal van Hecke recently caught some spam that was sent to a unique email address he gave to Performancing.com. Read the details. One problem is he used a very simple tagged address that could be easily guessed. For example, I would guess that his MyBlogLog email address is mybloglog.com[at]vanhecke.info. So what’s to stop the spammers out there from bruteforcing popular domains at other domains? For example, amazon.com@whatever.
That’s why I use a bash script to create unique email addresses when I register at a new site. The script uses the MD5 function to create a unique 32 character email address. Then it adds the address to my mail server’s virtusertable file. Here’s the script:
echo $password $1 | md5sum –
echo $password $1 $ts >> listing.txt
echo `echo $password $1 | md5sum – | cut -c 1-32`@$domain
echo `echo $password $1 | md5sum – | cut -c 1-32`@$domain >> listing.txt
echo >> listing.txt
echo `echo $password $1 | md5sum – | cut -c 1-32`@$domain pm-list >> virtusertable-list.txt
This is much safer than simply using “their domain name”@”your domain name.” See Bruce Schneie’s Crypto-Gram Newsletter for May 15, 2003 Unique E-mail Addresses and Spam for similar thoughts.