Thursday, August 16, 2012

Simple Way to Increase Security and Privacy and Reduce Spam

A few years ago I came up with a technique to reduce my spam messages. I'm sure I wasn't the first to think it up, but it's worked very well for years and I've never missed a real message or wasted too much time on spam. After IOActive released some privacy research they've done this week I realized this can help with that too. 

If you haven't followed the story, IOActive did some automated scanning of popular web services for high-profile executives. They were looking to find out whether people like Steve Ballmer use Dropbox, or if the CEO of Zappos uses Nikeplus.com (yes in both cases). This was accomplished by attempting to register for these sites using the executives' official corporate email address. 

Their approach was a pretty clever way to get the information. There may be a perfectly valid reason for some of the findings. For example, if an executive publicly announces his and his company's support for another service. But the number of results - 930 accounts across 840 executives - suggests that at least some of these are for personal use.

My Technique

I use a different email address for each new account I set up. But I don't have to create tons of new free accounts at Gmail or Hotmail. I own several domain names, one of which is just for creating throw-away email addresses. Any email to that domain gets redirected to my primary email account. Once it's there, it is put into a folder without ever hitting my inbox. 

Sounds like it might be tricky to remember all these addresses, but it's not really. I just use a consistent formula for coming up with the address. For example, "site.com@domain.com". To remember your account name just look in the browser bar. 

And ever since I started using a password manager it's gotten even easier and more secure. I just create a random name and password and store it all away. The software figures out my username and password, I just have to click a couple of buttons.

Fighting Grey-Mail

If you're not familiar with grey-mail, it's the emails you get that come from accounts you've signed up for on the Internet. Now these aren't quite spam, because they come from known senders to accounts you provided, but then they're also not something you want to wade through constantly. 

I woke up this morning to about a half-dozen new pieces of grey-mail in my email. But I didn't have to look at any of it, I only know the number because I clicked on the folder I have that collects it automatically. The system I use works perfectly because it's automated, I have total control and it never misjudges an email. 

I simply dump all the messages that come in but aren't addressed to me directly over to a folder. I check that every once in a while and try unsubscribing from the biggest offenders. It usually works, but sometimes it doesn't. And of course if I'm expecting anything then I go check that folder.

Increasing Security and Privacy

And this also adds a little more security to your accounts. But it's the security-through-obscurity kind of system, so don't rely on it solely. If you're the kind of person who reuses passwords - and just about everybody does this to some extent - then you have some additional protection against password reuse attacks. If a hacker has the account emails and passwords for one of your accounts, they can't then get into other accounts without a little extra work. That won't stop a determined attacker, but it will protect you against somebody just running a list.

The Result

I still get spam emails. Even with this system every day I get a handful of messages that show up in my spam folder. But it's not many - in fact, far less than the grey-mail number. In the last month I have gotten 9 spam messages, but over 150 grey-mail. 

The only people who have the email address I use are my friends. So either my friends' accounts have been compromised or somebody guessed my email address. But still, only 9 spam messages per month and no time wading through grey-mail is pretty spectacular! And as a side benefit I'm protecting my privacy and security a little bit more.