This post is in reference to a procedure I developed to anonymize your email address, similiar to what Abine offers with their Blur product.
I originally thought of this because of all the data breaches that were happening. Those certainly have not waned in recent years.
The overall concept was that database leaks contain your email address and your password. Once someone knows your email address and your password, they can narrow their data set down.
So in order to make hackers' work slightly more difficult, instead of one email address, there is a unique email address for each site, or for each type of service (like pizza@somedomain for all sites used for ordering pizzas).
How Hackers Use Your Email/Password
So if a hacker got hold of a database with your credentials that looked like:
firstname.lastname@example.org : <my hashed or clear text password>
Using that example, 50% of the hacker's work is done since they know your email address. If you happened to use the same password elsewhere, they can check other databases for that hashed password and determine it's the same person.
If your password/email end up in a rainbow table or other hacker's toolkit, it's much easier to track you down and other accounts you may have.
So using a different email for each site helps obscure this a bit. Many security specialists will say security through obscurity is useless and you should not do it, but any help you can get these days is good.
The Other Benefits
In addition to being able to slightly thwart hackers with a minor roadblock, using this method allows you to:
- create an email on the fly
- send emails to more than one person
- determine what companies are sending you spam
- dispose of spam easily for the above culprits
1. Creating Email Addresses On The Fly
This is my personal favorite. When the cashier asks, "what's your email"? I can reply with anything I want, such as
email@example.com. This is possible with a catch-all routing rule.
2.Sending Emails To More Than One Person
Some accounts send important emails. If someone else you know needs to see these emails, you don't have to bother manually forwarding it; just setup a rule to forward it to both of you automatically.
3.Determine What Companies Are Sending You Spam
Since you sign up for each site or service with a unique email, you can immediately tell who is sending you spam or selling your email addresss to someone else.
4.Dispose Of Spam Before It Reaches Your Inbox
When they do this, you can just send their emails into a void before they ever land in your inbox.
- It's now a paid service
- It's more complex then regular email since you have to configure some DNS records
Overall, I've enjoyed using this method. I really wouldn't change much.