Stop email spam with Canary Emails
This security engineer mentioned offhand that he liked to create a unique email for websites that were "sketch". Then he could simply delete the email if he started receiving spam...
Ten years ago I was a bright eyed intern in an IT department. I had no idea what I was doing. I remember having a short 5 minute conversation with security engineer we will call Bob. I still remember that converstaion and today I will pass along his advice to you.
Bob (The security engineer) mentioned offhand that he liked to create a unique email for websites that were “sketch”. Then Bob could simply delete the email if he started receiving spam.
Being true to my nature I mulled over Bobs advice over the next few days and took it to the next level. Over the next week I scrambled to transfer every account I owned to a unique email address. I setup a catch-all email on my hosting provider to reduce signup friction.
For example here are some of the 800 logins I have in my LastPass Bitwarden account:
- amazon@example.com
- americanAirlines@example.com
- discord@example.com
- envato@example.com
- facebook@example.com
- monoprice@example.com
- microcenter@example.com
- netflix@example.com
- offerup@example.com
- pluralsight@example.com
- rachio@example.com - Smart Spinkler
- selectBlinds@example.com - Ordering blinds for a remodel
Despite our best efforts at many times we are required to make accounts. I treat my actual @gmail.com address like a treat my social security number. Now you might be telling yourself that a few of the emails above are unnecessary because the brands are well know. But using a unique email for EVERY website provides a few additional advntages besides security.
Advantages
- Detect when a company has sold your information on been hacked
- Delete a email address as a permanent unsubscribe
- Combined with temporary email services like 10minutemail you can reduce or eliminate spam
- Reusable discounts! Does your ISP jack up your rates every 12 months? Not a problem just signup under a new email. Please use responsibly.
Disadvantages
Services like https://haveibeenpwned.com/ doesn’t work :‘(
A note about @gmail + emails
GMail offers a similar concept by treating all addresses after the first + as a catch-all. For example [email protected] will forward to [email protected]. It’s not the same. Any spam service worth it’s weight will automaically remove the + and trailing content. That’s the flaw with using gmails + feature for spam filtering, it exposes your real email!
Final thoughts
It’s been a bit over 10 years since I originally switched to canary emails. I’ve convinced most of my friends to use canary emails. Most have given great feedback after a few months. I’ve even received a few excited phone calls when friends discover their email address has been sold.
Want to take it to the next level?
Credit Card Number
Privacy.com allows for a similar concept but for credit cards
Phone Numbers
Use your free google voice number when the phone number is a required field on any website
Phone Contacts
This github project is looking to “poison” phone contacts. Sadly in order for this to be effective a large portion of your contacts would need to also “poision” their contacts.