Stop email spam with Canary Emails

This security engineer mentioned offhand that he liked to create a unique email for websites that were "sketch". Then he could simply delete the email if he started receiving spam...

Stop email spam with Canary Emails

Ten years ago I was a bright eyed intern in an IT department. I had no idea what I was doing. I remember having a short 5 minute conversation with security engineer we will call Bob. I still remember that converstaion and today I will pass along his advice to you.

Bob (The security engineer) mentioned offhand that he liked to create a unique email for websites that were “sketch”. Then Bob could simply delete the email if he started receiving spam.

Being true to my nature I mulled over Bobs advice over the next few days and took it to the next level. Over the next week I scrambled to transfer every account I owned to a unique email address. I setup a catch-all email on my hosting provider to reduce signup friction.

For example here are some of the 800 logins I have in my LastPass Bitwarden account:

  • amazon@example.com
  • americanAirlines@example.com
  • discord@example.com
  • envato@example.com
  • facebook@example.com
  • monoprice@example.com
  • microcenter@example.com
  • netflix@example.com
  • offerup@example.com
  • pluralsight@example.com
  • rachio@example.com - Smart Spinkler
  • selectBlinds@example.com - Ordering blinds for a remodel

Despite our best efforts at many times we are required to make accounts. I treat my actual @gmail.com address like a treat my social security number. Now you might be telling yourself that a few of the emails above are unnecessary because the brands are well know. But using a unique email for EVERY website provides a few additional advntages besides security.

Advantages

  • Detect when a company has sold your information on been hacked
  • Delete a email address as a permanent unsubscribe
  • Combined with temporary email services like 10minutemail you can reduce or eliminate spam
  • Reusable discounts! Does your ISP jack up your rates every 12 months? Not a problem just signup under a new email. Please use responsibly.

Disadvantages

Services like https://haveibeenpwned.com/ doesn’t work :‘(

A note about @gmail + emails

GMail offers a similar concept by treating all addresses after the first + as a catch-all. For example [email protected] will forward to [email protected]. It’s not the same. Any spam service worth it’s weight will automaically remove the + and trailing content. That’s the flaw with using gmails + feature for spam filtering, it exposes your real email!

Final thoughts

It’s been a bit over 10 years since I originally switched to canary emails. I’ve convinced most of my friends to use canary emails. Most have given great feedback after a few months. I’ve even received a few excited phone calls when friends discover their email address has been sold.


Want to take it to the next level?

Credit Card Number

Privacy.com allows for a similar concept but for credit cards

Phone Numbers

Use your free google voice number when the phone number is a required field on any website

Phone Contacts

This github project is looking to “poison” phone contacts. Sadly in order for this to be effective a large portion of your contacts would need to also “poision” their contacts.