
Medium: A Developer’s Guide to Managing Email Accounts - bulcclub
https://medium.com/@bulcclub/a-developers-guide-to-managing-email-accounts-83ef2c824d4a
======
spectralblu
This sounds a lot like Throttle
([https://throttlehq.com/](https://throttlehq.com/)). How are they getting
around the deliverability issues? If they forward mail along, don't large ISPs
like Gmail ultimately attribute any spam that comes along to their outbound
IPs?

I moved away from Throttle for this very reason, because getting mail
deliverability right is incredibly finnicky. Ended up moving to Fastmail and
using their catchall. Fastmail solved the deliverability problem for me (since
they host the catchall domain), as well as permitting me to send out from any
of my wildcard aliases (thus allowing me to reply in situations where I still
want to keep my real address hidden).

------
kop316
Fastmail has that same technique, and it is very nice. I have run into sites
where I sign up for an email where they do not allow the "+" (presumably to
prevent you from doing a "foo+spam@example.com"). My only concern with this is
it seems like with either way, it would be trivial for a spammer to figure out
your real email address (i.e. spam@foo.example.com, use a regular expression
to convert it to foo@example.com). How hard would it be to maybe alias
foo@spam.example.com and spam@foo.example.com so they both go to
foo@example.com? or maybe spam@foo123.example.com also aliases. That way it
makes it that much harder to derive the original email address.

~~~
Yeroc
If you're using <some-alias>@user.example.com nothing says that
user@example.com has to be a valid delivery address. If I read the article
correctly in fact, that is the case in their implementation. So it's not
possible for spammers to guess an unaliased email address.

~~~
kop316
Upon rereading, you are correct on that. Thanks for clearing that up!

------
jszymborski
this seems a little over-complicated, why not just use a catch-all?

If website example.com requires my email, I provide them with the email
example.com_xxxx@jszym.com where xxxx is a randomly-generated 4 (or more)
character code. I save the email and password in my password manager.

This way, I can blackhole compromised emails, and also prevent spear-phishing
by checking the 4+ letter code.

I don't wish to be overly negative, and this is a problem-space ripe for a
solution, but this service can vanish tomorrow and take with it all the sites
I've subscribed to.

I was thinking just today that it'd be cool for the next generation of email
to require a sort of OAuth login to get permissions to send you automated
emails. You can then just revoke the API access for a rogue/compromised
service.

------
craftyguy
It's a free service... so what's the catch?

~~~
Terretta
"Free. Forever."

How? Not answered in the FAQ.

