Hacker News new | comments | show | ask | jobs | submit login

This sounds like a cryptographic way to achieve the aliasing scheme many people already use, e.g "chatmasta+hackernews@gmail.com".

Your proposal requires at least the status quo (aliased email address at signup), but the problem is it also requires cooperation of the receiver's email provider (e.g. gmail) and the sender's email provider. You are unlikely to ever see any new standard adopted by all major email providers, unless it came through a standards committee.

But your idea is interesting. Perhaps you could lower the cost of adoption by replacing the dependency on TLS/SSL with some sort of pgp signing scheme. This way all the "protocol" happens within the message body, so email providers do not need to adopt a new standard. As long as at least one website and one user implement the protocol, it can work without any cooperation from third parties.

As an aside, it would also be nice if password managers included functionality around generating temporary/isolated email addresses.

There are services like 33mail.com, which I've used for years, which do exactly that. You give a service an email like servicename@chatmasta.33mail.com (or a custom domain, if you're on a paid plan), and then you can block/unblock/track emails per username.

Actually curious, so if I understand you correctly what you are saying is that a receiver had some software generated an address like johndoe+A16789HFF...@gmail.com and then sent it to the sender for use, that would require email providers cooperation. I am not clear on the "cooperation" parts work. I THINK its basically that email providers block emails based on other criteria like DNSBL. And the "cooperation" bit is to get the providers to manage these cryptographic email addresses like guard against their possible misuse?

That's more-or-less what I was thinking. The receiver would require understanding of the signature to white-list the message; the sender just sends to an email address as they would normally. No or invalid sig would fall back to our current anti-spam methods.

why not just add +sitename to your email when you sign up..... eg me@example.com becomes me+flickr@example.com ? it's just a comment that will be ignored. I don't feel that we need software support to help with that. Your password manager will store that address (since it's probably your username) and help you fill it in / remember it when you come back to the site.

> it's just a comment that will be ignored.

It’s not a comment. Some mail services allow you to have aliases in the form of normal-username+something@service.com but that doesn’t mean all do. If it were a comment the address +@example.com would be invalid but it’s not. Comments in email addresses are written in parentheses like username(i'm_a_comment)@example.com.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact