Hacker News new | past | comments | ask | show | jobs | submit login

I was thinking of integrating something like this into my spam filter. However it would probably be something slightly different. Add the "name" into the email as plaintext, this both makes it easy for me to find out where this email came and search for emails from the sender from but also allows this to be automatically verified.

google-{signature}@

Then the spam filter can check that `signature == hash(salt + "google")`. Anything that doesn't fit is marked as spam.

Of course most people don't have a flexible enough spam filter to do this.

You probably also want versioning for leaks. You can bump the version and change your email with the service.




I've done something similar for years, though without the intelligent spam filtering. Every site gets a unique email address that follows a specific patters (e.g. adobe_com@example.com). Most of the sites don't sell or leak my email addresses. It has happened, but the majority of the email addresses I've generated (close to a thousand) do not get spammed. I'd say less than 1%. Most of the spam coming to my domains are to generic addresses like info@example.com or to addresses I didn't populate like william164@example.com.


That's why the signature would be nice though. I get a pretty good amount of spam at basically randomly generated addresses. The signature allows you to drop all of these. Then you can block signed addresses that get sold.

Basically the signature ensures that only you can grant a "token", and you can do so without actually updating the state of your mail server. You only need to update the mail server to block an address that has "leaked".


I've done something similar for years. Every site gets a unique email address that follows a specific patters (e.g. amazon_com@example.com). Most of the sites don't sell or leak my email addresses. It has happened, but the majority of the email addresses I've generated (close to a thousand) do not get spammed. I'd say less than 1%. Most of the spam coming to my domains are to generic addresses like info@example.com or to addresses I didn't populate like william164@example.com.


I felt like prepending the domain was a reasonable request so I've added that as a checkbox. Thanks for the feedback!

Regarding the versioning, perhaps that could be manual editing of the email? or using a different "v2" salt?


I wouldn't want to use a different salt because that would affect all of my emails. But simply putting a number after the domain or similar is likely a simple enough solution.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: