Gmail, Spam
I just want to get this out there because people seem to make this mistake a lot and it really irritates me… In gmail, you can easily set up quasi-aliases with the ‘+’ sign. For example, if my email address is ‘joe@gmail.com’ (it’s not), any email to ‘joe+povert@gmail.com’, ‘joe+flappingcrane@gmail.com’, etc will just go to ‘joe@gmail.com’. In fact, you don’t even have to set it up. Just adding +anything will work.
This can be very useful, because you can filter based on this. So, if I get news updates from some news site, I can have them send it to ‘joe+news@gmail.com’. I can set up a filter to have any emails to ‘joe+news’ go into the news folder. This is very convenient, because you don’t have to filter based on the sender’s email address, which, after all, could change.
Here’s the problem — Some people think it’s a good idea to give ‘joe+spam@gmail.com’ to websites that they think they might get spam from. They figure they can just filter any email to ‘joe+spam@gmail.com’ to be sent to the trash.
That’s a complete mistake because you can easily derive the actual email address. That is, take out the “+spam” and you have ‘joe@gmail.com’. They can then send you spam there, and your filter rule won’t catch it.
Here’s an easy demonstration. If you have access to a UNIX or Mac OS X box, create a text file. Put this in it:
joe+spam@gmail.com
Now, assuming the file name is “email.txt”, just run this one-line command:
grep gmail.com email.txt | sed 's/\+.*@/@/'
There you go. ‘joe@gmail.com’. For a quicker demonstration, just type echo ‘joe+spam@gmail.com’ | sed ’s/\+.*@/@/’ at your prompt. This ain’t rocket science. Anyone with passing knowledge of programming can do this. Websites can easily make the conversion automatically, right when you submit it. They can put it in their database and spam away.
There are better ways to avoid spam. You can easily set up throwaway accounts on Yahoo!, Hotmail, whatever (in fact, I think that that’s all Hotmail is good for, but anyway…). You just have to be sure to check them every couple of weeks to make sure the account doesn’t get closed. I own a few domains, and I set up my own throwaways without taking up Yahoo! or whoever’s space.
Of course, gmail may catch the spam anyway with its filter, but that’s beside the point.
Here’s some examples of people making this mistake, either by not noticing the problem or downplaying it:
- Avoiding spam with Gmail
- HOWTO Forward Gmail Messages To Your Cell Phone
- Gmail + Aliases
- How to use Gmail aliases to organise emails and handle spam
Even gmail’s help section implies that it might be useful to eliminate spam, though they don’t quite come out and say it.