EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 1 Aug 2024, 08:58 PM   #1
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,814
Are aliases worth the effort?

I am expanding on a comment I made in another thread:
Quote:
How often do you have to block an address? I have been using DuckDuckGo's email aliases for awhile now and I have yet to have to block an address. In fact, the only address I have that seems to attract any spam is my oldest Gmail address that I can't block no matter what since it is known and used by so many. In short, I'm not certain about the efficacy of using a different alias for every account. The chances of any one alias becoming a spam magnet are so small that it is a lot of time and effort for very little gain, especially when Gmail's spam filtering is so good.
Creating different aliases for every account seems to be very popular today with the likes of SimpleLogin and others pushing the idea, but is it worth the effort? All it takes anyway is clicking on one bad email link anyway, so to me the importance of spam/phishing filtering is way, way higher than blocking the occasional annoying spam. With my Gmail account I find almost all actual spam is filtered.
TenFour is offline   Reply With Quote

Old 1 Aug 2024, 11:28 PM   #2
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,946
I block practically none.
There are some blocking rules in my Sieve script that I commented out years ago to see if any spam is still coming to those addresses, and it seems that none came, or too little to be bothered with it.
The only alias I block is one that I created in order to block it: years ago I was on Slashdot, and an email address of the form something@slashdot.mydomain.tld was public on my profile there. the way Slashdot "protected" the public address was by putting somethingNO@SPAMslashdot.mydomain.tld, so eventually I started to receive soam at that address or other addresses in spamslashdot.mydomain.tld. Not too much spam. For several years i left it as it was (or routed it directly to a spam folder) out of curiosity: to see what kind of spam spammers send to these addresses. Eventually I got tired of it so I created a spamslashdot@mydomain.tld and blocked it. That's the only alias I block.
I think that the main benefit I get from using various aliases for different purposes is that it is a method to inject my own keywords into email correspondence that I can then use when I search for mail. For instance searching for carinsurance.mydomain.tld would find all my correspondence with the agent that insures most of my cars, despite them having rebranded in the past and then transferring all their business to another insurance agency when the owners retired.
Also using different email addresses for different purposes is a sort of game I got used to. Perhaps in my next life I'd do it differently.
My boys learned it from me and they are using it too, so they must see some benefit in it. They block nothing, so I guess it's mainly as an organizing tool for them too.
Of course it's also a sort of insurance: if ever one of these addresses starts to be heavily spammed, like my old Hotmail address more than 20 years ago, it would be very easy to let it go. So like insurance it's something you buy hoping you'll never have to use it.
hadaso is offline   Reply With Quote
Old 1 Aug 2024, 11:53 PM   #3
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,814
Quote:
Of course it's also a sort of insurance: if ever one of these addresses starts to be heavily spammed, like my old Hotmail address more than 20 years ago, it would be very easy to let it go. So like insurance it's something you buy hoping you'll never have to use it.
I can see the theoretical benefit, but in practice I have found it rarely happens to a single address used for a single thing. Plus it introduces possible problems like not being able to easily recall the address used for a particular thing. That has happened to me numerous times, making it difficult to login or change a subscription to something.
TenFour is offline   Reply With Quote
Old 2 Aug 2024, 12:34 AM   #4
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,814
I have read several different articles like this one that make a compelling case for having three or four addresses: https://www.thetechwire.com/how-many...should-i-have/

The article says the average person has 2 or less.
TenFour is offline   Reply With Quote
Old 2 Aug 2024, 06:27 AM   #5
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,956
Arrow Reasons to use aliases for security

I use Fastmail and have a number of aliases (and subdomain aliases) at both Fastmail domains and my own personal domain. I find aliases useful for several purposes:
  • Sorting messages: I use aliases for certain classes of email I receive and automatically sort those messages by label or folder. For example, all of my utility related bills and notices go in a certain folder. All messages from my bank go in a different folder. All messages from newspapers and magazines go into their own folders. This allows me to easily find all of my electricity bills or newspaper messages.
  • Hobbies and other activities: I use aliases for certain hobbies, usually at my personal domain. So someone I give that alias to can immediately see why we have a shared interest by looking at the email alias. This also helps me by automatically filing those messages when I receive them, and allows me to see why someone might be sending me a message.
  • Data breach discovery: I have found that several accounts have leaked my special alias (or subdomain alias) address I gave only them to spammers. In one case this was my bank, who used a third party company for advertising and suffered a leak of my address. I then blocked that address and set up a new alias with them.
  • So if I get an email sent to one of my hobby addresses which purports to be from my bank, i know it must be phishing spam, since my bank does not even know that email alias. So if there is any reason for me to be suspicious about a particular email I just look at the TO (or delivered-to) address. If the TO address does not agree with the address I use for that sender, I know it is a fake message. This is a well-known security technique - you have a shared secret (in this case a special email alias) with one person or business. No matter where the email was sent from and the content, you know it was sent by that one source, or that source had a data breach.
  • In some cases this ability to discover data breaches resulting in a wide range of phishing spam is extremely useful. Two years ago I was building a new house and ordered some appliances online from two companies which were in the process of merging. So I had email aliases set up for each of them. I have had no business dealings with either one since then, and the merged company went bankrupt earlier this year. But I started receiving large quantities (often several a day) of fake order phishing spam sent to both of these aliases. Often these emails falsely claim that they charged my credit card and want confirmation I actually ordered the item. Of course, these messages are completely fake and they do not have my credit card info and just want to engage me with phishing.
  • Today is a bad day for phishing. So far I have received 6 of these phishing messages sent to the appliance aliases. They purport to be from online payment companies, security software companies, and other businesses with fake invoices and payment receipts. All have attachments they want me to open.
  • It is easy and problem-free to block an alias you have only used with one firm which you no longer business with or whom you know has had a data breach. Since these emails come from a wide range of apparent sources and purport to be a wide range of well-known companies, it is harder to use spam filtering to block them.
Bill
n5bb is offline   Reply With Quote
Old 2 Aug 2024, 06:39 AM   #6
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,814
I understand the theoretical uses for aliases, but I find in reality Gmail just sorts 99% of the spam and phishing into the spam folder. It is so rare to see something in my Inbox unexpected that it sticks out like a sore thumb. I have no need to file anything because Google search just finds it for me. Saves me time both filing and then searching through folders. I find automatic filing of anything just causes wasted time searching for the things that were misfiled. For example, 90% of the email I receive from things like banks and credit cards gets deleted by me almost instantly--I don't want that stuff going into some folder where I won't look at it until I am searching for the one thing I actually want, which is now buried. Maybe I just don't get enough email to see the advantages.
TenFour is offline   Reply With Quote
Old 2 Aug 2024, 08:06 AM   #7
tdf
Junior Member
 
Join Date: May 2024
Posts: 15
Aliases are used not only to avoid spam, but also to avoid social engineering
tdf is offline   Reply With Quote
Old 2 Aug 2024, 10:52 AM   #8
trikotret
Member
 
Join Date: Nov 2021
Posts: 80
I have 190 aliases and only 2 alias were spammed in 2 years. If I can go back in time, I wouldn't bother with 190 aliases. I might just have a few for different categories.
trikotret is offline   Reply With Quote
Old 2 Aug 2024, 01:13 PM   #9
pjroutledge
Senior Member
 
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 144
I too have rarely blocked an alias.

Another value (I don't think it's been mentioned yet) is that in the event that spam or scam is received an alias can be used to identify which organisation or correspondent leaked.

If it's an individual you could let them know that their address book may have been compromised.

If it's an organisation, you know that they have either had a security breach or have sold your email address to advertisers or scammers. Knowing who it is let's you make a decision about whether you want to take some action to secure your account or whether you might want to take your business elsewhere.
pjroutledge is offline   Reply With Quote
Old 3 Aug 2024, 05:06 AM   #10
JeremyNicoll
Cornerstone of the Community
 
Join Date: Dec 2017
Location: Scotland
Posts: 505
I have many aliases.

I /do/ report possible data-breaches to companies when an address known only to them starts attracting spam.

In 2020, one such company in the UK didn't take my report seriously until someone else reported to them that they'd stumbled across confidential data online. They realised then that the prior warning I'd given them (& argued with them in an exasperating to-and-fro discussion) had been correct (my details were in the exposed file). The company's CIO lost his job over this and an external company who'd caused the leak lost their contract. Everyone whose data was leaked got a formal apology, but I also got a specific apology for not being taken seriously. External IT contractors (from two companies) went on to do forensic analysis of what happened, penetration testing, and surveys of the "dark web" trying to find more copies of the leaked file.
JeremyNicoll is offline   Reply With Quote
Old 3 Aug 2024, 08:52 PM   #11
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,814
I've run communications for some nonprofits and I used to work for a big email service provider. We couldn't use aliases and our email addresses were readily available on our own websites. Plus, we constantly received messages from new correspondents. We would receive some spam and phishing messages every day, but most were caught by our junk filters. That showed me the importance of the system filters as the first line of defense with your own brain the second line. Aliases could be a third line I suppose, but for most individuals they may be more work with little gain.
TenFour is offline   Reply With Quote
Old 3 Aug 2024, 09:23 PM   #12
jeffpan
The "e" in e-mail
 
Join Date: Sep 2005
Location: Macao
Posts: 2,238

Representative of:
tls-mail.com
I have four real email addresses,

One for personal use.
One for work purposes.
One for mailing lists.
One for different registrations.

I hate aliases.
jeffpan is online now   Reply With Quote
Old 3 Aug 2024, 10:12 PM   #13
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,946
Quote:
Originally Posted by TenFour View Post
I have read several different articles like this one that make a compelling case for having three or four addresses: https://www.thetechwire.com/how-many...should-i-have/

The article says the average person has 2 or less.
This is advice for average email users. Almost all email users have a very faint idea of how email really works. For most people having 4 email addresses means having 4 different accounts, at the same or different providers, each requiring separate maintenance (that is logging in periodically to see if there,s new mail, or logging in to send a message from the address associated with the account. So even having 4 different addresses is quite an effort for them. Aggregating email for 4 addresses and dealing with them in one place still means for most people having four different accounts, and in addition to that setting up some forwarding or polling so they can receive all mail in one place. For most people it would still mean logging into a separate account when they want to send email from an account that is not the one where they check their incoming email. Setting an email system to handle both receiving and sending for several addresses is the next step, and most email users are not up to it.
Regular users of these forums are in a completely different place: we are all able to quite easily adapt to different sophisticated email systems, so using aliases is not difficult for any of us. It's more a matter of taste. Some of us are so used to working this way that it seems a hassle to stop doing it.
hadaso is offline   Reply With Quote
Old 3 Aug 2024, 10:19 PM   #14
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,946
Quote:
Originally Posted by JeremyNicoll View Post
I have many aliases.

I /do/ report possible data-breaches to companies when an address known only to them starts attracting spam.

In 2020, one such company in the UK didn't take my report seriously until someone else reported to them that they'd stumbled across confidential data online. They realised then that the prior warning I'd given them (& argued with them in an exasperating to-and-fro discussion) had been correct (my details were in the exposed file). The company's CIO lost his job over this and an external company who'd caused the leak lost their contract. Everyone whose data was leaked got a formal apology, but I also got a specific apology for not being taken seriously. External IT contractors (from two companies) went on to do forensic analysis of what happened, penetration testing, and surveys of the "dark web" trying to find more copies of the leaked file.
I think a sensible way for a company to look for such breaches would be to have several "fake" email addresses in their records, that they monitor for incoming mail. once they receive incoming mail in those addresses they can locate the source of the breach. They can periodically change the addresses injected into their records to be able to tell when breaches happen. They can inject different addresses to the records shared with different subcontractors. They can inject different addresses to records used by different departments.
hadaso is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:25 AM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy