Emails are important. They are your identity on the web. Just like on phone, you’d want to control who can contact you via email. This warrants caution in signing up at places on the internet. It can be unsafe to register with the personal email address on new services for multiple reasons:
- Bulk data breaches are fairly common. You don’t want your email address out there for bots around the world to feed on.
- The service you are signing up for may itself be malicious. Or worse, it may be Facebook!
- Same email address on every service can make it simpler for bots to break into your accounts once they succeed in attacking one.
- There are actual services dedicated for creating single points of catastrophic failures utilizing email addresses.
These sound upsetting, but are indeed manageable to an extent. One trick that I use is tagging the email address. It is a fairly common practice among programmers. Most popular email services support this.
What do I mean by tagging? Lets take Jon’s email:
[email protected]. His
sister, Arya, will know this address as is. But for the untrustworthy
Lannisters, he tags the email:
[email protected]. When someone
writes to this address: he will receive the mails knowing that Lannisters were
email.wfhere is a fictional service, analogous to
gmail.com. I didn’t want to accidentally use an actual email address.
One may use a similar technique while signing up for services on the
internet. Say Jon wants to register on
- In Night’s Watch registration form, he’d use
[email protected]as the email. The tag
+nighstwatchhere is arbitrarily chosen.
- Jon will get the confirmation mail in the original account. Being prudent, he’ll verify that the mail it does have the correct tag in the to address.
email.wflets Jon send emails with the tagged address. This is useful for talking to the customer care. GMail users can go to:
Settings -> Accounts and Import -> Add another email address you own.
and filling up the form with the tagged address.
This means Jon can have practically infinite email addresses. Why is this helpful?
- Jon can collect all the mails from Night’s Watch at one place, specially when their mails aren’t consistent enough to write filters.
- If the credentials for the Night’s Watch account were to be leaked, say through Phishing, other more important services like the email account itself would not be as vulnerable.
- One cannot track Jon’s movements across various accounts/profiles through his email.
- Sites which don’t allow tags in the email address can be a red flags for Jon. He can assume that they’d have terrible developers/management and look for alternates.
Making this into a habit will require a bit of discipline. But eventually, it gets instinctive.
On a related note, this is an interesting book, that talks about Phishing through email in the real world.