Suddenly I started receiving a bunch of scam mails (phishing). I suspect some bot or bot-net is involved, because I’ve received maybe a couple hundred e-mails at the time of writing, all from different (likely auto-generated) senders. With anything from 2-10 emails per day.
The scam is essentially just some phishing, all related to the same topic. I’ve mostly been able to mitigate it by filtering out mails containing certain keywords or phrases that show up in the scam mails. However, the mails change relatively often (about once a day) so every now and then something gets through, and I’ll update my filter.
My question is really if there’s any way I can figure out
- Where this is coming from,
- How they got hold of my email
So that I can try to go after the root cause / prevent other scammers from getting hold of it.
This is what I did years ago. It works great for me.
Got my own domain.
When I’m forced to register somewhere I use <their site+how much I hate them><year>@mydomain.com
So, when EA forced me to register an account on origin, it was fuckea2011@mydomain.com.
If I see an email address start to get phishing and spam, I disable it.
You don’t even need a custom domain to do this. Google, Ms and many others support aliases with a plus (+) sign in the recipient adress.
so if you got john@gmail.com you can freely create new aliases like john+ea@gmail.com, john+amazon@gmail.com and they will all land at john@gmail.com
If your address gets leaked, you can just block emails to that recipient.
I’ve done this for most of my accounts and it works great.
lots of places catching on, won’t let you use + sign when you sign up
Did not exist when I started in 95 😑
Gmail labels are great but they’re not universal, and are easy to strip out.
A lot of sites:
I have an email address I have only ever used with labels but still get spam to the non-labeled address. Spammers and email harvesters are very much aware of this trick, so it only works on legitimate sites.
I havent had a single site not working with a plus
ever had a lobotomy? doesn’t mean they don’t exist.
Fair, just saying i havent had issues with sites, might be europe specific.
If you are bored or a nagging ass like me, you could remind those websites that the rfc (which is the standard for email) expicitly allows plus in emails and they need to allow that.
RFCs aren’t really law you know. They can deviate, it just means less compatibility.
There are plenty of them, just wait!