PRODUCTIVITY: Use TWO gmail accounts to protect an ISP email account

Saturday, December 16, 2006

Many people advocate using a gmail account to protect against spam.

In my normal blundering way, I’m using two gmails to protect my ISP account from spam, and giving me a fully authenticated email address using gmail’s plus sign feature.

So let me see if I can explain how to duplicate the Yahoo AddressGuard. You can create and manage disposable email addresses to defend your primary address against spam. In Yahoo’s offering, they assign you a base name, unrelated to your real email name. Then Yahoo allows you to create suffixes that are just a string of characters. A real email address is created by base name, a minus sign, a suffix, and @yahoo.com. The suffix gets appended to the base separated by a a minus sign. (Great minds think … differently!) So if your real name is ABCDEF and your base name is ZXCVBN, then you can create, for example, ZXCVBN-EBAY. Then the address ZXCVBN-EBAY@yahoo.com will forward to ABCDEF@yahoo.com and you can even send from ZXCVBN-EBAY! Should your ZXCVBN-EBAY get spammed, then you can turn it off! They are easy to create, but there is no reporting or database with it. AND, it ain’t free!!!

So I sought to recreate that capability with GMail.

To refresh your memory, GMAIL (to their credit) has innovated by adding the capability to allow a plus sign in the email address. So if your gmail email address is abcdef @ gmail dot com, then you can put anything you want after a plus sign. So if email comes addressed as abcdef + fedcba @ gmail dot com will get delivered to your email account and you can test on that stuff after the plus sign.

Web sites may choke on the plus sign. (Gripe at them and don’t use their site till they fix it!)

I wanted to keep the base name concept. And, you want to control & database those suffixes. So here’s my concept.

I have an ISP account I want to protect called NORMAL@isp.com. So I created a “front door” account called FRONT@gmail.com and a “back door” account called WEIRD@gmail.com.

To test it all out I set it up so that FRONT forwards to WEIRD and WEIRD forwards to NORMAL. When it all works, I break that forwarding.

So far no big deal, just moving a lot of messages around. Except that FRONT does get vacuumed for spam by Google.

Now lets start using suffixes.

I created a table of suffixes and record where I use it. I then create a filter in the FRONT gmail that forwards FRONT+suffix to WEIRD+suffix. Then over on WEIRD, I create a filter that forwards WEIRD+suffix to NORMAL.

NOW:

* NORMAL only gets authentic pre-approved email.

* WEIRD is the protected hidden yahoo BASENAME equivalent.

* FRONT messages without a suffix get stopped there.

* FRONT and WEIRD get Google’s vacuuming for SPAM.

* If WEIRD is guessed by an alpha spammer, doesn’t move to NORMAL without a filter.

* Should any suffix be compromised, it can be stopped quickly by deleting the equivalent WEIRD filter.

* A web site, or intruder, who drops the suffix, to spam you, doesn’t reach NORMAL.

I think you need WEIRD, the second hidden BASENAME equivalent, so that you can change FRONT from time to time as needed. You could also have multiple “front doors” (i.e., FRONT1; FRONT2; etc.) feeding one WEIRD.

This a free solution equivalent to Yahoo’s address guard. It’s a great spam preventive.

For example, I now give each use of my gmail address a unique unguessable random code. (You expected different from a fellow who uses long strange email addresses?) Any email that arrives without a “plus code” is suspected of being spam. Should I get spam, I can pinpoint where the breakdown occurred.

Your comments, please?


%d bloggers like this: