[HN Gopher] Tmpmail: Temporary email right from your terminal wr...
___________________________________________________________________
Tmpmail: Temporary email right from your terminal written in POSIX
sh
Author : thunderbong
Score : 77 points
Date : 2024-08-14 14:03 UTC (8 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| vessenes wrote:
| Love this. Nota bene, it uses 1secmail.org's API on the backend.
| Still love it.
| xelxebar wrote:
| Started running my own email server about 10 years ago for
| essentially this use case. Every entity I need to give an address
| to gets a unique, randomly-generated one. I figured this would
| let me spot the leaks.
|
| After roughly 1000 addresses handed out, surpisingly only two
| sources end up receiving spam: 1) addresses that I've posted on
| public forums, and 2) the address I use for patches to GNU
| software.
| nobody9999 wrote:
| >Every entity I need to give an address to gets a unique,
| randomly-generated one. I figured this would let me spot the
| leaks.
|
| I do the same, except I don't use a randomly generated address.
| Rather, I use something that identifies who it is. e.g., if I
| had a relationship with Tesla, the email address would be
| 'tesla@myemaildomain'.
|
| What (if anything) is the advantage of using a randomly
| generated email address over the scheme I use?
|
| N.B., I'm not dissing your strategy at all. I do exactly the
| same. I'm just curious about the "randomly generated" bit.
| jmuguy wrote:
| I would guess just speed of creating the addresses/not having
| to worry about using same address twice accidentally
| dasyatidprime wrote:
| Not the parent commenter, but I've encountered "people from
| the counterparty organization get confused and wonder whether
| you're part of it too / pretending to be part of it too".
| This can be mitigated with some obscuring transformation.
| nobody9999 wrote:
| >Not the parent commenter, but I've encountered "people
| from the counterparty organization get confused and wonder
| whether you're part of it too / pretending to be part of it
| too". This can be mitigated with some obscuring
| transformation.
|
| A fair point. Thanks!
|
| Personally, I can't be bothered and when (not if -- the
| scenario you've outlined has happened with me) folks get
| confused, I just explain that I do it to fight spam and
| they generally just nod agreeably. Whether they get it or
| not isn't my concern -- knowing whose user database has
| been pwned is.
| xelxebar wrote:
| When I started, I wanted the addresses to look as innocuous
| as possible in order to avoid unnecessary explanations.
| Filling out paperwork that people hand inspect is one case
| where that can cause issues. I have also heard of people
| getting filtered as potential spam accounts when the email
| address matches the service name or whatnot.
|
| Anyway, I just use pwgen to generate plausible-looking
| addresses: pwgen -A0 10 1. They often look like realistic
| abbreviations of names.
| nobody9999 wrote:
| Thanks! It makes sense, but I'm too lazy to bother.
|
| I haven't seen my email get filtered, even after more than
| a decade, but I suppose it could happen.
|
| If I do run into something like that, I can always fall
| back on pwgen. Thanks again!
| ForOldHack wrote:
| I cannot thank you enough for your contributions to GNU.
|
| I always use the dingleberry subdomain that goes nowhere,
| except when an actual human interviense. Goes straight to the
| bitbucket, and 1 out of 10 gets a pervue to see if I need to
| add the source to my reject list which my ISP keeps peeking
| into for changes to their reject list.
| JOnAgain wrote:
| The real value of this, IMHO, is that it makes it much harder
| to match you against services and in ad platforms. Hashing
| email addresses is the primary way user data is exchanged.
| Szpadel wrote:
| I use self hosted anonaddy instance for such purpose and have
| dedicated alias for each registration.
|
| It forwards received emails to my main mailbox with added
| header telling me source email with note about where I used
| that address.
|
| that way I discovered few sites that were bought by some entity
| and that sold my email to some crypto 3rd party
| mvelbaum wrote:
| 1. does anonaddy support ARC?
|
| 2. are you able to reply to the email?
| Szpadel wrote:
| 1. In case dmarc is not passed you get extra red banner
| with warning to forwarded email
|
| 2. Yes you get special email to reply-to field that allows
| sending from alias, but you have to make sure you remove
| included banner containing alias deactivation URL from
| quoted part of reply. You can disable this header but in my
| case I needed to reply only few times
| alchemist1e9 wrote:
| I've recently been the target of many attempts to hijack my
| gmail account, including even phone calls with live agents
| impersonating google "security team". Successfully hijacking my
| gmail address could be catastrophic for me and others I assume.
|
| Anyway I was wondering if self hosting an email server might
| allow for a security layer for those of us sophisticated
| enough. Especially if we own our own domain. Ideally my email
| address with access to financial services would have 2FA to
| both read and send emails for example. Don't even think there
| are clients or protocols but perhaps with self hosting this can
| be rigged up with various tricks like port security opening
| only with a 2FA message.
|
| I'd be curious what other perspective on this issue is.
| jamal-kumar wrote:
| It's a decent amount of upkeep and cost, but I get paid do it
| for a bunch of clients who desire this for their companies
| and have my own which is humming along great. If you go the
| route of a script to set everything up I found iredmail to be
| the most mature and reliable solution, even if the upgrade
| path is super manual at least it gives you a chance to know
| at what point things went wrong rather than having to pour
| over logs to fix something broken that is running in
| production. It also pairs nicely with open source failover
| solutions and if you need enterprise support they're
| extremely responsive. Bonus points for getting it working
| with your phone for backups of contacts, calendar and notes
| with CalDAV or whatever to really decouple yourself from
| cloud services with shady terms (I had to pay for an app on
| my phone for this to really work, but it works great).
| Setting your whole mailserver up manually is also an option ,
| but be prepared to sink like a month of time into learning
| how the hell to do that. This is technology from the 1970s
| with a ton to get it working in the modern world after all.
|
| Just be wary that you'll have to upgrade kinda often. I keep
| subscribed to github alerts for iredmail as they're really
| prompt about notifying their customers when they need to
| patch security holes.
| ForOldHack wrote:
| Imagine a threaded mail reader with this feature from say, 1987?
| I would pay for a threaded HN news reader.
| nextos wrote:
| Gnus is not too far from that if someone maps HN to NNTP.
|
| I think there are some HN to NNTP bridges available.
| xelxebar wrote:
| After trying a few different CLI mail clients---mutt/neomutt,
| s-nail, etc.---I've come to love the approach of mblaze[0],
| _i.e._ just a collection of commands to interact with maildirs,
| which can be separately managed by OfflineIMAP or whatever.
|
| I'm curious how mblaze+offlineimap compares to other similar
| setups: nmh[1], fdm[2], and getmail.
|
| [0]:https://github.com/leahneukirchen/mblaze
|
| [1]:https://www.nongnu.org/nmh/
|
| [2]:https://github.com/nicm/fdm
| rakoo wrote:
| Shameless plug because tpis is also my approach: combine with
| fzf and a few shell scripts and the sky is yours
|
| https://sr.ht/~rakoo/omail/
| nonrandomstring wrote:
| Nice use of Unix philosophy and some well said things about
| why. Thanks for sharing these.
___________________________________________________________________
(page generated 2024-08-14 23:00 UTC)