Lots of websites, forums, etc, ask you for your email address. I usually make up a unique email address for each for a number of good reasons, including a new one I've just realised today. However, there are also some downsides to the scheme.
I own the edavies.me.uk
domain and have the configuration
on my email service provider set so that
<nearly-anything>@edavies.me.uk
gets delivered to my
normal inbox.
When I need to give an email address to a service, particularly one I
don't overly trust, I make up a different local name based on the name
of the service, the year and month and a couple of letters I make up
on the spot so the address is less guessable.
If I was signing up to example.com
's website I might
use something like eg1608tn@edavies.me.uk
.
Even if you don't own your own domain it may be that you can do
something of the sort.
Some email providers allow additional characters to be added in the
local part of the address,
often
marked with a '+' sign. E.g.,
fred.bloggs@example.com
might, additionally, get messages
addressed to fred.bloggs+eg1608tn@example.com
.
Pros
- I can use Thunderbird filters to put messages directly in the appropriate folder saving time and possible miss-filing.
- Any messages left in my inbox purportedly from such services (telling me to log on to some random site to reactive my PayPal or Amazon account, for example) can be ignored with even more confidence than otherwise.
- If a site passes on or leaks my email address to spammers it's immediately obvious who dun it (example).
Cons
- It's a bit of a faff setting up the address and filter in Thunderbird. In particular, if I find myself replying to such an email I have to remember to set up an appropriate identity on my main Thunderbird account otherwise Thunderbird will make a not-very- helpful choice of the identity to use for replies (see below).
- Also with replies, I can't use my normal PGP key to sign the message. Adding the unique address to that key would defeat part of the purpose as it would leak the address via the key servers. It would be possible to generate a new key for the account, sign it with my main key then include the public key in the email but that's just more faff.
Thunderbird is a bit annoying in this respect in that if there isn't an identity that it knows about in an email it just picks an account to use for replies and not the one which is set as the default. In my case it picks an email account that I only check once in a while. Twice this has left me on the back foot thinking somebody hadn't replied to messages when actually they had - just that their reply was sitting in an obscure mail box I hadn't looked at for a while.
I've now got a partial workaround to that: for the account it picks I've created a PGP signing key and set the account to sign by default but I've given that signing key a different password from my main key so if I do accidentally try to send a reply from the wrong account I'll notice before it's actually sent.
Today, reading Troy Hunt: Website enumeration insanity: how our personal data is leaked, I realised an additional advantage to this scheme.
Many sites use the email address not just as a means of communication but also as a means of identification: the email address is used as the user name. In many cases it's possible to find out if a particular user name is in use on a site - when it's also the email address that allows fairly reliable determination whether a particular person is registered which is not at all ideal (never mind the ridiculous leakage of personal information documented by Troy Hunt). Even if you're not doing anything nefarious it's good to be able to keep different aspects of your identity apart.
By using unique email addresses containing slightly difficult to guess elements (the year/month and random letters) it makes it much more awkward to determine if a person is registered on a particular site. It especially makes it a lot slower to troll through a long list of email addresses if there are few thousand different combinations which need to be guessed for each.