Re: Modern best practice for putting a contact email on the web
Celejar wrote:
> On Mon, 5 Apr 2021 14:12:07 -0400
> Dan Ritter <dsr@randomstring.org> wrote:
>
> > Celejar wrote:
> > > Hi,
> > >
> > > What's the recommended modern best practice for putting a contact email
> > > address on the web while avoiding having it scraped by spam / fraud
> > > bots?
> >
> > Assume that every address will be hit by spammers and scammers.
> > Put in appropriate antispam and antimalware precautions.
>
> Okay, but why isn't trying to limit spammers getting hold of an address
> a logical part of a defense in depth strategy?
Because it doesn't work. If it worked as well as, say, moving
your SSH port*, I would encourage it. It does not.
*Moving your SSH port does nothing for your security; it does
reduce the number of log entries to ignore.
> > Train your people to recognize spam and scams.
>
> I'm talking about a small hobby project that I run in my spare time. I
> just want to reduce spam to an address that I may put up to allow
> people to reach me.
OK, use tagged addresses. Gmail has that feature for free.
I'll give you an example: when I registered for an account on
tvtropes.org, I handed them dsr-tropes@randomstring.org.
A few months later, I knew that their database had been raided,
and since I had never received anything useful at that address,
I told my mailfilter to drop dsr-tropes@ into the spam bin.
celejar+debianusers@gmail.com will be directed to your GMail
account. So will celejar+celerysticks@, celejar+support@, and
celejar+supportApril2021@gmail.com.
When the spam load becomes too much, change it on the support
page and tell Gmail to spam-bin the old address.
-dsr-
Reply to: