One of the nice things about having your own domain name and using it for email is the ability to create specialized email addresses for different sites.
I’ve been doing this for some time now. I started with OtherInbox but have replicated the same setup with my personal domain.
My email is configured to deliver all email to one main address. This is generally referred to as a “catch-all” address.1 Since my email is managed through Google Apps, I can use Gmail-style filters on my incoming mail. However, rather than checking the “To:” line (which may not be present, or which may be aliases), I filter messages using the “Has the words” field using the keyword “deliveredto:” followed by the email address I want to filter.
You can see an example here:
You may be used to filtering email newsletters, etc using a “From:” line, but companies will often change that line, and end up bypassing your filter. If you have a special email address for each company, you can ensure that they aren’t able to evade your filters.
Problems
If sites which use Gravatar, which matches against your email address to tie your avatar to your comment, I just use my generic Gmail address, which is tied to my Gravatar account.
The only other problem that I have run into using this setup is when I have forgotten my username/password for a site and it wants to know my email address. If I haven’t been there for awhile, I may not remember if I had used my generic Gmail address or a site-specific address, but generally it only takes one extra attempt. I generally try my Gmail address first, and if that is not found then I will try a site-specific address.
Extra Layer of Phishing Protection
This setup also gives me an extra layer of protection against “phishing” — receiving emails from PayPal or other sites telling me that I need to give them some personal information. Since all of my real PayPal emails are sent to one specific address, I can tell just by looking if it was sent to the “right” address for PayPal.
(PayPal of the few sites where I do not use the domain name as the email address. I chose an easy-to-remember-but-unique email address instead.)
Again, the only problem here is when I buy software using my PayPal account (which I only do if I have no other option), PayPal sends the developer my special PayPal address, which is what gets used for the registration information, instead of an address of my choosing. Generally all I have to do is forward the receipt email to the developer and ask them to change the email address and they are happy to do so.
Isolation
One of the reasons that I mention this today is that I’ve heard of at least two sites, LinkedIn and Amazon, which have automatically disabled accounts which used the same address as those which were used at Gawker since that site had a huge security breach this week, resulting in email addresses and passwords being published online.
If you use different email addresses for different sites, it’s a minor bit of protection against people who are, right now, trying brute force attacks using the email address and password combinations on different sites. Sure, if they look at the files they might see your “amazon@” address and try other ones, but it’s less likely that you are going to catch their interest. Obviously it is much much much much much more important that you never reuse passwords at different sites. I wrote on TUAW about how I used 1Password to catalogue my insecure passwords and then systematically changed them to much more secure versions.
-
If you use Google Apps, you can find the “catch-all” setting at https://www.google.com/a/cpanel/{yourdomainhere}/EmailSettings. ↩
