Re: The Monstrosity Email Has Become

This is the response to a gemlog entry by Ploum

Reference post

Ploum goes into great detail to explain what a mess today's email has become (and also a little how it has ended up this way). I am not sure whether I even have an opinion on how its downfall went and how it can be redeemed.

Is this offmini a new protocol proposal? If so I am interested!!

Email has become this replacement for letters. And citizens of other countries may not know this, but in Germany you still deal with snail mail. When I set up my phone app for the health insurance, I get sent to their website where I enter my insurance id and make a request that I want to use the phone app. Internally they make a change or whatever, so I receive snail mail with a code that I need to actually update my account. After that the phone app requires me to add two-factor. Just that in this case you don't add google authenticator or another form of otp, you receive another snail mail (this repeats whenever you delete the app, reset the phone or buy a new phone). Essentially email is deemed so insecure that certain personal data (gdpr regulates this) needs to verified through means that can't get easily accessed by other country's government agencies.

That small anecdote aside, most other services do use email. For years this has lead to owning multiple mail addresses. There's the spam address which you'll use to sign up on dubious sites or places you expect your data to be stolen or sold. The address that is now a spam address, but formerly was your primary address. And the primary address that you use to receive mail from companies, shops and friends. The primary address is required to be readable, easily spelled on the phone, should have a professional ring to it and ideally be related to your name.

And now the inevitable happens, someone sells your data. The spam folder receives 10 mails a day. Few months later it's 100, and after a year it's way over 1000. Your email has been compromised. Time to move on. Open your password manager and log into hundreds of websites to replace the old, compromised address with your brandnew.

After 2-5 years you'll repeat this or live with an ever growing spam folder.

It's not that I never looked for a solution, I just didn't find any. Most email providers combat this via spam detection and maintaining lists of rejected domains or addresses. A battle you'll lose.

Ok, so why does this happen? Mostly because data is money and/or power. What can you do about it? Nothing ultimately, you don't even know WHO sold/lost your data.

Unless you knew...

Enter anonaddy. Some very bright mind built a service that'll allow you to generate easy aliases. They look like this: <alias>@<username>.anonaddy.com and if you pay for the service you can easily add your own domain <alias>@mail.mydomain.com for instance.

When I sign up somewhere I generate an alias. Sometimes it's a randomized string, sometimes it's the name of the service (think linkedin@<username>.anonaddy.com). I have hundreds now. Every registration receives its own. When I receive unwanted mail, I can contact the company, but when they don't stop, I can always deactivate the alias. However when someone sells or loses my address I damn sure know who that was. I can generate a new alias, update my mail address at the service, disable the compromised one and start legal action against them (thank gdpr for this). When you do this right, you completely avoid the spam problem. That's been my salvation.