Dynamic email :: practical use

The concept of "dynamic email" is presented in the article of the same name. I decided to share my experience using this method of protection against spam.

How did the idea of ​​"dynamic email"

I do not use spam filters. It was enough for me to find a couple of important messages in the basket in order to refuse this technology. Personally, my logic is simple: there is no trust filters, rummaging through the basket is humiliating, there is a lot of important correspondence, and it’s better to look at one folder instead of two.

There were reflections, observations, experiments. They were built on the fact that the domain was acquired, a mailbox was created and several dozens of mail addresses forwarders attached to it. For each new registration on the network, a personal forwarder was always used, and the mailbox address was kept secret from everyone. In order not to get confused, each forwarder received the name of the resource where it was necessary to register, for example, someone_site@mysite.ru . Knowing whose fault the spam went is a great bonus from this approach. For the sake of completeness, a pair of forwarders has been periodically illuminated on the Internet.

It’s hard to convey how much spam I got to get at this stage!

I summarize the results:

• without naming names, I will say that some even the most respected resources and services "share" the data of their clients, perhaps these are the results of hacks or insider activities, I don’t know, one of these resources, for example, 3 times in 5 years, gave my data to spammers;
• publishing email on websites is the surest way to attract spam;
• registration on sites is a great way to attract spam;
• By subscribing to the newsletter, you can not get a chance to unsubscribe from it, it is possible to display ads, upload viruses, but not to refuse to send them;
• the flow of spam is growing gradually, a large flow (20-50 messages per day) should be expected 10-30 days after the first spam message;
• Spam will never cease if the address is “reliably” compromised, for example, is presented on the network in open access (many companies use this method of feedback on their sites);
• if you remove the forwarder, attempts to send spam to this address will stop after 2-7 days, spam will return only after the next address compromise.

The scheme of work with registrations in the Internet turned out to be the simplest: spam went - deleted the forwarder, it took to recover the password on the site - the forwarder was restored. The main task remained the preservation of the secret mailbox addresses. At first glance, this is an impossible task, because you need to correspond with other counterparties. First, I decided to create 4 additional mailboxes with similar names. Counterparty divided into 4 groups and each of them tied to his box. Were also ordered new business cards with an address for an elite group of printed so that I had the opportunity to add a pen address of another group. For an elite group on a business card, you don’t need to add anything, just gave it away and that's it. An example of group names from elite to temporary: yuri, yuri1, yuri2, yuri3.

The new contact system worked fine until I was tired of removing the boxes and re-creating them after some time. Mail addresses were compromised from time to time, I believe that viruses on computers of contractors were the cause.

Other problems also remained:

• with the removal of the mailbox, contact with the group of counterparties was lost at the time of its removal (2-7 days);
• I would like to work with one mailbox instead of five;
• I would like to get rid of the division of contractors into groups.

The standard methods did not solve the problem; I had to pile something out of improvised means, which I called “dynamic email”.

How the system works

On a special mail resource I create a mailbox, for example, myname@site.ru . This is my primary email address. As the mailbox is being used, the mail server forms my personal white list as follows: [the address of the counterparty is my address], on the principle: "I received the message - I remembered it, I sent the message - I remembered it".

After some time, the white list takes the form:

[name1@site1.ru - myname]

[info1@bank1.ru - myname]

[name2@site2.ru - myname]

[name3@site3.ru - myname]

When the first attack starts at the primary address, I create a dynamic address on the mail resource, for example, 1.myname@site.ru . In essence, a regular forwarder is created directly from my email client. All messages received at this address are sent to the main box myname@site.ru , i.e. I now have two addresses attached to the same mailbox. Next, close the main address at the reception. From this point on, all messages sent to it from non-whitelist senders will be rejected by the mail server, and such senders will receive messages about an attempt to send to a non-existent address.

The result - the attack on the main address is stopped, my old friends stay in touch, and an additional email has been created for new friends.

As correspondence proceeds, the mail server manipulates my addresses as senders:

• I am writing to someone who is not in the white list - the main address is put and a new line is added to the list, for example, [name4@site4.ru - myname];
• I am writing to the person in the white list - using the address from the list;
• I respond to the message - the address from the message is used.

When a message is received at a dynamic address, a new line is also added to the white list by the mail server, for example, [name5@site5.ru - 1.myname] . From this point on, this pair of addresses will be used for correspondence with name5. By the way, not only she, for example, name5 asks to remind my email by phone or SMS. Feel free to inform your primary address, if it is open for reception, if closed - the current dynamic address. The message received from name5 will lead to the appearance in the white list of a new line [name5@site5.ru - 2.myname] , and name5 will be able to send me messages to any of 2 addresses.

When an attack begins on my current dynamic address, I change it, for example, from 2.myname@site.ru to abc.myname@site.ru , and stop the attack! From this point on, all messages sent to the old address 2.myname@site.ru from non-whitelist senders will be rejected by my mail server, and such senders will receive a message about an attempt to send to a non-existent address.

It turns out that a spammer can send me a message only when he knows:

• current dynamic address that is easy to change,
• the main address, which is easy to close at the reception,
• combination of sender-receiver from the white list.

Suppose a virus has managed to steal such a combination from a computer of one of my contractors. In the event of such an attack, it is enough for me to click on the "this is spam" button in the mail client, and the corresponding entry will disappear from the white list, and the attack will be stopped. Similarly, I can unsubscribe, or rather close, from any newsletter safely and securely. I can clearly see who is responsible for spam, it can be my trusted friend; because no one is immune from viruses. I also delete his record from the white list and inform him about it. After the treatment of his computer, we will work using the new entry in the white list.

Dynamic email should not be confused with temporary email. There are many such services on the network and they are called differently, for example, email for 10 minutes, anonymous mail, etc. The name comes from the terms temporary email and disposable email . They are used most often for registering online to keep your email address safe from spammers.

Example: a user is interested in a site that promises something, but requires registration. It is easy to understand the user's concerns about being deceived by his expectations, and he uses a temporary email service to register. Not all resources allow such registration, but suppose that everything went well, and the user was able to go to the desired site.

Next - two scenarios:

• the site did not like, low bow to the temporary email,
• I liked the site, but to fully work with it, most likely, you will need to register through a full-fledged email.

Fish are not caught on a bare hook, so the site you like may compromise the user's email sooner or later.

Registering with a dynamic address gives me unique advantages:

• the message "welcome" is in your inbox,
• password recovery is the usual procedure
• unsubscribe from the newsletter - fast and secure (I do not click on the links),
• I know the originator of spam (I check the sender-receiver combination),
• in one click I get rid of spam.

The created system has proven itself well.

Now I have one mailbox where I log in using my primary address. Depending on the situation, I can open and close it at the reception; the attack started - I close, in 2-3 days I open, observe, make a decision. The stage and duration of this process have no effect on the correspondence with my counterparties from the white list. The dynamic address allowed me to get rid of groups and made it possible to safely register on any, even the most dubious sites. Business cards do not have to redo, and free space for adding a dynamic address can still be useful.

Before holidays and vacations, I close the main address at the reception and change the dynamic address, and when I return, I find only the necessary messages in the "incoming". During my holiday, the spammers, without knowing it, work for me, excluding the previously "spotted" my addresses from their databases. This secret allows me not to load my head with unnecessary information and change “in a circle” just a couple of dynamic addresses. While one address is working, the other is removed from spam databases as irrelevant.

Personalized phishing?

The created system perfectly protects me even from such a very, very big trouble, like personalized phishing.

Imagine a newsletter on an individual fake subscription. There is enough original content in the network, we take a piece of text from any site, addressing by name, send this abracadabra to a certain number of users to different mail domains.

For a victim of an attack, it might look something like this:

If such an attack takes place on weekdays during business hours, when there is not enough time for anything, the effect can be very strong. It is logical to assume that after the "unsubscribe" the attack stops; the user gets peace of mind, the cybercriminal is his own. Calm and inaction of the user will help to strengthen the attack, it may happen that fictitious invoices and letters from questionable girlfriends seem childish prank.

Go ahead. I had to answer a very important question:

How to send your email to a potential partner?

The development of the system continued, and it turned out the classic version with a few nuances:

• phone, SMS, sheet of paper, an inscription on asphalt, etc. - you need to remember whether the primary email is open, if closed - to remember the current dynamic address;
• business card, advertising booklet - I am typing my primary email here, but just in case I leave space for a dynamic prefix;
• mass media (media) - publish the current dynamic address, new publication - new address, which is especially important if there are dishonest competitors;
• registration on sites - only the current dynamic address;
• temporary publication on the Internet - I give the current dynamic address to open access (forum, for example), in 1-2 weeks it will have to be changed, it will definitely be spammed;
• Permanent and temporary publication on the Internet and in the media is the most pleasant way for me, I’ll dwell on this.

The system added a feedback form:

The form is tied to my current dynamic address. Now I can use the address of the form both for organizing feedback on the site, and as contacts on forums and even on business cards. A little subtlety: the user using the feedback form for contacts with me gets on the white list only after my reply to the incoming message.

Note: the article repeats the phrase a couple of times: "and the sender will receive a message about an attempt to send to a non-existent address."

The phrase is better perceived as:

• The auto-response of the mail server is indeed accompanied by the standard error number No. 550 of the mail protocol, which means “there is no such recipient”, but this information is intended for spam bots;
• the real sender in the server's auto reply instead of the phrase “there is no such recipient” sees a link to my feedback form and the reason for the refusal to receive the message.

In fact, this function has not yet been implemented (as well as the black list, by the way), the “hands have not reached”, and the topic is tricky, it’s easy to be on the spammers list yourself. The main thing - completed the task set to himself; got rid of both spam and filters.

Conclusion

Sometimes I ask myself the question: can I try to return to the division of contractors into groups? Let there be, for example, not one current dynamic address, but two: registration and correspondence . This is definitely something, for example, you can refuse to refine the server's auto-responses; because the main threat comes from registrations and publications email. While stopping myself; everything works fine.

Thank you for attention.