rss.png profile for ebal on Stack Exchange, a network of free, community-driven Q&A sites
May
02
2016
Use a different email address for every online account

Reading through “Smart Girl’s Guide to Privacy - Practical Tips for Staying Safe Online by Violet Blue” (totally recommend it), there is a great tip in the first few pages:

- Use different email addresses for different online accounts.

… but is it possible ?

Different Passwords

We already know that we need to use a different password for every site. So we use lastpass or password managers for keeping our different passwords safe. We are nowadays used to create/generate complex passwords for every site, but is it absolutely necessary to also have a different email address for every single one ?

Different Email Addresses

Let me be as clear as I can: There is no obvious answer.

If you value your online privacy and your security threat model is set really high, then Yes you also need a different email address.

But it depends entirely on you and how you use your online identity. Perhaps in social media sites (like facebook or twitter) you dont need to give your personal email address, but perhaps on linkedin you want to use your well-known email-identity. So again, it depends on your security thread model.

Another crucial tip: DO NOT cross-connect your online personas from different social medias.

Disposable Email Server

In this blog post, I will try to describe the simple steps you need to take, to create your own personal disposable email server. In simple words, that means that you can dynamically create and use a unique/specific-site-only email address that you can use for sign-up or register to a new site. Using a different email address & a different passwords for every site online, you are making it really difficult for someone to hack you.

Even if someone can get access to this specific website or -somehow- can retrieve your online account (sites are been hacked every day), you are sure that none of your other online accounts/identities can not be accessed too.

DOMAIN

To do that you will need a disposable domain. It does not have to be something clever or even useful. It needs to be something easy to write & remember. In my opinion, just get a cheap domain. If your registar support WHOIS Privacy, then even better. If dont, then try to find a registar that supports WHOIS Privacy but it isnt a blocking issue.

For this blog post I will use: example.org

Catch-All

In theory, we will create a “catch-all” domain/mail server, that will catch and forward all these emails to our current/primary email address.

DNS

So nice, you have a disposable domain. What next ?

You need to setup a new domain dns zone for your disposable domain.
And then add a MX record, like the notes below:



example.org.    86400   IN  MX  0 mail.example.org.
mail.example.org.   86400   IN  A   1.2.3.4

replace 1.2.3.4 with the server’s IP !!

Mail Server

Just install postfix !

My “notable” settings are these below:



# postconf -n

inet_interfaces = all
inet_protocols = all

message_size_limit = 35651584

smtp_address_preference = ipv6

smtpd_banner = The sky above the port was the color of television, tuned to a dead channel

virtual_alias_domains = example.org
virtual_alias_maps = hash:/etc/postfix/virtual

In my /etc/postfix/virtual I have these lines:


@example.org    my_email_address@example.net

(dont forget to postmap and reload)


# postmap /etc/postfix/virtual 

# postfix reload

…. and …. that is it, actually !!!

a. Be aware the my disposable email server is dual stack.

b. If you need to create an emailing list, try something like this:


list@example.org           my_email_address@example.net, my_other_email_address@gmail.com

dont forget to:


# postmap /etc/postfix/virtual

and reload postfix:


# postfix reload

How to use it

From now on, whenever you need to type an email address somewhere, just type a new (random or not) email address with this new disposable domain.

The catch-all setting will FWD any email to your primary email address.

I like to use the below specific pattern: When you need to sign-up to a new site, use the sites url as your new email address.


eg. twitter.com

twittercom@example.org

It’s now obvious that next time you get SPAM, you will know which one to blame (I am not suggesting that twitter is sending spam, it is just an example!).

You can also change your email address from all the sites that you have already subscribe (github, mailing lists, etc etc).

Hope this post has been helpful and easy enough for everyone.