31 comments

[ 4.2 ms ] story [ 93.9 ms ] thread
The script is dead simple – you could have written it yourself – and that’s the beauty of composable systems (like OpenBSD and other Unices).
I do something very similar to avoid giving my email to companies

I receive wildcard@wildcard.domain in a single mailbox and when I register in a service I use something like

facebook@social.domain, stripe@service.domain

This makes it trivial to see who is leaking my email addresses and also allows me to tag the emails

I have the same pattern but added a 6 character hexadecimal postfix based on a hash.

facebook-com-a2bdc0@domain.com

This makes it less trivial to guess the other domains. (although you could bruteforce the entire range)

I wish I could do something as sophisticated as this with GSuite.

I did manage to get something similar in spirit but waaay simpler using GSuite filtering+routing and regexes.

But you can, sort of. If your GSuite mail is user@domain.com, you could use user+facebook@domain.com. Then you can create what ever filtering you want to GSuite.

The problem I have, is to remember what I used for each service :/ . So I really liked the idea of `whichmail`.

A lot of services won't accept an email with a plus sign as a valid email address. Part of the issue is how many companies want an email address to sign up for something. It is much easier to track your accounts using a password management application, as opposed to giving everyone your email address and phone number.
I have even seen emails rejected when using a simple dash, or because it was not hosted by a well-known mail service provider, and even because "your email should be of the form <name>.<surname>@<website>" (yes, with a dot, ironically).

At that point I gave up, and I use a single Gmail account for all the services that I don't use very frequently (also because it's not always easy to send mail from self-hosted mailservers, some destinations simply refuse any mail that is not from Gmail/Yahoo/Hotmail).

As the other comments mention, I avoid the + sign on a e-mail - way too many systems (from form validators to other systems) freak out with dashes, dots and plus signs in e-mails.

The format I have settled is somewhat like prefixFixedSizeSuffix@domain, both prefix and suffix being plain alphanumeric characters. Yes, the suffix is rather dumb (it could be a smarter like a hash when I used procmail) but still better than a catchall with no filtering.

I could have opted to a whitelist. Not sure how automatable GSuite services are (I guess a bit) but this simple regex allows me to just come up with email address on demand with with minimal fuzz.

This seems like it might be frustrating to manage. Instead of one or two memorable addresses, you now have two hundred hard-to-memorize ones.

It also might get awkward at the cash register :)

How often do you give your email at a cash register?
It's sometimes a bit of a hassle, but I have to python script that generates and configures it for me. And in some cases I fallback to <bricks-and-mortar-shop>@domain.com Because that's much easier to spell out to a cashier.

After it's configured, my password manager stores the email too so that's not a problem

Can you reply from the aliases? If you're using a service provider, can you share which one you use?
I use Fastmail and, yes, you can reply from the aliases, including anything-you-want catch-alls. Unlike the grandparent, I use a subdomain because setting star@example.com as a catch-all seems to invite staggering amount of spam.

I set star@hi.example.com as a catch-all and then have a rule that, unless otherwise categorized elsewhere, anything sent to star@hi.example.com is automatically filed into a "Catch-All" folder.

With Fastmail, I can set a reply address that matches any of my aliases and * (star) works as expected, it matches anything, so I can just create a sending identity in Thunderbird as, say, mybank@hi.example.com without having to go into Fastmail's control panel and do anything else.

I do this on my home email server via Thunderbird. There is a plugin here: https://www.absorb.it/virtual-id that lets you put in an arbitrary from address (as long as your server will accept it.)
There is no plugin required, you can do that now in Thunderbird without any modifications.
newmail has a sister command, whichmail, which looks up which email was generated for a specific domain.

For instance:

$ newmail facebook.com

qesruftug@example.com

Then later:

$ whichmail facebook.com

qesruftug@example.com

I want this functionality but I balk at the idea of running my own email infrastructure.

I'm fine with writing code to call APIs from email providers to manage email addresses though.

> writing code to call APIs from email providers

Doesn't strike me as much easier than running a local email daemon to receive email, TBH.

I ran my email infrastructure before but deemed it too much hassle. I would rather offline the burden to a service provider.

When I say "writing code", it would be more or less like the newmail script here. Much simpler than running a full fledge email infrstructure. :-)

If you are alright with running a single piece app that provides webmail, SMTP, POP, and REST, you might be interested in my project: http://www.inbucket.org/

It's really targeted for intranet use though, I wouldn't recommend exposing anything other than the SMTP port to the internet.

Running a mail server which receives mail is easy. Getting your e-mails delivered can be more difficult. But so far (I have been running a personal e-mail server since 2007), I have gotten most of my e-mails delivered.
It's no longer your job to deliver emails. Just use a delivery service like SendGrid, SES, etc.
It can be if you want to. But yeah, businesses probably want to pay someone for it. And many ISPs will do it for their customers as well.
It's pretty much out of your control. If the server you rented has a tainted IP reputation, you're done for. Instead of cycling through to get the good IP, which isn't too easy to tell, you should just use a proxy service.

If you're on a small scale, those 2 services I mentioned aren't going to cost you much (free and maybe about 5 cents a month.)

I even proxy my hobby personal domain server because I don't want my personal mails get buried in people's junk folder.

It is written in plan9 shell, what an interesting choice for a small script!

> The scripts are written in rc (the shell of Plan9port). You can easily port them to any other shell your self. The newmail script itself is roughly ten lines.

The shell from Plan9, rc, is simply the one I am most comfortable writing in. It has very straight-forward syntax. And while the language is very powerful, it is small enough that I can remember most of the quirks. But I do not think it is objectively better than other scripting languages.

It is the same with mk (the Plan9 redesigned make). They took a few lessons from problems they had discovered in make and improved them. And made it simpler in the process.

So it's not been posted (yet), but isn't it clear that this is yet another great concept for personal anonymity and online social interaction that can be majorly used for negative advantage?
I have a cron job that adds an email of the form `month-day@domain` to the list of aliases.

The address is automatically updated every day.

So whenever I need to an email to register on some app or website, this is the one I give. It will be gone the next day.

You could make it a 'catch all if not defined' domain and just use the service name as the user part and you'll know who sells your address and easy to redirect to /dev/null selectively.
I'd love to see something like this tied to a password manager to make more of an "identity manager". Visit a site, click "generate identity", receive a unique email address, username and password.