The myaddress+shop@gmail.com should be trivial to defeat by a spammer. Its a very simple string remove/replace to get back to a stock email address, or change it to impersonate another service, eg. myaddress+netflix@gmail.com.
It’s only useful for the actual service, after that, you can’t rely on it.
Ah, it’s more about the receiver than the sender. If they cut it off, their letter gets deleted or moves to spam directory. Provided someone configures that.
With centralized mail services of today 1990s’ techniques don’t work so well, but that’s a problem of adoption, not allowing mail without a correct token is still pretty modern.
The use of a “+” convention is just a convention popularized by Gmail and the other major providers. If you have your own domain, you should be able to do this with any arbitrary text schema, and encode some information in the address itself, especially if you don’t care about sending email from those aliases: set up your email service to have a catchall inbox that can further be filtered/forwarded based on other rules.
It can be cumbersome but I could see it working at getting the information you’re looking for.
Yeah, I love my catch-all email domain. If I start getting spam addressed to “Target@{my domain}” then I know Target sold my data; I can burn the account by auto-spamming everything addressed to it, and move on.
The
myaddress+shop@gmail.comshould be trivial to defeat by a spammer. Its a very simple string remove/replace to get back to a stock email address, or change it to impersonate another service, eg.myaddress+netflix@gmail.com.It’s only useful for the actual service, after that, you can’t rely on it.
Correct. Everyone knows this trick so everyone filters out the everything from the + to the @.
Even when email lists are “legitimately” sold it’s removed.
This guy’s using 1990s techniques in 2025.
“We can prosecute using IP address!”
Ah, it’s more about the receiver than the sender. If they cut it off, their letter gets deleted or moves to spam directory. Provided someone configures that.
With centralized mail services of today 1990s’ techniques don’t work so well, but that’s a problem of adoption, not allowing mail without a correct token is still pretty modern.
The use of a “+” convention is just a convention popularized by Gmail and the other major providers. If you have your own domain, you should be able to do this with any arbitrary text schema, and encode some information in the address itself, especially if you don’t care about sending email from those aliases: set up your email service to have a catchall inbox that can further be filtered/forwarded based on other rules.
It can be cumbersome but I could see it working at getting the information you’re looking for.
Yeah, I love my catch-all email domain. If I start getting spam addressed to “Target@{my domain}” then I know Target sold my data; I can burn the account by auto-spamming everything addressed to it, and move on.
Also most adversaries are using VPN’s
Some email services like iCloud offer scrambled permanent emails to use on different services though, that’s pretty cool.