[Nepherim]

It's valid to use a plus sign as a separator within an email address, for use in filtering, and as a mechanism of implementing 'throw-away' addresses.

So I create an email joe@example.com
I want to sign up with companyX, but want I'm not sure they are fully trust worthy. I can give an email address of joe+companyX@example.com

But, it looks like ASO doesn't allow this form of addressing. Anyone know why?

[jednorozec]

I would guess that it's because cPanel is using + as part of the account name as in user+mydomain.com. My policy for untrusted companyx is to give them companyx@mydomain.com as an email address and then forward that to a real email account. I just delete the forwarder if I start getting spam.

[NyteOwl]

I use the same system for filtering (ie company@). Another option which should work on virtually all mail servers for inserting tags is to use a (.) period as a join character (eg name.company@domain.tld).

[Nepherim]

I also use company@ forward addresses, rather than actual addresses, but this is a pain since you have to create each forward. The 'plus' method basically creates a single catch account.

@NyteOwl: The period isn't quite the same as the plus, so each address would need to be created separately. It does have the benefit of a constant suffix/prefix which would make rule handling easier.

Anoyone @ASO able to comment on why plus addressing is disabled?

[-ASO- Frank]

Its not disabled, its simply not available. Once our software providers will allow/support this, we would be happy to enable it.

http://bugzilla.cpan...bug.cgi?id=5292

[Nepherim]

@Frank: Thanks for the info. That issue has been open since 2007 -- ouch. Looks like that's not happening any time soon then. Shame, as it's a really useful capability.

[IBBoard]

Useful, as long as the validation routine for the site doesn't reject it Also, surely it makes it easier to guess your real email that way and not look like you were responsible - just remove the + and everything between it and the @

What I'm planning to investigate at some point (for my VPS setup) is to have a catch-all but fail for known spammed addresses (like above@ibboard.co.uk, which I've never used but which gets spammed). I need to see how to fail specific email addresses, and make sure that there aren't too many made-up addresses attempted, but it'd make the whole "need to create an address" thing easier

[-ASO- Frank]

IBBoard, on 23 February 2010 - 02:01 PM, said:

What I'm planning to investigate at some point (for my VPS setup) is to have a catch-all but fail for known spammed addresses (like above@ibboard.co.uk, which I've never used but which gets spammed). I need to see how to fail specific email addresses, and make sure that there aren't too many made-up addresses attempted, but it'd make the whole "need to create an address" thing easier

I believe you can setup the known spam address to forward to ":fail" Not 100% sure on that, but something to test out.

[Nepherim]

IBBoard, on 23 February 2010 - 03:01 PM, said:

Useful, as long as the validation routine for the site doesn't reject it

That is a downside to this way of addressing, and means a return to the manual way.

IBBoard, on 23 February 2010 - 03:01 PM, said:

Also, surely it makes it easier to guess your real email that way and not look like you were responsible - just remove the + and everything between it and the @

True, the recipient could remove everything after the '+', but personally I'd just create a rule to mark everything to the direct address (with no '+') as spam.

IBBoard, on 23 February 2010 - 03:01 PM, said:

What I'm planning to investigate at some point (for my VPS setup) is to have a catch-all but fail for known spammed addresses (like above@ibboard.co.uk, which I've never used but which gets spammed). I need to see how to fail specific email addresses, and make sure that there aren't too many made-up addresses attempted, but it'd make the whole "need to create an address" thing easier

Not sure I follow how that would work. How would that help separate email from various companies?

[IBBoard]

Quote

True, the recipient could remove everything after the '+', but personally I'd just create a rule to mark everything to the direct address (with no '+') as spam.

I guess that'd work if you have "my-address-I-give-out+company@example.com". I was thinking of "my-address+company@example.com", which you wouldn't just be able to blacklist "my-address@example.com".

Quote

Not sure I follow how that would work. How would that help separate email from various companies?

Basically, it'd be like the "+" (flexible without config/setup) combined with the "new address per company" (just uses a standard address per company). As long as I don't get dictionary attacked (which, AFAIK, I don't for all but a couple of known addresses) then I could just blacklist and reject known bad addresses.

Frank: That'd probably work for cPanel, but I'd be setting it up straight within Dovecot, as I'm on a Developer VPS

[-ASO- Frank]

IBBoard, on 25 February 2010 - 01:14 PM, said:

Frank: That'd probably work for cPanel, but I'd be setting it up straight within Dovecot, as I'm on a Developer VPS

Dovecot is just your POP3/IMAP server. What are you using for SMTP?

In exim, you might do something like this in /etc/aliases:

known-spammed-address: :fail: Don't spam me.

Of course this assumes a particular configuration. Specifically using system aliases. If you're using UNIX user aliases, you might put something similar in ~/.forward.

There are similar ways to accomplish this with other SMTP servers.

[IBBoard]

I knew I'd get the wrong one I've got a Dovecot/Postfix combo, which seems to work well. There's probably some very simple way to do it, I've just not looked at it yet