Monday, April 23, 2012

Unique Email Channels

If you are anything like me, you probably have more than one email account. One account is only for trusted friends and colleagues. The other is for everyone else. I am always paranoid that I will get spammed from some service, like Facebook. Other times I want to get the newsletters or notifications from some site, but I may lose interest in them over time and want to quickly stop the emails.

The Problem

Every service I give my email address to needs to be handled differently. Gmail is really good about creating rules for handling emails. However, I don't know what email addresses I can possibly receive from. I also cannot feasibly create a rule for every email address a service has. For example, one web service alone may have a customer service email, a bug report email, a no reply email, and many others. This just won't work.

Another option is to create a new email account for every web service I use. I could have one email account each for Twitter, Stack Overflow, GitHub, etc. Creating an entirely separate email account is overkill though.

The Solution

Fortunately, there is a way. Many email providers allow for arbitrary tags to be added to an email address. For example, with Gmail, I can create an email account with the address my.email@gmail.com. Then, I can use my.email+twitter@gmail.com, my.email+stackoverflow@gmail.com, and my.email+github@gmail.com. All these email addresses will go to the same account. Most email providers have similar systems.

How it Works

You can think of the tags on an email address like a subdomain of a URL. The base email guarantees uniqueness and the tag allows for routing. These email addresses are known as disposable email addresses. I like to call them unique email channels. By giving every service a different email address, I can control the communication channel. If that email address is ever compromised by a spammer or I get tired of the emails, I just need to sever the channel.

Since all the unique email channels are delivered to the same email account, they are not immediately useful. We need to bring in the rule system. Gmail allows for rules to be based on the To: field. For example, I can have a rule that says, when I get an email sent to my.email+twitter@gmail.com, mark it as read, label it as Twitter, and archive it. I can have all sorts of complex rules that are specific to my needs for each service. I can even have Gmail forward an email to another email account.

Personally, I have one email account that just handles mail sorting. It takes in email from all my services, marks them as read, labels them appropriately, and archives them. If I get an email from a service I am interested in, I forward it on to my real email account. This allows me to build up an archive of newsletters and notifications, but I never see them if I don't want to. When I get tired of seeing a notification, I don't cancel it. Instead, I just change the rule. The rule system keeps the interface to all my notifications consistent. This way I don't need to dig through some website trying to figure out how to cancel my subscription.

Potential Problems

What if some spammer gets smart and decides to remove the tag? This problem is easy to solve. Just create a rule that deletes all emails sent directly to my.email@gmail.com.

What if some spammer gets smart and tries to guess which tags I use? This is much harder to protect against, especially since +twitter or +github would be easy to guess. Using unique email channels has been around for years and is still not in widespread use. I don't foresee this becoming largely popular to the general user anytime soon. So, there is little chance that someone will attempt this.

If that is not comforting enough, you can use tags that are not easily guessable. For example, you could use +apple20934 or +i.love.steve.jobs for your unique Apple email channel. This is admittedly security through obscurity, but it makes guessing channels even less likely. It's a similar security problem as passwords. Again, it is highly unlikely that spammers will be guessing email channels anytime soon.

If you know what exactly email address(es) you will receive from, you can have rules that only filter if both the To: and From: fields match your expectations. This almost guarantees safety from spammers, but may not be feasible for all situations. This approach could be foiled by worms or email spoofing, but again it would be hard to guess your rules. The key to security is to make spamming you more effort than it's worth. Spammers have plenty of low hanging fruit to spend their time on.

Advantages
  1. Better spam protection than Gmail or any one service alone can provide.
  2. Specific email handling rules for each service.
  3. Don't need to tell your friends that you made a new email address if your email address is compromised by spammers.
  4. Don't need to hunt down the subscription options to cancel email subscriptions.
Disadvantages
  1. If you want to change the types of email notifications you receive from a service, you still need to go to the website.
  2. It takes a little bit of time to set up a rule when creating a channel for a new service.
  3. It takes a lot of time to change all your existing services to use your new, unique email channel.
Conclusion

Though it does take some time up front to set up, unique email channels are worth it for anyone who is paranoid about spammers or wants to automate how their email is handled. I expect to see similar patterns emerge in other communication systems as the event-driven web and personal cloud networks continue to develop.