A few years ago, I decided to set up my own domain. I was (and am) a happy Gmail user, but I didn’t want my email to necessarily have to go through Google, and I’d realized that sending my personal email to my ibm.com address wasn’t viable in the long run. So I picked a nice short domain and started using it for everything.
I was worried about spam – not the random spam that we all have to put up with, but spam created by companies sharing email addresses. So I took advantage of having my own domain and started giving out unique email addresses every time I created a new account. Everything funneled into one mailbox anyway, but I had control.
Over time, I realized that there really wasn’t a lot of leakage due to email sharing. In fact, I found that I got more spam sent to “random_address@my_domain” than from any other source. So I stopped making up new addresses but I didn’t do anything about the hundred-or-so addresses I’d created.
In the last year, I’ve gotten quite a bit of misdirected legitimate mail – some of which I really didn’t want to have anywhere near my computer (other people’s financial data). But I couldn’t easily block it, because I had to leave my catchall forwarding in effect to handle all of the accounts I’d created years ago.
Today, I decided to fix the problem once and for all. First, I had to find out what addresses were getting mail. I fired up Mail.app and downloaded all of my current mail; then I crawled through the mail folders, pulled out the “Delivered-To” lines, and built the list of addresses in use (not all of which were ones I wanted to maintain).
After that, it was a straightforward, if slow, process:
- Look at the next address in the list
- Search for the mail referring to that address (on Gmail, search for “address in:anywhere”)
- Figure out what company or companies was using that address
- Log onto their website and change the address (or unsubscribe, if it was someone I no longer cared about)
- While I was there, I usually changed the username to something I could remember and made the password stronger (1Password is my friend!)
- Lather, rinse, repeat
It took all day (with frequent Facebook, Google+, and newsreader breaks, of course).
And I’m not finished – I still have quite a few weak passwords to strengthen. But not tonight.
Memo to self: sometimes, simple is just fine.
I used to do this too, and similarly found it not worth the trouble. Google does a great job of aggregating my 4-5 addresses into Gmail, and don’t forget you can use yourgmailid+whateveryouwant@gmail.com. Gmail ignores the +… and just delivers it to you.
Gmail also ignores periods in the user ID, so you can be your.gmail.id@gmail.com or even y.o.u.r.g.m.a.i.l.i.d@gmail.com if you’re so inclined.
I’ve been strengthening passwords myself, of late, and I’ve found that while the following comic is, in fact, correct – many sites also require the use of numbers or symbols. http://xkcd.com/936/
Yes, I loved that comic! I use 1Password for my password management, and I usually let it generate a truly random, long, complicated password for me — and I never look at it. There are a few sites I really want to be able to log into ‘by hand’, and for those, I’m moving to the xkcd model, adapted to the site’s requirements.
It’s a slow process.