A few years ago, I decided to set up my own domain. I was (and am) a happy Gmail user, but I didn’t want my email to necessarily have to go through Google, and I’d realized that sending my personal email to my ibm.com address wasn’t viable in the long run. So I picked a nice short domain and started using it for everything.
I was worried about spam – not the random spam that we all have to put up with, but spam created by companies sharing email addresses. So I took advantage of having my own domain and started giving out unique email addresses every time I created a new account. Everything funneled into one mailbox anyway, but I had control.
Over time, I realized that there really wasn’t a lot of leakage due to email sharing. In fact, I found that I got more spam sent to “random_address@my_domain” than from any other source. So I stopped making up new addresses but I didn’t do anything about the hundred-or-so addresses I’d created.
In the last year, I’ve gotten quite a bit of misdirected legitimate mail – some of which I really didn’t want to have anywhere near my computer (other people’s financial data). But I couldn’t easily block it, because I had to leave my catchall forwarding in effect to handle all of the accounts I’d created years ago.
Today, I decided to fix the problem once and for all. First, I had to find out what addresses were getting mail. I fired up Mail.app and downloaded all of my current mail; then I crawled through the mail folders, pulled out the “Delivered-To” lines, and built the list of addresses in use (not all of which were ones I wanted to maintain).
After that, it was a straightforward, if slow, process:
- Look at the next address in the list
- Search for the mail referring to that address (on Gmail, search for “address in:anywhere”)
- Figure out what company or companies was using that address
- Log onto their website and change the address (or unsubscribe, if it was someone I no longer cared about)
- While I was there, I usually changed the username to something I could remember and made the password stronger (1Password is my friend!)
- Lather, rinse, repeat
It took all day (with frequent Facebook, Google+, and newsreader breaks, of course).
And I’m not finished – I still have quite a few weak passwords to strengthen. But not tonight.
Memo to self: sometimes, simple is just fine.