Home Page

Update Notes


Post Database

Avoid Real Email Addresses
By Thiravudh Khoman

Several months ago, I made a suggestion that people who write to Post Database's Helpdesk should include their email addresses in order to facilitate replies from fellow readers. I'd like to qualify that suggestion a bit.

Every time I've written for/to Post Database, I've included my email address ([email protected]) so that people could email me if they wished to chat. In actual fact, this isn't my REAL email address but simply an ALIAS that forwards the email to my REAL address. For some reason, in the past two months, I've received spam sent to this address in greater numbers than usual. The odd thing is that I've NEVER used this email address anywhere else except at the end of my articles/letters. What this seems to imply is that someone MIGHT be picking up email addresses from Post Database and popping them into a spam database. Or someone, somewhere is giving it away.

Because [email protected] is an alias, it's easy to change (it's now [email protected]), without changing where the email is ultimately forwarded. Normally, this would require notifying a lot of my friends as to my new email address - except that for personal communications, I use another email address (also an alias). Clearly, I don't use my real email address, but this was not done for "security" reasons but simply so that I could use multiple addresses that point to a single mailbox and so that I could change underlying ISP's without changing my "neutral" email address. The lesson here is that one should think twice about giving out one's real email address because it's so difficult to change if something's goes wrong (e.g. you get more messages from spammers than from friends).

My intention in writing this piece is to WARN people against giving out their real email addresses to strangers or in public places - or even to use it at all. Like what I've done, you should create aliases and distribute these instead. It's safer. How do you do this? Well, I believe there are several places in Thailand that offer such a service (i.e. aliases only, not real mailboxes). I believe https://www.thai.com is one such place.

Another alternative (more resource wasteful though) is to use a service such as YahooMail! which provides free webmail, popmail and email forwarding. I also have a YahooMail account and I've set it up so that mail sent there is automatically forwarded to my real email address. Alternatively, I could have set it up so that I have to "pop" my mail at Yahoo! or visit Yahoo! with a web browser to read my mail. But automatic forwarding is easiest. (Note: Not all webmail providers allow you to do mail forwarding. Invariably, they allow you to retrieve POP email to the web interface, but not to redirect webmail elsewhere.)

Here's a strategy I'd like to propose:

  • Create TWO email aliases, either at thai.com, YahooMail! or wherever. thai.com only forwards to email addresses that end in .th, but there are other pure forwarding services in the U.S. as well. In the case of YahooMail!, you will need to manually configure it to forward to your real email address.
  • One of your aliases should be used in "public places" such as Post Database, chat rooms, etc. where your email can be seen by many people.
  • Your other alias should be used for such things as mailing lists or any web service that requires registration. These sites are a bit safer since only the site's owner can see your email. This is NOT to say, however, that they won't sell your email address to mass marketers.
  • If you visit risque or "icky" sites, you may wish to create a third alias for that as well. My guess is that these people will do anything for a buck, so be especially careful here.
  • Finally, you may wish to create an alias for your personal communications. Or maybe not, given the hassle of notifying people. DO NOT give this out to anyone you don't trust. Certainly, do not use it in any of the aforementioned situations.
  • Be prepared to kill off any of the aliases whenever spam starts to get excessive. To determine where a spam message comes from, ask to see the message's complete headers (e.g. Eudora's "Blah, Blah, Blah" button) and scan the headers to find out which alias was used.
  • Make your throwaway aliases easy to remember to encourage yourself to use them. Mine are called tk1, tk2, tk3, etc., but I could just as well have called them tkpublic, tkregis, tkicky, etc.

While these measures should help to reduce spam, they probably won't eliminate it completely. C'est la vie.

Copyright © 2000, Thiravudh Khoman