Celejar wrote: > On Mon, 5 Apr 2021 15:51:28 -0400 > Dan Ritter <d...@randomstring.org> wrote: > > > > Okay, but why isn't trying to limit spammers getting hold of an address > > > a logical part of a defense in depth strategy? > > > > Because it doesn't work. If it worked as well as, say, moving > > your SSH port*, I would encourage it. It does not. > > Source? Is this your personal experience, or do you have some other > basis for this? Cloudflare, for example, asserts that: > > "Cloudflare Email Address Obfuscation helps in spam prevention by > hiding email addresses appearing in your pages from email harvesters > and other bots, while remaining visible to your site visitors."
Source: experience from being actively involved in the Internet for 25 years, including time on anti-spam initiatives at BBN and Akamai, various mail anti-abuse working groups (now https://www.m3aawg.org/ which I'm not currently involved with particularly) and running personal and corporate mail servers for most of that time. > > OK, use tagged addresses. Gmail has that feature for free. > > > > page and tell Gmail to spam-bin the old address. > > Worth considering, certainly. I try to avoid Gmail as much as possible > (I know that I'm still using it for d-u), but I can check to see > whether the other email providers I use support plus addressing. The good ones will. The best ones will also offer - addressing on the same terms. Turns out that a bunch of idiots think that + is not a valid mail left-hand-side character, but - is. -dsr-
