Adding a signature to forward-only email addresses


#1

Hopefully the knowledgeable people here can offer some advice to me because surely I’m not the first to think of a concept like this…

Core objective:
My core objective is to use a unique email address with each web site I register at, order products from, etc. I want to do this so I can trace back to where spammers originally got a given email address of mine that they’re targeting with spam. For example, I’ll go through the DreamHost Panel and set up a forward-only email called amazon@mydomain.com. Then, if I get spam email forwarded to me through that email address, it’s obvious that the spammers got my email through some connection with amazon.

Issues:
This idea is simple enough except all smart email spammers BCC their targets instead of directly addressing them. This means that the spam recipient (me) can’t see the email addresses targeted by the spam email. For example, spammers will essentially send an email to themselves and add all the spam targets as a BCC’d list. (If I’m not explaining this part well, please let me know!) Therefore, my idea was to add a signature to each forward-only email account. The signature would have the name of the account from which it was automatically-forwarded, thus eliminating the BCC problem.

My plea for help
I can’t figure out how to add signatures to forward-only email accounts through the DH Panel.

Or if such signatures aren’t possible through the DH Panel, how else might I insert text into an email forwarded to me through a forward-only email account?

Lastly, please let me know if I’m going about this the wrong way. I do know that manually creating all these forward-only email addresses is getting cumbersome (which gives me the feeling I could be doing this better…somehow), but I don’t know of any other way to script the creation of forward-only email addresses through DreamHost.

Thanks so much! I can’t wait to hear your suggestions.


#2

I dig through such mail from time to time and when I view “full headers” in my mail program, there’s usually a hint as to which email address was the recipient. For example, a friend sent a message to some neighbors. Return address was my friend, to: address was my friend, and all neighbors were in the bcc: list. When I view Full Headers, the very first line says Delivered-To: my personal email address.

Some may suggest using plus- addressing, such as me+amazon@example.com so you know if the spam came from amazon. The hitch is that when I tried this at Eddie Bauer, they didn’t recognize a plus address as a valid format.
http://gmailblog.blogspot.com/2008/03/2-hidden-ways-to-get-more-from-your.html


#3

I might be wrong about this as I’ve never tried it. I’m not even sure if it would be suitable “as is” because I’ve never seen how the DH spamming mechanism tags spam messages though I’m pretty sure this will do it.

The trick would be to mark everything sent to one of your sign-up-type email accounts as spam, but within the spam rules specify that it gets delivered to the inbox with some sort of tag in the subject line but not quarantined out to another folder.

The spam setting and tagging rules can be set in either the “webmail.” or “mailboxes.” for respective domain and email user accounts. The mechanism allows you to set scores; 999 for “never”, and (presumably) 0 for “always”.

Here’s the result:
ANY email sent to that account should have an “X-Original-To: account@yourdomain.com” in the header that will indicate for whom exactly the mail was intended as it arrives at the DH server. I have no idea how this would work with a forwarding account - you’d have to test it yourself.


#4

You say: "…it’s obvious that the spammers got my email through some connection with amazon. " Not really. If someone sees email addresses like dreamhost.at.mydomain.com or walmart.at.mydomain.com, or someothercompany.at.mydomain.com (replace .at. with something …) there will be a fair chance that amazon.at.mydomain.com would exist.

But if you use: amazon.sd0qdqowd938dhwked9qwdqo3dgqi3gd.at.mydomain.com - then it’s pretty close to obvious.


#5

Hi. Post #2 mentioned plus-addressing and commented that an email address with a “+” in it might not be accepted as a valid email address by the merchant’s website.

However, I think you can combine plus-addressing with forwarding to solve your problem as follows:

at the merchant’s website, register the email address amazon@mydomain.com, and set up the mailbox amazon@mydomain.com to forward to myrealaddress+amazon@mydomain.com

But I think you will soon find the hassle of setting up all these forward-only mailboxes unbearable.

However, it could be automated!

There would be real value in a piece of software which let you type in the characters “amazon” and do a single click, and it would create the mailbox amazon@mydomain.com and arrange for it to forward to myrealaddress+amazon@mydomain.com

~Tom


#6

You can setup at Catch-All email address. Then, when you signup, just give them any email address at your domain you wish. I tend to use their full domain (amazon.com@MyDomain.Com).

If you need to send email from that account, use a generic SMTP account.

You can filter using your email client, procmail, etc.

As stated earlier, you can look at the headers of an email to determine the recipient, including BCC emails.

Best,
Scott


#7

The problem is that that is not always true. Often it is true, but not always. For example, when the sending and the receiving services are both gmail (or google apps), then email that is sent to you as a Bcc recipient arrives with a header line indicating which email address was used to reach you. If either the sending system or the receiving system (or both) are not gmail (or google apps), then there might or might not be such a header line. Here is what ‘gmail help’ says about it (my emphasis added):

[quote]How you know when you’ve been Bcc’d

When someone Bcc’s your address on an email that was sent from another Gmail or Google Apps user, Gmail will show your address in the “Bcc” line to let you know that you’ve received this email by way of Bcc. This way, you won’t be confused about why you’re receiving a message when your address isn’t in the “To” or “Cc” line.

Similarly, if an email sent by another Gmail or Google Apps user has reached you because you’re a member of an email group that was Bcc’d, that group’s address will show in the “Bcc” line.

Only your address (or the email group you have subscribed to) will be shown in the “Bcc” line; if any other email addresses were Bcc’d as well, you won’t be able to see them.

If you’re Bcc’d on an email that was sent using another email program or service, Gmail may not be able to display this information.[/quote]
http://mail.google.com/support/bin/answer.py?answer=57143

~Tom