[Users] How to make claws put my correct address to the to-field?

Sat Oct 10 20:59:51 CEST 2020

On Sat, 10 Oct 2020, at 19:19, Michael A. Yetto wrote:

> Have you used spamgourmet.com's services yet? 
> 
> I have an account with them and when I give an address to a
> questionable site I use my keyword and one of their domains. In
> addition I build the userID I'm sending them with a tag relating to
> them, a word encoding how many emails I will accept to an address I
> specified based on the first letter (ie. c-t meaning 3-20) and my
> keyword.

That's interesting ... and I can see it would be useful for questionable 
sites.

But it doesn't solve the problems one has when an email address that 
was given to a friend, or reputable site, is fine for months or years and
then suddenly becomes a spam target.

I also use the many-address approach - well over 700 of them last time
I checked.

(I'm not using Claws for the addresses concerned, but instead a webmail
system.  I'm on this list because I was considering becoming a Claws user
and it's my habit to try to get to know the ins & outs of any software 
before I start using it.  Illness, and also an inability to build Claws (on 
Windows, when I explored that a while ago) has prevented me migrating
to it, so far.)

Multiple addresses are a hassle to set up.  But, whenever an allocated 
address goes bad, all I need to do is change it (assuming I still want to
deal with that friend or site).  What I don't have to do is tell tens or 
hundreds of other people that I've changed my address.  (I was a 
fairly early adopter of email etc, back in the pre-spam days of the 1990s,
and my original mail provider and address became unusable.  I chose
my current approach when I changed provider, & got my own domains
- though this email - coming from via Fastmail - is handled differently,
in the not-all-eggs-in-one-basket approach.) 

If the old address was with a friend who's not computer-literate, I don't
pursue the leaking of the old address with them.  But if it was a company
address, I do.

About a year ago I suddenly got a spam sent to an address I only use 
for my involvement in a UK medical research project.  The project's
data-protection officer initially fobbed-me off when I told them it had 
been spammed.  I persevered, by which time they took me rather more 
seriously, but still not seriosly enough ... and then the pandemic started 
and I thought everyone had more to worry about so stopped pursuing 
them.

Three months ago I got an email from the project's research director,
with a fulsome apology for not taking me seriously enough.

They'd discovered (actually another company had stumbled across data
that shouldn't have been public, but was) that they'd had a data breach.
My notification to them was the only one they had received - because of
course most other people in the project used email addresses that were
known to many people, so those people were unable to correlate their
incoming spam to a specific source for that leaked address.  

The IT director at the research project lost his job, and a third-party IT
service company working for the project lost their contract.  Significant
efforts have been made by penetration testers etc to see if the project's
IT infastructure is (now) hardened.  They're also continuing to look for 
reappearances of the breached info on the dark web, and they had to 
consider the effects on everyone whose data was breached.

I have to say it was refreshing to find a company who took a data 
breach very seriously.

I wouldn't have known about this if I'd not been able to tell them there
was a problem in the first place.

-- 
Jeremy Nicoll - my opinions are my own.