Locked addresses

If there’s anything positive about the infestation of spammers who are cluttering up our in-boxes with garbage, it’s the assortment of creative approaches that people come up with to fight back. In fact this seems to be one of the few areas of software where we’re still seeing a fair number of new and interesting ideas.An Ottawa company, Roaring Penguin Software, has come up with one of the latest ones. Its CanIt-Pro anti-spam software has a feature that lets you generate what Roaring Penguin calls locked addresses.
When you need to give someone your e-mail address but are a little afraid that person or company might sell it to others, you give out one of these special addresses. The domain (the part after the @) is the same as your regular address, but the first part is a string of random characters.
Mail sent to the locked address is forwarded to your regular address, but you only give each locked addresses to one person. As soon as anyone sends a message to a locked address, it locks on to the sender’s address, so from then on it will not accept mail from any address but that one.
So say you decide to buy a camera from BigBargains.com. The price is right, but you’re not sure about BigBargains’ privacy policy, so you supply a locked e-mail address. BigBargains can send e-mail to that address to confirm your purchase — and, possibly, to tout other products to you later.
But when they turn around and sell their mailing list to Joe Slimyspammer and Joe tries to send you e-mail about fake Rolex watches or cheap Cialis, the mail doesn’t go through, because it’s coming from a different address.
Not only that, notes David Skoll, president of Roaring Penguin, but when the CanIt-Pro server rejects the mail it logs the address to which it was sent. Just as with the old trick of deliberately misspelling some part of your address when buying a magazine subscription, you now know who sold your name to a spammer.
Skoll says there are other products that let you create random e-mail addresses, but they don’t limit each address to receiving e-mail from one source. The point of those products is that if one address starts getting a lot of spam, you stop using it — and you have a pretty good idea how the spammers got hold of it. But they don’t stop the spam from reaching you.
Roaring Penguin’s locked addresses can be set to accept mail from any e-mail address within a certain domain rather than just one address, Skoll notes. That addresses the issue of large e-commerce merchants who might send you legitimate e-mail ([email protected], [email protected], [email protected]) from more than one address in response to a purchase.
The bad news is that CanIt-Pro is a server product. A company can install it on its mail servers, but an individual can’t run out and put it on his or her PC. The only way an individual user — or a small business that doesn’t run its own mail servers — can take advantage of this is if their Internet Service Provider (ISP) installs it. Skoll says a couple of ISPs in the U.S. have done so, but there hasn’t been much interest in Canada yet. Pity.