In this post I'm going to give an overview of how I've set up my djrb.org email addresses, in case it is useful to anyone or to remind me in the future if I have to set it up again. Nothing in this is particularly ground breaking, but I at least now have a setup I'm pretty happy with when it comes to dealing with spam, companies getting hacked, and so on.
The goal
Since I own this domain, I wanted to be able to make up email addresses on the fly whenever I sign up to something. I want to do this so I can quickly see which emails addresses have been compromised by third parties (which ones get spammed), and then easily sinkhole that email into the ether and replace it with a new one.
For example, lets say I sign up to all my favourite websites with a single email address, perhaps personal@domain.com - this means if any of those websites are hacked and my email address stolen, I'm going to end up with reams of spam in my main everyday inbox, relying on spam filters to remove what I don't want. This is mostly what everyone else does, and so it's probably going to fail - an escalating arms race between spammers and spam filters, with false positives and missed spam all along the way.
If instead, I sign up for my Tesco account with tesco@domain.com, and my eBay account with ebay@domain.com, now if eBay are hacked and the email address gets spammed, I can just change my account email contact to ebay2@domain.com, sinkhole ebay@domain.com into nothing, and I get no more spam.
Ideally these new email addresses shouldn't need any setup, either on my mail server or on my devices; I want to be able to create them on the fly as and when I need them, even standing in a shop without internet access, making one up on the spot.
+ post-fixes
You can do this with a lot of providers (eg. Gmail) by appending a post-fix following a +; for example, if your account is me@gmail.com, you can use me+ebay@gmail.com, and when the mail arrives at Gmail they'll drop the +ebay post-fix and put it into your usual inbox.
The problem is, lots of sites use incorrect regex to verify email addresses, and so they'll reject addresses with + symbols in them. This puts you back to square one, forcing you to use your raw address. The second problem is that Gmail doesn't support replying to emails as the full me+ebay@gmail.com, as far as I can see, you'll always reply as me@gmail.com; this isn't ideal.
cPanel Default Addresses
cPanel has a section named "Default Address" in the Email section, this is going to drive the bulk of our system.
Using this screen, you can change the policy on what your mail server does with emails that are sent to addresses that don't exist. By default it probably discards the email and returns an error such as "No such user at that address" to the sender. Instead we're going to change this to forward the mail to our master account.
Now, regardless of the first part of the address, all mail will be forwarded to our master account, for example master@domain.com.
cPanel sinkhole for compromised addresses
Now we're funnelling all emails to our master account, we need a way to sinkhole compromised accounts so the spam gets ignored. We do this with the "Forwarders" again in the cPanel email section.
Click "Add Forwarder" and then set up the compromised address to be discarded.
Obviously you'll also need to update the compromised website to the new email address, and perhaps inform them that they've had a leak.
Reply as the correct identity
Finally we need to set up our mail applications to correctly reply as the custom address rather than our master address. For example, if someone sends an email to ebay@domain.com, I want to reply as ebay@domain.com, not master@domain.com.
There is some mention online that your SMTP server needs to allow this faking of the "From" field, I had no problems with mine, YMMV.
I use Thunderbird on my desktop, and I have an iPhone for my mobile device. Both of these can handle multiple identities. In both cases they require manually adding the identity the first time you want to reply. For most addresses I never need bother, because I just receive information from companies and never respond to them via email. So in reality you only end up doing these steps for a handful of addresses.
Thunderbird
Go to "Account Settings" for your account and click the "Manage Identities..." button.
Add the email address that you want to reply as to the list.
Now when you reply to an email that has been sent to ebay@domain.com, if you have ebay@domain.com as one of your identities, Thunderbird will automatically reply as that identity.
If you haven't set up the identity, it will reply as your master email. Also, when composing a new email, you can select the appropriate identity to send it with.
iOS
Go to "Accounts & Passwords" > your mail account > "Account" > "Email".
In here, click "Add Another Email..." and add each identity you want to be able to reply with.
Once added, just as with Thunderbird, when you reply to an email from one of your identities, it will reply as that identity.
