TechBite: A Nifty Spam Tracking Trick


By Steve Bass

Major Companies Hacked

Another hack attack: The bad guys gained access to the
database that stores customers’ names and e-mail addresses
for Capital One, JPMorgan, Brookstone, BestBuy, TiVo,
Walgreens, Kroger, and a long list of others

The breach occurred through Epsilon
, the firm each of the companies used to
manage their e-mail communication with customers.

Chances are good that if you’ve corresponded with any of
the companies, you’ll see phishing e-mails in your inbox.
They’ll likely be messages for you to confirm a recent
order, or reconfirm or update a credit card.

By this time in your computing career, I feel safe saying
you’re sophisticated enough not to be suckered in by
phishing e-mails. But I’ll play it safe: If the e-mail
looks authentic and asks you to click a link to go to the
company’s site, don’t do it. Instead, type the company’s
URL into your browser’s navigation field to go to the

There’s nothing you can do to prevent a third party from
exposing your e-mail address. But there’s a handy trick to
monitor if a company you’ve given an e-mail address to is
using it to spam you. And then block it so you’ll never
see it again.

A Nifty Spam Tracking Trick

Start using e-mail addresses that are specially — and
easily — coded. Create a new one for everything you sign
up for, things like newsletters, banking, coupon sites —
whatever. If you receive an e-mail from that address with
anything other than what you asked for, you’ll know the
company’s been breached — or is selling your e-mail
address to spammers.

The technique is called plus addressing and the trick is
to create an e-mail with an extra character between the
real e-mail address and the @ sign and domain. Don’t fret,
it’s easy to understand.

Many ISPs let you do plus addressing, but I’ll use Gmail
to describe how it works.

Let’s say your Gmail address is [email protected]
(and for the reasons I’ll explain in a minute, you ought
to use Gmail). When you sign up for a newsletter, say,
SuperUser, use [email protected]. Banking
with Chase? [email protected]. Got the idea?

Use a throwaway e-mail
to track spammers

Gmail understands what you’re doing and the e-mail still
lands in your inbox.

However, if you get something other than the newsletter at
that address, you can stop it in its tracks. Just create a
filter in Gmail (yep, I’ll get to that, too) that
automatically deletes anything from
[email protected] and you’ll never see it

Of course, once you filter that specific address into the
trash, you won’t see either the spam or the newsletter. If
you still want the newsletter delivered, create a new plus
address and resubscribe.

Besides Gmail, I’ve tested plus addressing with EarthLink
and Yahoo
.html] (they use a hyphen —
[email protected] instead of the plus
sign). Neither MSN nor AOL is smart enough to use it;
experiment with your ISP to see if it works.

Sign Up for more great TechBite content here

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles