[Self hosted email] All about email anti-spam

You might have received millions of spamming email. Why it happens and what should I do? This article provides some information.

Why I am receiving spamming mail

You are using your email to register some accounts in various websites. Some of them might leak your email address to public.

Spammers downloaded or bought millions of email addresses (which includes you). And you are receiving spam.

How could I stop them

If you are using email service from large company (such as gmail, outlook, ...), well, you should forward your question to them.

If you are hosting your own email service like me, this solution is for you:

[1] Provide a different email address to every different website. For example, you use github@mail.example.org to register github, use xfinity@mail.example.org to register xfinity, and use google@mail.example.org to register google.

You can have a naming rule to help you remember your account name. For me, I'm using the domain name of website (for example: google@xxx for google.com, cloudflare@xxx for cloudflare.com).

[2] Use a email forwarding service to forward *@mail.example.org to your real mailbox (for example, hacker@example.org). You can choose from existing email forwarding service, or implement it on your own server.

In your real mailbox, because your old address is already leaked, you might want to set a filter rule like this: if email.To == REAL_EMAIL_ADDRESS: then move email to SOFT_JUNK_FOLDER and mute notification.

[3] Done.

Now, if you received a spamming mail to github@me.recolic.net, you know GitHub is fucking you up. You just blacklist the whole alias if email.To == github@me.recolic.net: then move email to SPAM, and then give another address to github if you want.

Who is known to be leaking your email address

The best advantage of the solution above is that: You know who is fucking you up.

The following company is known to be leaking or selling my email address:

GitHub (2022)
Xfinity (2023)
Yami Mall (2024, leaked all information to scammer)

They are very likely to be leaking yours. Take care!