Spammers are starting to use email addresses with "renewal" in the address, bypassing junk filters. How do we fight this without blocking legitimate renewal emails?

For several months now I've started to receive an unprecedented number of emails from addresses named some variation of "renewal@".

The issue is that creating an email filter which would move these emails to your junk folder would also inadvertently move legitimate subscription renewal emails to your junk folder as well. What are some steps that can be taken to deal with this issue? Which apps, clients, or email services deal with junk/spam the best?

sugar_in_your_tea ,

I just use a separate email for subscriptions and whatnot vs "actual" email. That helps mitigate a lot of it since I can easily dismiss any "business" communications from one and be on my guard with the other.

But the real solution imo is to not use email for such things. If I need to renew something yearly, I set up a reminder on my calendar or wherever yearly.

helenslunch ,

I've transitioned over the last couple of years to using exclusively aliases. I do not give my actual email address to absolutely anyone.

If someone leaks the alias I gave them to spammers, I write the offending company a strongly-worded email, then disable or spin up a new alias to use.

For your situation, these things happen all the time and your email provider will likely work it out soon enough. It's just a bit cat and mouse game with spam.

You can create a temporary filter to move them to and disable the notification for those emails for now.

Rudee ,

Do you use a service for the relays, or is it possible to self-host?

helenslunch ,

I use Proton/SimpleLogin.

I suppose it's possible but you'd need to buy and maintain several domains. Very easy to use with Proton or AnonAddy or Firefox Relay. And then any of those domains could be tied back to you.

hedgehog ,

Not the same commenter, but I use the SimpleLogin service (and I liked it enough that I’ve been a paid user for a couple years), which is FOSS and can be self-hosted. I have not tested out self-hosting myself but there are detailed instructions in the repo.

jon , avatar

I run the self-hosted version, aside from having to deploy a couple Docker containers it's pretty much the same as the SaaS product.

hedgehog ,

That’s awesome! I have a fair number of Docker containers running on my Linux server and may try deploying SL at some point.

One thing that may stop me - are you able to use the mobile app with it, or are you only able to use the webapp?

dlpkl OP ,

Ah that's a good tip. Next step for me is figuring out how to use aliases in outlook then, thanks

markstos ,

Spam filters rely on many signals besides the from address to decide if a message is spam, because one signal alone is often not reliable enough.

It’s hard to see who deals with spam with the best because when the filters are working well, you don’t notice how much is being blocked.

I can say that both Fastmail and Google work fairly well. Unless things have changed, about 90% of email is spam, with most getting blocked or diverted at different levels. So even if some gets through, it’s possible the systems to block it are still working very well.

dlpkl OP ,

Yeah and I have to be honest, usually outlook/Hotmail is pretty good about adapting to spam but this seems to have evaded them for much longer than other types of spam. Fingers crossed they figure it out soon

lemmyvore ,

Subscribe to things with personalized individual aliases instead of your main address.

That way you don't get much spam to begin with because they'd have to guess what aliases you use, and you reject anything that's not sent to one of those aliases.

Assuming one of the sites you subscribe to sold you out or was broken into and their alias starts receiving spam, you simply block or disconnect their alias.

If you haven't been doing this, the address you use now (for everything) is undoubtedly on many spamming lists. It's best to get a domain and start moving subscriptions to aliases on that domain.

Nobody should ever know the main account address, it should be reserved for logging in to the account. Even friends and family should be given aliases (because their address books and contact lists inevitably get sold and compromised eventually).

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • testing
  • tech
  • updates
  • drbboard
  • programming
  • til
  • wanderlust
  • bitcoincash
  • Sacramento
  • All magazines