this post was submitted on 28 Apr 2025
154 points (98.7% liked)

Technology

69545 readers
3358 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
154
Turning the Tables: How to Make Spammers Reveal Their Own IP Address (codefoundry.de)
submitted 4 days ago by Kory@lemmy.ml to c/technology@lemmy.world
20 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] CameronDev@programming.dev 17 points 3 days ago (2 children)

The myaddress+shop@gmail.com should be trivial to defeat by a spammer. Its a very simple string remove/replace to get back to a stock email address, or change it to impersonate another service, eg. myaddress+netflix@gmail.com.

It's only useful for the actual service, after that, you can't rely on it.

[–] 4am@lemm.ee 20 points 3 days ago* (last edited 3 days ago) (2 children)

Correct. Everyone knows this trick so everyone filters out the everything from the + to the @.

Even when email lists are “legitimately” sold it’s removed.

This guy’s using 1990s techniques in 2025.

“We can prosecute using IP address!”

[–] exasperation@lemm.ee 3 points 3 days ago (1 children)

The use of a "+" convention is just a convention popularized by Gmail and the other major providers. If you have your own domain, you should be able to do this with any arbitrary text schema, and encode some information in the address itself, especially if you don't care about sending email from those aliases: set up your email service to have a catchall inbox that can further be filtered/forwarded based on other rules.

It can be cumbersome but I could see it working at getting the information you're looking for.

[–] PM_Your_Nudes_Please@lemmy.world 2 points 3 days ago

Yeah, I love my catch-all email domain. If I start getting spam addressed to “Target@{my domain}” then I know Target sold my data; I can burn the account by auto-spamming everything addressed to it, and move on.

[–] rottingleaf@lemmy.world 1 points 3 days ago

Ah, it's more about the receiver than the sender. If they cut it off, their letter gets deleted or moves to spam directory. Provided someone configures that.

With centralized mail services of today 1990s' techniques don't work so well, but that's a problem of adoption, not allowing mail without a correct token is still pretty modern.

[–] kernelle@lemmy.world 8 points 3 days ago

Also most adversaries are using VPN's

Some email services like iCloud offer scrambled permanent emails to use on different services though, that's pretty cool.