depicus

changing the digital world one bit at a time...

Blants (noun) the rants of a blogger

Plus Addressing (RFC 2822) and why it’s important

January 15, 2018 by The Man

The interweb is a scary place for even the most tech savvy users and handing out your personal information to all and sundry with their laissez faire attitude to data security is crazy. There are sites where you have to provide legitimate data, i.e. where you are purchasing something, so knowing which sites have poor data security can help you (and others) avoid them in the future. This is why I always use plus addressing.

Plus addressing, username+siteyouarevisiting@emaildomain.com, is supported by many of the major mail vendors like Gmail and Outlook.com so plus addressing is available to most users. The genesis of plus addressing are from RFC 2822 and specifically s. 3.4.1 and s. 3.2.4 which basically define the part before the @ sign as the “local part” and should only be interpreted by the receiving domain. This allows for characters such as ! # $ % & ‘ * + – \ = ? ^ _ ` { | } ~

Ok but why is this important, aren’t you just being anal ?

Well the first time I knew it worked was when a company I’d booked a running event with sent me an email about buying email databases (the irony) now clearly there were two possible explanations. First they had sold my data or second that they had been hacked. Thankfully the credit card I’d used had expired. The second time was with Feiyu Tech who I suspect were hacked as they were sending me mail about buying womens bathroom products.

Today I tried to make a donation on virginmoneygiving.com and got the following error.

So a company as large as Virgin cannot get email validation right – what does that tell you. Well first that their developers probably just copied an email validation routine off the web without understanding what it does and their testers also signed it off. Secondly would you trust a company that cannot get the basics right with the storage of your data and credit card information ? I don’t.