Email Subaddressing

Sometimes you are looking so hard for a solution, that you won’t even see them even if they punched you in the face. Email Subaddressing is one of those issues I couldn’t get fixed.

Subaddressing, which is something that for instance gmail uses, makes that you can use a plus-sign + to add additional data to the local part of an email address. Mail that is sent to  me+yourwebsite@gmail.com will be delivered to me@gmail.com. But it allows me to see that this email was sent to me+yourwebsite, which means that this email-address was the one i’ve used to register myself on onto your website for instance. This makes it very easy to either filter out emails based on the to-address, track where email-addresses came from (or where the spam was originated from, or who sold your email address etc).

The thing is: most registration forms on websites  are complete and utter crap and do not allow a + sign (or worse: where you must have at least 5 characters for the local part, or even some valid domains that are not recognized etc etc). In those cases, subaddressing do not work.

Most people solve this by using a catch-all on my domains aren’t an option too, because too many spammers sends email to random users.

So here’s the big punch I’ve received this week: you don’t HAVE to use a + sign for subaddressing. Might as well be another character (hell, even a letter!). I know I know.. obvious, but still it hit me just this week after seeing it in action by somebody else.

Since i’m using virtual domains and users, the only thing i needed to add to my exim.conf was:

local_part_suffix = +* : -* : _*
local_part_suffix_optional

Which means I can use a plus, a hyphen or even underscores for sub-addressing.

Sweet!