Understanding the structure of Email addresses
Photo by Miguel Á. Padriñán: https://www.pexels.com/photo/email-blocks-on-gray-surface-1591062/
Some rather fun stories revolve around my usage of mail addresses. Like many IT people, I like to use identifiable email addresses. In my case, it means I always use companyname-DDMMYYYY@my-domain.tld
or website-domain-DDMMYYYY@my-domain.tld
when I need to specify a mail address.
This has the advantage that I can verify if the sender matches the recipient address. Obviously, Paypal won't send mail to some-webshop05072024@my-domain.tld
. And it is a good pointer when some customer database was leaked or if sites are selling customer data. I experienced it like 10 times already: the mail associated with a certain website or shop got spam right after I deleted my account there. Truly unsuspicious...
And in the few cases where a company's customer database was leaked several times, I can easily change the mail address and still track if the new address is being spammed or not.
The unexpected benefit of unique mail addresses
The first real surprise came to me some years ago when I bought new furniture for my new flat. When the furniture was being delivered and built up one of the people setting them up said to me: "Ah, I see we work at the same company."
I was confused and replied: "Uh, no. I'm not working for (that furniture company's name). Why do you think I do?"
"Well, according to the receipt you got the employee discount.", the man replied. I was dumbfounded. I definitely didn't lie, and when I was in the store and purchased the furniture the employee also said nothing regarding this topic.
Then it dawned on me: My mailaddress! It was companyname@my-domain.tld
! But.. I thought in disbelief, "It's only in the local-part!" Well.. Looks like the employee doesn't understand the structure of mail addresses and that everyone is free to choose the part before the @-sign (the so-called local-part or username). And thought I do work for the company, and gave me the discount without saying a single word. Wow.
Basic IT-Security in the banking industry?
And today? The same happened. With my bank. I needed an appointment and called them. As I didn't provide a mail address to them in all these years they asked for one to set up the online calendar entry. I told the customer rep to use bankname2024@my-domain.tld
. The representative immediately asked in surprise: "Oh! You work for one of our branches?"
Well.. I was a bit shocked as, until that point, I thought that bank employees were at least minimally trained to properly read mail. In order to detect at least the most obvious phishing attempts. It seems I was wrong.
I gave the rep a quick run-down on the structure of mail addresses and said that basically everything in front of the @ is irrelevant (or at least should be treated as such). And that was it. On to the next adventure with mail addresses!