Take a short moment to check your spam folder - I guess there are hundreds of spam mails, in case your mail provider doesn’t clean them up regularly.
For the first and most simple technique to avoid email spam, check your email provider’s features - it might already be possible to use email aliases.
This lets you include a certain string in the local part of your email address.
I frequently use the website’s domain or the shop’s name as an alias.
So let’s imagine your email address is name@example.com and you want to register at randomshop.org - then the email address you register with would be name+randomshop.org@example.com.
This gives you two major benefits:
name+randomshop.org@example.com, it’s obviously fake.randomshop.org about their data loss.
In the European Union, you can always request a summary of your data by sending a long, annoying questionaire like this one for Germany.The problem with revealing a spammer’s IP address is that emails travel over insecure protocols - neither the sender nor the forwarding mal servers are properly authenticated. The email could basically come from anywhere. Also, faking sender and recipient addresses is not a problem.
By using standard email aliases, we now know which parties lost or sold our email address, but we know nothing about the spammers. Additionally, there is another source where spammers can get my email address: The imprint of my websites!
In theory, I could monitor accesses to the imprint page via the webserver logs and guess IP addresses might look suspicious. But this is unprecise and error-prone. Also, under GDPR laws, you’re not allowed to store full IP addresses of site visitors. So what can we do?
Let’s include the IP address into the email address that is visible on the imprint page! This way, the spammer friendly hands over the information needed to prosecute them. And I will happily assume that they agreed to my terms and services!
As I commonly operate static HTML websites, there is no backend to perform calculations, so I have to use the Apache webserver to modify the HTML output.
First, we have to enable mod_include and add the following directives to the .htaccess file:
1Options +Includes
2XBitHack on
3
4AddType text/html .html
5AddOutputFilter INCLUDES .html
This allows us to include SSI (Server side includes) in HTML documents.
Next, we use SSI directives to include some variables in <span> elements.
Because the Apache webserver does not allow to pre-process and concat variables, we later use JavaScript to combine the visitor’s IP address and the current timestamp, encode it with base64 and add it to the email address as an alias.
1<p>E-Mail: <span id="email"></span><noscript>Please enable JavaScript to show the email address.</noscript></p>
2
3<p>
4 <span id="ip" style="display: none;"><!--#echo var="REMOTE_ADDR" --></span>
5 <span id="timestamp" style="display: none;"><!--#echo var="DATE_LOCAL" --></span>
6</p>
7
8<script type="application/javascript" defer>
9 const ip = document.getElementById("ip").textContent;
10 const time = document.getElementById("timestamp").textContent;
11 const ip_time_base64 = btoa(ip + " " + time);
12
13 const email = "info+" + ip_time_base64 + "@example.com";
14 document.getElementById("email").innerText = email;
15</script>
So eventually, when spam emails with this certain format arrive, we just need to decode the base64 string:
1# Recipient address: info+MTEuMjIuMzMuNDQKIApTdW5kYXksIDI3LUFwci0yMDI1IDE1OjA0OjM5IENFU1QK@example.com
2
3$ echo "MTEuMjIuMzMuNDQKIApTdW5kYXksIDI3LUFwci0yMDI1IDE1OjA0OjM5IENFU1QK" | base64 -d
411.22.33.44
5
6Sunday, 27-Apr-2025 15:04:39 CEST
And finaly, we can get a lawyer to sue the sh*t out of them!