Technology

Optional, but recommended. But doesn't guarantee anything unless both sides respect it. Also, IP spoofing is a thing.

Email is a broken protocol. There's a great copy pasta about why it can't or won't be fixed, which I unfortunately can't find. But it boils down to the fact that you can't get everyone to agree on, or implement, the fixes necessary to prevent spam.

That is true. I think spam lists usually have many thousands of addresses though, so unless they’re doing it with a script, they’re probably not stripping the subaddresses.

But a service that lets you use a dash instead of a plus, like Port87, is a bit safer in that regard. The dash is also accepted everywhere, whereas some places (like Microsoft) don’t accept a plus in an email address.

It’s worked everywhere I’ve tried it. Blocking the hyphen would be a really aggressive move, because that’s valid in usernames in most email services. I honestly don’t know why places block the plus.

I got the idea because I was doing it manually too with Sieve scripts on ProtonMail.

Please try it out, and if you like it, help spread the word. :)

Not yet, but I’m working on that. SMTP works from a mail client, but I haven’t finished the IMAP server. I’m also working on customer domains, so you can bring your own domain. It’ll work with a single user setup (label@mydomain.com) or multi user setup (user-label@mydomain.com).

Duck.com is a great service, but it doesn’t have the same features as Port87, and it has different goals and a different purpose as a service.

Duck.com is meant to keep your existing email address private. It forwards messages to your current email provider. You could use a duck.com address to keep a Port87 address private.

Port87 is meant to be your email provider. It doesn’t forward mail, but instead receives/sends mail for you. You get unlimited subaddresses with Port87, and each one has its own label in your account with its own settings, like whether to send push notifications, mark email as read, screen new senders, etc. It’s meant to help you stay organized by keeping your email categorized for you. It’s also available free. There are paid features, but you can receive mail to unlimited addresses for free.

The two services work very well together, and you can get the benefits of both!

The people operating the ticketing systems that are being abused will need to individually take action to deal with those incoming false support requests. They’re already aware of it, you don’t need to try and tell anyone.

Another thing to be aware of - sometimes malicious actors will do this in order to overwhelm your mailbox because they’re doing a identity theft or account takeover thing against you, so watch out for emails that say some password of yours was changed, or a purchase was made or something. This might not apply to you, you mentioned other recipients. But it’s still good to know.

Watch out for email footers like "This is important account information. You cannot unsubscribe from these emails.".

Whose your email provider? Or do you self-host? If you have a provider you can report the spam to them so they can update their systems.

Do yours have an onmicrosoft.com account CC'd? Both cases we have seen have had a different onmicrosoft.com account CC'd.