Email Hygiene

I got one of those funny emails this week. You know the ones where some ‘master hacker’ says he owns your machine and has vidya of you wanking he’s going to distribute to your contact list unless you send some bitcoin.

Yeah.

That would be some amazing hack, by the way. I don’t do pron. My main machine doesn’t have a camera attached most days. Most others, it’s sitting upside down behind the monitor. So where this video came from would be anyone’s guess. Quite frankly, I’d like to see it. What would I be paying for after all?

One of the tells that this is bs is usually the recipient address. It’s typically the info@ address of one of my defunct companies. This one was special because it dimed out a password that ‘he’ used for this. It’s a burner password. A throwaway I use when I have to make an account and don’t care. This one clearly came from a site that wanted more than 10 digits. I looked it up in my password manager and the only hit was a sprinkler supply site. At least that’s the only one I recorded. I usually don’t because I use it for accounts I don’t care about, that don’t have any real info on me. Anything for real would have a miserable PW generated by one of my password managers.

But the thing reminded me that I’m well due for some email hygiene. I deal with threats by compartmentalization. I have different email addresses for different things. Typically like this:

• A financial address. This is the one I use for banks, credit cards. People I owe money, people who owe me money. That’s the only place that address is used.
• An IRL address. This is one I give to people socially, and for most for real interactions I have.
• A burner email. An email I use for trivial crap. News sites, trivial purchases. This is my ‘dirty’ address. I delete them after a year or so to handle spam. I’m overdue for that.
• A social media email: One I use for nextdoor, gab, that sort of thing. Emails from this one get send directly to a folder for me to delete later.

Nearly all my accounts have passwords generated by my manager. The important ones have 2-factor authentication.

It’s a good time to kill my old trivial addresses and create new ones. They are all on a domain I’m releasing. Seemed cool to have a domain that is my name. Turns out, that’s kind of dumb. The hosting service has gotten pricey, and it’s hosting two domains and web sites of defunct companies. So good time to jettison that expense. Besides, new ones are easy with Proton.

I had the day off with no plans. So I sifted through the password manager, hitting sites and changing emails. Just the ones I care about. The rest, meh. They’ll figure it out soon enough. Turns out some of the sites had dumb passwords. Those were changed also.

Then I turned off renewals on the site. They squawked. Tough.

I have a new hosting provider I’m looking at that is fraction of the cost. Two year special at $3/month, then it goes up to one third of what the old provider cost. I’m on the fence whether I need it at all. I own that domain for another year, so I may simply move it. I have a month to deal with that.

One of the other things I do is pay for the services I like. I tried Protonmail, liked it, and now pay for my account. Worth every penny. I pay for this site, it’s cheap. Free IT services just aren’t worth it, especially google. Likes been said everywhere, if you are paying, you are the product.

I just signed up for Kagi. It seems to outperform google, duck duck, and even brave. I don’t mind throwing a few shekels for something that works.