I realize this article is quite lengthy, and not everyone will want to read it all. If you have a short attention span, or you simply don't feel like reading the entire article just to send me a single message via e-mail, you can skip ahead (please finish this paragraph first, though) and read at least the first two sentences in the section called For The Nonce. If you don't read both the first and second sentence, don't blame me if your e-mail doesn't get through. The e-mail addresses you'll find there are not guaranteed to work indefinitely even if modified as instructed, so don't bother saving them for future use. They're only intended to be used by people with whom I haven't corresponded recently, or at all (by e-mail). If you want an address you can save for future use, you'll need to read the rest of this article. Sorry, but it has to be that way. Blame the spammers.
Spammers have ruined e-mail for all of us (I personally think they should all go to prison for the rest of their lives[1]). Most people have had to resort to filtering their mail, or having it filtered for them, in order to make their e-mail usable.
Unfortunately, this has issues:
I used to filter my e-mail, but I no longer do. Instead, I've adopted a system of whitelists and tags (AKA "plus addressing"), and I no longer have a spam problem.
I have two whitelists:
There are very few IP addresses in my IP address whitelist, but if you happen to have an account at either nyx.net, sdf.org, or sdf-eu.org, and you send your mail through one of these services, then your mail will be whitelisted due to the IP address of the mail server. I also temporarily whitelist any e-mail address I've sent mail to recently (more specifically, any address found in my sent mail folder is automatically whitelisted unless and until I purge the folder of all mail containing that address).
Most e-mail addresses consist of two parts: a username and a domain. These are joined together with an "@". A tagged address has a third part—the tag—that comes between the username and the "@", and is joined to the username with a "+" (which is why this is sometimes referred to as "plus addressing"). In other words, instead of username@domain, a tagged address takes the form username+tag@domain.
The way most people use tags, the tag is optional, and mail will be delivered even if the tag is removed. The way my e-mail is set up, however, the tag is mandatory for any sender who sends me mail from an address that's not in my e-mail address whitelist through a mail server that's not in my IP address whitelist. Only those who have been whitelisted may send me e-mail (successfully) without a tag.
I have two kinds of tags: dated tags and undated tags. Undated tags may be used as-is, and everyone I provide an undated tag to gets a different tag, so if I get spammed using a certain tag, I know who to blame, and I can easily stop the spam by removing that tag from my list of authorized tags. Of course, this also blocks all mail from the person or organization I originally provided the tag to.
Dated tags, on the other hand, must have the current six digit date appended in YYMMDD format in order to be delivered to my inbox. These are for posting in public places (like this web page), since if they're harvested by spammers, they won't work for very long without modification, and they may be revoked or changed at any time.
Having said all that, if you want to send me e-mail, but you're not on my whitelist and I haven't given you your own personal tag, for now you can send it to either cmartin+xyz241013@nyx.net or unicorn+xyz241013@sdf.org. Both of these addresses include dated tags, as described in the previous section, so you need to make sure that the numeric part of the address matches the current date in YYMMDD format (two digit year, two digit month, and two digit day, in that order), or your mail will bounce[3]. The timezone doesn't matter, as the algorithm that does the date comparison allows for timezone differences (the timezone used in the above addresses is UTC), as well as potential mail delays, as long as they're relatively short. This means that there's actually a four day window of allowable dates that will get through: the current date UTC, one day forward and one day backward to cover timezone differences, and a second day backward to cover potential mail delays.
The above addresses should simply work, since they're dynamically generated. If they happen to be more than one day off, you can either try refreshing the page in your browser, or just edit the address manually to reflect the current date before sending your e-mail. Although this might be inconvenient if you had to do it every time you want to send me e-mail, once I reply to your e-mail your address will automatically be added to my whitelist (temporarily), and then my regular, untagged address (i.e., one of the above addresses with everything from the + through the end of the date removed) will work. Tags will also work if you're whitelisted, even if they don't appear in my list of authorized tags. They just aren't necessary. I do try to keep my whitelists synced between accounts, but since the temporary whitelist is based on your e-mail address being found in my sent mail folder, it will only apply to the address I've replied from.
Anyone who asks nicely may be added to my permanent whitelist, and then the tag will no longer be necessary even if I purge your mail from my sent mail folder, but only if you e-mail me from the address I've listed in my whitelist (my whitelist uses something called "regular expressions", which means it can include pattern-matching so, for example, if you use tags, as I do, I can whitelist your address both with and without tags without even knowing what tags you might use).
If you change addresses often, you may want to request a personal, undated tag to use in place of one of the dated ones above, since a tagged address can be used from any e-mail address you happen to be using at the time. I'll even allow you to choose your own tag if you like. If you choose to create your own tag, you can include not only letters and numbers, but also any of the following characters: ._?+-/*^={}|`'#$&~ (yes, surprisingly, all of these are valid characters in an e-mail address, but you should be sure your e-mail provider allows you to use them, since it's possible some e-mail providers may use improper methods of "testing" the validity of an e-mail address before allowing you to send e-mail to it, as some other types of web sites have been known to do—I don't know if any do this or not, only that I've experienced it when trying to create an account some places where an e-mail address is required). The only limitation is that the period, or "dot" (".") cannot appear twice in a row, or at the end of the tag. Also, letters in tags, like letters in any other part of an e-mail address (most addresses, anyway), aren't case sensitive, although there's technically nothing stopping me from making them so if I want.
Please note that if I have provided you with a tagged address, you are responsible for that address. Do not share it with anyone. Do not enter it into a web site in order to have that site send me something. If I get spammed using that tag, I will hold you responsible, and you will no longer be able to use it, since I will disable it (i.e., remove it from my authorized tags list).
Since switching to this system, my spam problem has been almost completely eliminated. I don't even have a spam folder[4], and I get almost no spam—maybe one or two a year, if that [5]. The most likely source of spam now comes through mailing lists I'm subscribed to, since spam there will use the same tag as all other mail from the list, but most mailing lists do a pretty good job of filtering out the spam.
In addition to eliminating spam, it also makes phishing attacks difficult, since it will be obvious to me whether a given message is really from who it says it's from. After all, my bank's e-mail address (to use an example) would not be in my whitelist. Instead, they would be using a tag I provided them. If I get mail purporting to be from my bank, but it doesn't have the proper tag, I'll know there's something "phishy" about the mail. The only way a phishing e-mail would have the proper tag is if they got my e-mail address from my bank. If they got it anywhere else, it would have a different tag. If they got it without a tag, or if they removed the tag to try to hide where they got it, thinking my use of tags was the same as most other people's use of tags, their mail will bounce, and I'll never see it. The same goes for Amazon, or EBay, or PayPal, or any other company I deal with[6].
All in all, it's been a good system, and it makes managing my e-mail a lot simpler. My only problem now is incompetent idiots who refuse to accept an e-mail address with a "+" in it as a valid address, and they try to enforce that with faulty JavaScript on their web pages. They could at least educate themselves about how things work before implementing such a braindead idea that just exposes their ignorance and incompetence. The only proper way to check the validity of an e-mail address is to attempt to send mail to it and see if it gets through. If you request a confirmation and get it, the address must be valid, right? Morons.