[Cryptography] what application creates single-use coded email addresses?

Tom Mitchell mitch at niftyegg.com
Mon Aug 6 15:36:42 EDT 2018


On Sun, Aug 5, 2018 at 9:46 AM, Ray Dillinger <bear at sonic.net> wrote:

>
> I've encountered some email addresses that are apparently base64 encoded
> usernames prefixed with a four-character nonce.
>
> For an example with a fictitious username, email addresses AX2bY2xhcmti,
> gg68Y2xhcmti, cUn4Y2xhcmti, etc, all have the form
>
> {four alphanumeric characters}{'clarkb' encoded in base64}

....

>
> I was thinking about how it would be done...
>

If you own the domain much is almost easy even with a Gmail served domain.
Gmail already allows a  slightly less obfuscated version using +
       me+bear at some.gmail.served.domain
IMAP and POP allow the messages to be pulled and processed.

If you own a gmail service a default email address can be specified
and so messages with {four alphanumeric characters}{'clarkb' encoded in
base64}
can be de-mangled with perl or python or something.

The difficult part is remembering who was given that mangled name.

Sendmail has rewriting rules as well.  Again remembering who gets what is a
data management process that needs to be added to aliases.

Mutt pays attention to some environment and command lines.
See http://www.mutt.org/doc/man_page.html
There is no command line switch for this, but their is an ENV variable, so
at the top of your script add:

  $  export REPLYTO="foo at bar.baz"
  $  mutt -s "Report for ${CLIENT} Feed" -a ${MNT}${CLIENT}${REPORT}/${f1}
${RECIPIENT} <${MSG}


I guess I would like to see all the headers of the message to see what tool
set
was likely used.
Even this list uses interesting headers. Added an X to not confuse the list.
       FXrom: John Denker via cryptography <cryptography at metzdowd.com>
       RXeply-To: John Denker <jsd at av8n.com>




-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180806/caca759c/attachment.html>


More information about the cryptography mailing list