diff --git a/README.md b/README.md index ebb6eb1..b698cca 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ When giving your email address to someone, for example when registering an accou The problem is, people know that whatever is after the `+` can be discarded, and therefore some services drops it. This can also happen after a leak if the spammer doesn't want you to know which website has been breached. Furthermore, a spammer could also add a custom part after the `+` in order to cover its tracks. -Changing the default sub-address delimiter is a good idea, but isn't completely secure: in most cases, anyone will see the patter you are using and will be able to deduce your email address for other services. For instance, if someone knows that you registered on `www.acme-corp.example.com` using the address `darra.acme-corp@mail.example.org` and on `www.super-social.example.com` using the address `darra.super-social@mail.example.org`, this person will deduce that your address on any service named `x` will be `darra.x@mail.example.org`. +Changing the default sub-address delimiter is a good idea, but isn't completely secure: in most cases, anyone will see the pattern you are using and will be able to deduce your email address for other services. For instance, if someone knows that you registered on `www.acme-corp.example.com` using the address `darra.acme-corp@mail.example.org` and on `www.super-social.example.com` using the address `darra.super-social@mail.example.org`, this person will deduce that your address on any service named `x` will be `darra.x@mail.example.org`. This filter adds a way to configure some addresses (or aliases) in a way that the part after the sub-address delimiter includes a verification code that cannot be guessed. Following the previous example using the dot instead of the plus character as a sub-address delimiter, the addresses could be `darra.acme-corp.nbvtenby@mail.example.org` and `darra.super-social.heywkmrx@mail.example.org`. As you can see, a 5 bytes code in base32 has been added after the second delimiter.