Max length for someword in alias?

General discussion re sg.

Max length for someword in alias?

Postby VanguardLH » Sat May 05, 2018 10:15 pm

In the FAQ, the maximum for the someword token is 20 characters. For example, in:

the someword token can be a maximum of 20 characters. A prefix can be configured in the account (which, by the way, then demands the usage token be specified), such as:

Is the prefix token's length included in the someword max character length? Or is the length of the prefix token independent of the someword token? That is, will the following work?

Code: Select all
(the above used the Code formatting because this forum would otherwise truncate the URI)

"prefix13chars" is 13 characters long. "someword20characters" is 20 characters long. Separately each is less than, or equal to, the maximum string length specified in the FAQ; however, "prefix13chars.someword20characters" is 33 characters long (34 if the period character is included).

I'm wondering if I configure my SG account to require a prefix token then will that shorten the max length I can use for the someword token.
Posts: 43
Joined: Sun Oct 11, 2009 10:01 pm

Re: Max length for someword in alias?

Postby josh » Thu Jun 14, 2018 4:04 am

no - each of the prefix and word can be 20 characters in length

I think really long email addresses can be a pain to use, though.
Posts: 1340
Joined: Fri Aug 29, 2003 2:28 pm

Re: Max length for someword in alias?

Postby VanguardLH » Thu Jun 14, 2018 4:25 am

My concern was if the someword token would get reduced in maximum length based on how long is the prefix token. If they are treated independently then I don't have to be concerned with reduction of someword's max length. To know to whom I doled out an alias, I add an identifier in the someword token. I also add a datestamp of when I doled out the alias. This lets me know who was given the alias and when. There are times, for example, I want to contact a company and do so again later but don't want to bother reviewing aliases to see what I used before or to make sure they get a new alias next time to avoid losing their replies now by using an old alias that has expired (usecount = 0). By adding a date, I could contact a company now and a year, or more, later contact them again without concern about possibly reusing an old alias that is dead. For example, I might add a review of software at A year later, I might want to review another software product at I don't want the alias to survive for years. I don't want to have to login to Spamgourmet to make sure what I might use now hasn't been used before. So today I would use download-com061318 as someword and months later I would use download-com011419 as someword. Same place an alias is getting used but I don't have to login to check what I've used before.

I wanted to make sure that the someword token didn't get shortened because I'm already using pretty long ones, and any shortening means impacting the datestamp that I want to add. Doesn't matter to me that the username token (prefix+someword+usecount+acctname) gets really long since no real person is getting those aliases, anyway. Computers are very good at keeping accurate the content of long strings.

The only reason why I got spurred into looking at using the prefix in an alias is that I have encountered spams that do not originate from who the alias was given and the sender seems totally unaffiliated with the sender. Doesn't happen often but it does happen. The algorithm at Spamgourmet is highly simple for any hacker to obviate: once you get any SG alias, just add any random string as the someword token. Spammers harvest e-mail addresses but they also use string generators. Some even use the SMTP session to update their mailing list to find which recipients result in an error status from the SMTP server (no such account). That way, they can remove invalid addresses, so they can add others since there are time restrictions in sending out millions of turds. Spammers don't just rely on random string generators, and with SG aliases then can focus on random strings for the acctname token and then add anything they want as the someword token. As I said, I don't get many of these workaround spams but it has happened, and usually in a tight bunch (many showing up over a few days). Adding a prefix just ups how many tokens they would have to generate. Because aliases are doled out to untrusted senders, your acctname token is the vulnerability in SG: anyone getting the acctname from harvesting or sharing or selling, and they can then add ANY string as someword to get their turds delivered to you. A prefix (or watchword) ups the difficulty.

I just didn't want the someword token getting squeezed if I started using a prefix (which mandates the usecount token be specified).
Posts: 43
Joined: Sun Oct 11, 2009 10:01 pm

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 3 guests