 |    |
Frequently Asked Questions
About SaferSignup
Troubleshooting
Challenge/Response
Is your question not answered? Then please contact us.
|
About SaferSignup
What is SaferSignup?
SaferSignup helps you prevent future spam and also fight spam you are already suffering from.
 | How to prevent future spam by creating a new e-mail alias for each untrusted communication partner |
| How to fight spam you are already suffering from by using Challenge/Response aliases |
How do I prevent spam with SaferSignup?
By giving out e-mail aliases instead of your real e-mail address, you can control who is allowed to send you mail, and as an added benefit, you can later see who shares your mail address with spammers (if this happens).
| Register with SaferSignup if you haven't already done so. |
| Whenever you are asked for your e-mail address by someone you don't know yet, you can now make up a new alias address just for this new communication partner. At first, mail that is addressed to this alias will reach you, but you can block it later at any time without affecting your reachability for other people who use different aliases or your real mail address. |
Can I do something against spammers that already know my real address?
Yes. If you have an e-mail address that is already on spammer lists, but you would like to keep using it without getting spammed, forward all mail from that address to a SaferSignup Challenge/Response alias and from there to a new e-mail address that is currently free of spam.
Follow these steps:
| Let us assume that your spam-infested e-mail address is bruno@walter.com. Also, let us assume that your SaferSignup user ID is brunowalter. |
| Create a new e-mail address under which you can also be reached, using your current e-mail provider or some other provider (not SaferSignup.com). Let's assume that second address is bruno2@walter.com. |
| Enter bruno2@walter.com as a protected address on SaferSignup.com. |
| Create a SaferSignup alias pointing to bruno2@walter.com - let's call it spamfilter.brunowalter@safersignup.com. |
| Change this alias into a "Challenge/Response" alias. This means that only people whose sender address is on your personal whitelist can reach you by using this alias. Senders who are neither whitelisted nor blacklisted will then receive a challenge e-mail to which they need to respond. By doing so, they can put themselves onto your whitelist and, from then on, reach you. |
| Make sure that all mail that is addressed to your original address bruno@walter.com is forwarded to spamfilter.brunowalter@safersignup.com. |
If you would like to spare your friends the hassle of having to respond to the challenge before they can reach you, you can export your address book as a CSV file (e. g., Thunderbird offers this option) and import the whole list at once into your whitelist.
After doing this, your current contacts will be able to reach you under your old address bruno@walter.com just as before. Spammers, however, will not feel like responding to the challenge mail, so they won't reach you. Legitimate new contacts can still reach you after responding to the challenge mail.
What if a spammer puts himself on the whitelist by responding to the challenge?
You simply switch him to "blacklisted". After that, he can't whitelist himself anymore. You always have the last word.
Is SaferSignup an e-mail provider?
No. SaferSignup allows you to define lots of e-mail aliases and receive mail that is addressed to them at your existing e-mail addresses. This means that you don't need to change anything about your current way of using e-mail in order to benefit from SaferSignup spam protection and the possibility to have one e-mail forwarded to multiple recipients at the same time.
Does SaferSignup threaten my privacy?
SaferSignup is designed not to persistently store any e-mail for you. There are only three possibilities: your mail gets forwarded to your protected address, it gets bounced (returned to the sender as undeliverable), or it gets accepted and deleted, depending on what you have configured.
Therefore, the only information about you that SaferSignup persistently stores in its database is your SaferSignup user information (username, protected addresses, possible your blacklist and whitelist etc.). Even if someone manages to hack into SaferSignup.com (or, even worse, law enforcement officers visit us and demand information about you), not more than that can be found out about you since not more is stored about you. In particular, we do not store any e-mail, not even for the purpose of quarantaining mail that could be spam.
|
Troubleshooting
I deleted an alias. Why am I now receiving mail that is addressed to this alias?
It's not a bug, it's a feature. If mail arrives to an alias of yours that does not exist, that alias is automatically created, and the mail is forwarded to the protected addresses you have specified to be "active by default". Because of this, you can invent a new mail alias whenever you need one and start using it immediately, without first logging in on safersignup.com.
To block mail that is addressed to one of your aliases, do not delete this alias; instead, set it to "bounce" or "delete".
Even with the free basic account, you may have as many blocked aliases as you need, so there is no real need to delete aliases.
I created an alias containing some capital letters. Why do they all show up as lower case letters?
Like most e-mail systems, we treat an address with upper case letters in exactly the same way as the same address with lower case letters. To reflect this, we only store lower-case versions of all addresses, including the alias part.
If your alias is, for example, SomeAlias.someuser@safersignup.com, it will be shown as somealias.someuser@safersignup.com in your list of aliases. But e-mail that is addressed to SOMEALIAS.someuser@safersignup.com, SomeAlias.somEuSER@safersignup.com, or any other combination of upper case and lower case letters will still be processed correctly.
After logging in, some menu items disappear, but I still can't access my account. I don't get the "wrong password" error message, though. What is wrong?
After logging in, we need to keep track of your session by storing a cookie in your browser. With some browsers (e. g. Firefox), you can allow or deny cookies based on the website's domain. So, please allow cookies at least from safersignup.com (or safersignup.de) if you want to log in to your account.
If someone knows my safersignup username, they can spam my account by generating new aliases. Can I prevent that?
The SaferSignup system can be configured so that for a selected account, mail to new aliases is bounced or deleted and no new alias is created. To keep the user interface simple, this is currently not configurable by the user. But as soon as the first customer actually has this kind of problem, making it available will take us only a few minutes of work.
|
Challenge/Response
What exactly do Challenge/Response aliases do?
Unlike the other types of aliases, Challenge/Response aliases do not treat all incoming mail in the same way. Rather, they forward mail from whitelisted senders to you, bounce or delete mail from blacklisted senders, and challenge unknown senders, thereby giving them a chance to prove they are human and deserve to be whitelisted. This can be used to get rid of spam that is currently sent to you.
This is how it works:
| Alice is not known to Bob and has never sent mail to Bob. |
| Bob has a challenge/response alias: cr.bob123@safersignup.com |
| The first time Alice sends an e-mail to cr.bob123@safersignup.com, we refuse to accept this mail and, in the delivery failure notification, explain why and what to do about it. The challenge for Alice is to either send an e-mail to a special SaferSignup recipient, whose address is given in the challenge message (in the delivery failure notification), or click on a link in the challenge message. Most spammers will be far too lazy for doing that, so chances are that only real humans would do it. |
| Once Alice has clicked on the link or sent mail to the special unlocking address, she is put on a whitelist, and will be able to reach cr.bob123@safersignup.com. However, she will have to send her original message again. |
| If Bob does not like to be sent mail from Alice, he can log in to his SaferSignup account and change Alice's status from whitelisted to blacklisted. After Bob does that, Alice cannot whitelist herself again. |
For more details, see the following questions.
Isn't "Challenge/Response" a bad idea because it leads to even more e-mails being sent? Especially if a spammer enters an innocent third person's address as sender, won't that person be inundated with challenge e-mails?
Our trick is that the challenge is not sent as a normal e-mail. Instead, we simply refuse to accept messages from unknown senders if they are addressed to a challenge/response alias. The challenge is put into our error message that explains why we refuse to accept the e-mail, which means that the sender gets it as part of the delivery failure notification. So, we never send an e-mail containing the challenge, and therefore, our challenge goes to the computer from which the message originates (since that computer is talking to our computer trying to deliver the message), not to some random third person whose address is entered as the sender of the original message.
Why do I have to re-send an e-mail after putting myself onto the whitelist? Shouldn't that mail be stored by SaferSignup and then released once I have proven that I am not a spammer?
For several reasons, we do not store any e-mails on our server:
| Only by never accepting mail from an unknown sender, we can make sure that we don't inundate innocent third parties with challenge messages. Spammers frequently enter valid e-mail addresses of random people as sender address. By only sending an error message containing the challenge message to the computer that is trying to deliver a message, we make sure that we challenge the right person. If we would accept the mail before sending the challenge, we could only send the challenge to the address that is entered as the sender, and that would not necessarily be the correct one. |
| We don't like the idea of storing your mail since we should not be able to read your mail. We want to respect your privacy as much as possible and make that as verifiable as possible for you. Also, we don't see our role as that of an e-mail provider, but just as the provider of powerful anti-spam tools that can easily be combined with your existing e-mail solution. |
As a result, there is unfortunately no way around the inconvenience of having to send the original mail again after being whitelisted. The good thing is that this happens only once. When you are whitelisted, you can reach the recipient without any additional hassles.