Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# ASP.NET
Hello, please does anyone have an idea how to implement the craiglist kind of email cloaking techniques that generates temporary email addresses for the buyers and sellers to use for communicating only if the post is still active. I intend to use a shared host to carry out this task. The users should not access the message through the website, messages will be forwarded to their real email addresses via an address mapping table.
 
Any help would be appreciated. thanks.
Posted 11-Jan-13 2:56am
Comments
joshrduncan2012 at 11-Jan-13 9:13am
   
What have you done to accomplish this task so far? We can't help you unless we see any attempt on your part first.
jaspadee at 11-Jan-13 9:46am
   
I have created a table message with columns: Id, PostId, RealBuyerEmail, FakeBuyerEmail, RealSellerEmail, FakeSellerEmail, Subject, Body, Date.
I use GUID to generate the fake emails. for example a buyer email will be like "b." + GUID (the generated GUID) + "@mydomainname.com"
I just want a real help/insight about using a pop3/imap to fetch from my catch all email inbox to the tables and distribute with a stored procedure (with cursor) effectively without delays and provision for error handling and recovery.
In addition to my post, the real emails of the buyers and sellers are collected during reply or post respectively. I map the fake emails to their real emails in order to redirect the email to their real email addresses.

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

By doing what you do may face some major hassles with this e-mails. I would advise you to do something completely different.
 
Let your customers to register with their own e-mail addresses and change those addresses by themselves. Now, the critical point: you should guarantee that you never expose those e-mail addresses to anyone and never use any of those e-mail addresses outside your site, no matter what happens. In your site, develop a site-wide messaging system, based on member authentication, with private and public messages, whatever you want. As to the "real" e-mail addresses your members should trust you, use them for just one purpose: to send your customers the notifications. That will resolve all your problems.
 
—SA
  Permalink  
Comments
Sergey Alexandrovich Kryukov at 11-Jan-13 14:23pm
   
I do understand your concern, but the strategy I described is most widely accepted and is considered safe enough; the potentially customers easily accept it and follow.
I suggest you still consider it, to stay out of trouble. What you want and describe is not necessarily what you should be doing.
 
But of course, you finally decide. Anyway, what prevents you from implementing your strategy?
 
—SA
jaspadee at 11-Jan-13 15:59pm
   
You are talking about opt-in and opt-out privacy laws and I am asking for possible solution to solve a technical problem. We are going 2 different ways and even wasting more time. If read my posts serially and the comments, you will see that I have even taken the users privacy into consideration and that is why I need to implement a system that hides their email even when communicating with other people. rather they use my temporarily provided email to communicate for the purpose of my service only. What is so difficult to understand.
Please lets make every post on codeproject and every other forum meaningful and not just posts.
Sergey Alexandrovich Kryukov at 11-Jan-13 17:29pm
   
No, absolutely not. You misread my idea completely!
 
You should try to see what I'm actually saying, and not what you think I should be saying! Do you see the difference?
 
And naturally, the rest of your comment is addressing anything, but not the idea I tried to conduct; it looks like you are arguing with some imaginary opponent. This is not me. I don't know even how can I continue the dialog. I can only advise that you read it again from my text and not from your imagination. What I say have nothing to do with opt-in/opt-out, whatsoever. In this design, you never need to hide any e-mail address just because you never expose them in first place, you don't even use them for communication between the members! How can you possible fail to see that?
 
—SA
Sergey Alexandrovich Kryukov at 11-Jan-13 18:05pm
   
Thank you very much for understanding the issue. This is the problem: you are preoccupied with the idea of dominant use of e-mail.
 
When you list your chores to be done, you already confine yourself in this concept. I can tell you what's wrong in it: e-mails are not designed to be safe in first place. Can you see it? Not safe at all, no matter what you do with this. My idea is: restrict the use of mail messages: they are either never used, or used for one and only one purpose: auto-generated message for notification purposes. By the way, it can be optional.
 
Right, lets consider this first: no e-mail at all. Isn't it logical? The only really safe things on the Web is the access of the messages via HTTPS (not even HTTP which can be eavesdropped) and authentication on the HTTPS page. Come from this point, and you will see that this is the right thing.
 
Let's see your items:
 
1. Create a catchall mail box on my smtp server.
No e-mail, no SMTP (SMTP is not safe, isn't it obvious?).
 
2. Catch all emails and save in that inbox.
No e-mail, members messages area instead of inbox, totally safe.
 
3 I want to fetch the unread ones as the hit the inbox into the ms-sql message table that maps the message to the ideal recipient and still withholds the identity of the sender too
Same as above
 
4. If sending failure occurs, queues up for resend trial.
Messages are stored on server, can be retrieved on member request, deleted, etc. No e-mail.
 
5. Run these procedures automatically as messages hits my catch all smtp inbox.
No e-mail, no SMTP, no need in those procedures.
 
And, only on top of this all, optional e-mail messages are possible, only for notifications.
 
Better now? :-)
 
—SA
Sergey Alexandrovich Kryukov at 11-Jan-13 18:46pm
   
By "safe" I mean, in particular, the possible leak of the e-mail addresses you seemingly do care about.
 
Make no attempt to make you change? Sure, if you say so.
Go straight to the point? No thank you, because I don't think this is a right point. You did not convince me so far, and I never do anything I consider as wrong. Look, I can see much more ill-posed problems than the problems difficult to solve.
 
"Let's work on solution"? No, thank you. You should clearly understand that this is only you who think that you need to be "satisfied" this way. I honestly trying to offer you decent help, but if you don't accept it, you are on your own. If you convinced me, I would keep trying to help.
 
—SA
Sergey Alexandrovich Kryukov at 11-Jan-13 20:01pm
   
This sounds just rude. You have no grounds to say so.
 
And and all you further considerations are not based on anything rational. You feel offended because my comment demonstrate some of your incompetence. There is nothing wrong with incompetence, but the attitude is very important. To play an "offended" or "insulted" card is a big weakness. Guess who is a looser here? It you tried to understand and avoid you arrogance, you would look decent. It's very counter-professional to turn discussion to the personal note as you did.
 
Please keep to technical and scientific issues, where is no place for personal or emotional characteristics, speculations on intend and other non-falsifiable statements.
 
Unfortunately, I know pretty well how to help you, but probably don't have a chance. To me, personally, this is not more then a bit of wasted time though.
 
Wish you a best of luck,
—SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web01 | 2.8.140721.1 | Last Updated 11 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100