If possible, use a different e-mail address for every website.

Certain website hosts allow the ability for users to setup an infinite number of e-mail addresses. While this might not seem beneficial, they also provide the ability to forward those e-mail addresses to a main account or any other account. If anything needs to be responded to someone can use the main account, but for most things it’s not necessary. Signing up for something new at a store, give the e-mail address you intend to create when you get to a "safe" network and set it up when you're at that network.

So let’s say you’re signing up for Facebook, you could setup an e-mail address called fcb00k@yourdomain.com. Then if Facebook needs to contact you, then they can use that particular e-mail address. If you get crafty with your e-mail forwarding, you can make it so only certain important e-mails get sent to your mobile phone to cut down on all of the traffic that you receive. This also allows you to filter out a lot of the clutter without having a billion spam filters in whatever you're using as a mail client.

In the event of doom

If the system is hacked where you are signing up, let's say the database is hacked, and it contains your e-mail address, you’ll likely start receiving spam messages or worse, phishing messages from people attempting to trick you into giving away information. When you start to notice e-mails from fcb00k@yourdomain.com that aren’t from Facebook, then you’ll know that they either sold your name to someone else, or they were hacked. Also it will help you when you get Amex offers for your outstanding credit from fcb00k@yourdomain.com that you'll know they're likely not the real thing either.

They won't care

If they are hacked, don’t bother e-mailing them and telling them your brilliant e-mail naming convention and how you’ve noticed that you’re receiving e-mails from someone who is not them. They’re likely to send you a form letter response letting you know what spam is, and they’ll tell you that that have the best security team known to man who is working on their servers and in no way were they hacked. At some point you’ll see a press release about them being hacked, but rest assured it had nothing to do with you. It was likely do to some normal operating procedure that they were able to find the issue. Public relations, IT, and web operations rarely interact in most companies in regard to user feedback. That’s just how it works.

Fixing the issues 

When a site is hacked, because you're using this really cool method, then you only have to worry about changing that one e-mail address to a new one, (in order to stop the spam), then you can go on about your day. Oh yeah, change your password too. If they got your e-mail address they likely got your encrypted password, which is likely no longer encrypted.

How to Protect your Google Accounts

I went into Google a few months back and viewed the plethora of information they have collected about me over time using information from domain names, social media accounts, browsers, email clients, and public record. It was alarming (but understandable). Use the internet for 20 years and you’ll have a backlog of info you’ve provided too. Two days ago I had to add yet another Google Analytics profile to my account. When I logged in, I saw the scrolling list of domains, and then it occurred to me that while I take precautions, many of my clients (who I also provide access to their sites via Google) might not take the same safety measures when it comes to protecting their Google accounts.

The method I use is called Two-Step verification. In short, to add another device (computers, phones, etc) I have an app [Google Authenticator] where I’ve already been authenticated. That app gives me a code that changes every 30-40 seconds, when I’m adding another system I simply open my phone, enter the code, then I’m verified. If I don’t have my phone on me, or someone else is trying to gain access to my accounts, then Google can prevent the access from that machine (if I’ve not yet used it).

Food for thought

One of my clients had to send out an email today along the lines of “Please ignore the last email to you from my email accounts, it was someone else.” That’s scary. While most other people might use Google Apps or G-mail, Google is striving more and more daily to make their accounts all seem fluid. So if you’re writing on Blogger, you’re using the same account you check your e-mail with. If you’re shopping with Google, then it’s the same account. If you’re posting messages on Google+, then its the same account… domain contacts, corporate email management, Google Analytics, and Webmasters access… not to mention anywhere you’ve logged in with your Google account as an OpenID. It’s sort of like making your Google account the holy grail of all things to hack. Google has the infrastructure to protect a lot of the attempts, but if you don’t take the time to enable the provided features (like two-step verification), you may find yourself the victim of more than identity theft.