A strategy for hiding the sender's
email address from the recipient. A database would be a good method
to do this, just use an alias or generate a large random character
string and replace the sender's email with it:
you receive:
From:
dontseeme@privateplace.com
To:
somedude@somedomain.com
Subject: Test Message
generate and put something like this in your database...
biglongstringofnonsense =
dontseeme@privateplace.com
and the outgoing mail will look like...
From:
biglongstringofnonsense@mlfolk.com <-- replace mlfolk.com with
To:
somedude@somedomain.com your domain name
Subject: Test Message
When the reply comes back as...
From:
somedude@somedomain.com
To:
biglongstringofnonsense@mlfolk.com
Subject: Re: Test Message - hello
you look up "biglongstringofnonsense" in the database and then return to sender
From:
somedude@somedomain.com
To:
dontseeme@privateplace.com
Subject: Re: Test Message - hello
=================================================
If you use a random string, use large (~20 characters) nonsequential
strings. Keep in mind email addresses are not case-sensitive, so only
use upper or lowercase letters. Log any invalid addresses so you can
debug, resolve and track hacking.
If, however, you want to avoid a database implementation, you'll need
to use a strong two-way encryption algorithm (i.e. not a hash). I'd
use AES since it's in the public domain and included in the .Net
classes. Just salt and encrypt the sender's email like this:
sender:
dontseeme@privateplace.com
add salt to get: !@#$dontseeme@privateplace.com
now encrypt to get: biglongstringofnonsense
send email from:
biglongstringofnonsense@mlfolk.com
[ ... some time passes... ]
email comes back addressed to:
biglongstringofnonsense@mlfolk.com
strip off domain to get: biglongstringofnonsense
decrypt to get: !@#$dontseeme@privateplace.com
remove salt to get sender:
dontseeme@privateplace.com
=================================================
The database method is nice because you can use an alias in place of
the sender's identity. That way the recipient knows who he is talking
to but just doesn't see the email address. This is common in online
chat forums and dating sites. The encryption method is nice because
it requires very few resources and is not prone to failure should the
database become unavailable.