A security concern has come to my attention, and I thought I'd post about it for the public benefit.

Paid users on LJ and its clones, and on DW, get a "email address" shaped like username@service.com. This is not an actual email account, but I have yet to find out whether it's a simple redirect to your account email or an instant message handle or both. At any rate, it is, as you might imagine, a bit of a spam risk. What could be easier than harvesting usernames and slapping @service.com on the end? It was probably some spammer's weekend programming fling years ago.

I have little doubt that there are anti-spam measures surrounding this "address", for exactly that reason, but every little bit helps, and you can still hide it (on all services) or choose not to use it (on DW).

On LJ and Clones, look under the Edit Profile page (http://www.livejournal.com/manage/profile/) and go down to the Instant Messaging section. Right up at the top, on the LJ Talk line is the address in question and a checkbox to show or not show it.

On DW, go to the same page and look under Contact Information; you can set your email address field to show any combination of your system email and/or the alias, or nothing at all. Then go to Account Settings > Privacy (http://www.dreamwidth.org/manage/settings/?cat=privacy) and look at the first line, about your email alias. You can choose whether or not to receive email at this address at all.

Date: 2009-08-09 04:28 pm (UTC)
zarhooie: Girl on a blueberry bramble looking happy. Text: Kat (Default)
From: [personal profile] zarhooie
It's a simple forward, and on LJ you can use it for your LJTalk handle.

Date: 2009-08-09 05:55 pm (UTC)
zarhooie: Girl on a blueberry bramble looking happy. Text: Kat (Default)
From: [personal profile] zarhooie
Security by obscurity is only an option for... well, nothing, really.

