Today it came up in conversation (i swear!) how you can use you+identifier@example.com to figure out where spam comes from. For example, if you subscribe to shashdot with the email address you+slashdot@example.com and you get spam to this address, it’s pretty obvious that someone got your address from slashdot.

The obvious problem with this is that once spammers catch on, they’ll just start stripping out anything between + and @, and we’ll be unable to distinguish this from regular email.

The obvious solution is to never use a non-plussed (heh) email address. When you give your email address to friends, you actually use you+friends@example.com (figuring out something less lame than “friends” is probably a good idea). That way, you can safely disregard any email that goes directly to you@example.com.

Is anyone doing this already? Does it cause any problems with crappy email-validation code? And is it even worth it, given how great gmail’s spam filter is?