That's a really nice idea. I think my solution is better though. If an attacker manages to access my email account, all they're going to see are PGP encrypted emails.

https://grepular.com/Automatically_Encrypting_all_Incoming_E...

They wont be able to read password reset emails or anything else in there.

I might set up a canary though, as it sounds like a useful way of being made aware of a compromise.

It'd be interesting to see how your (and other's) setup have endured actual attacks. As someone non-versed in security, I think your approach sounds great. But how does it fare when someone comes knocking?

I wonder the same thing about my setups. I have a password manager with random passwords for every site/forum that I encounter. It'd be nice to know of the efficacy of this work - has it helped me in any way? I'll never know.

Hi, just wanted to say thanks for the idea. I setup canaries on both my wife and my own accounts after your article made the rounds.

So far no hits..

I don't like this because it only works if you enable remote loading of images on your own account, which feels like huge collateral damage to me. A ton of email you receive will attempt to use this technique against you, so I've always disabled that.

In gmail you can whitelist addresses from which you allow the loading of images.

Ah, nice tip. I like it now.