Slashdot Mirror

See if they have a way to *change* your email address. If so, sign up for a service that offers temporary emails, like sneakemail. Replace your real email with the temporary one. Respond to any email you get verifying it. Then delete the email address.

I haven't gotten any yet, although I have done business with a few. If anything this is a reminder that services like Sneakemail exist for a reason.

I've been using Sneakemail for years now. The concept is the same, and it really works well. I love being able to delete an email address that someone started spamming, after they got my address by making me sign up just to get a quote for some service I never ended up buying anyway.

You don't even need to register a throwaway address for Hulu or sites like it. Enter bugmenot, savior of the net.

Bugmenot unfortunately lost their courage a few years ago when they changed the way they function. I suspect they were threatened by a lawsuit. Now, any domain or site owner can request that bugmenot exclude their site from participating, and I've found that so many of the popular ones do that it's lost all practical value for me.

I now use mailinator for all my throwaway registrations, then if I care in the least I change the password just in case someone else reads from the same random email name that I did. I usually don't. For more "durable" sites where I'm likely to participate over a longer time, I'll create a unique sneakemail address and keep them around forever. When something like the Gizmodo breach happens I simply flag them as spam, and they plonk all the email from them for me. I've had to do that a couple of times now. I find their service is well worth the $24/year.

done.
boy am i glad i used an email address proxy when i registered w/ monster.

Yeah you are right, it isn't convenient in all cases, but it works brilliantly on websites which require you to provide an address, and for people who are ... not so computer savy... Also works great for banks, paypal etc - the emails I get from them need to use the address I gave them - that's a nice way to quickly identify most phishing attempts.

Regarding BugMeNot, it's brilliant. As far as easy to use, I have the Firefox extension. It reduces using BugMeNot to a simple a right click on the username field (or whatever) and select "Login with BugMeNot." It automatically fills in the username and password, and submits the signon request. It saves me the time of going through the signup process with a null or fake email address, and it saves even more time and trouble when the signup process requires email confirmation.

If I'm wanting a bit more uniqueness than BugMeNot provides, I frequently use the Mailinator. It doesn't require me to create a throwaway account in advance, I can make up any address I like on the fly, such as player@mailinator.com, then I go and check their web site to answer the signup confirmation email. Don't use this for anything secure, as there is no security!

Finally, for those sites where I really do want to have a long term relationship (like Slashdot), I use Sneakemail to create a unique email address. If the website proves untrustworthy, I just delete that email address. I've had some Sneakemail addresses for over five years now!

I have to say I like the idea of a 10 minute window. Several hours means I can't really use it to have them send me passwords, as I frequently have name collisions at Mailinator.

In the same vein, I dislike the lack of a "roll-your-own" email address that Mailinator offers. With Mailinator, I can simply type john@mailinator.com and not worry about visiting Mailinator's site first. With TMM, I have to hit their site to get the randomly generated mail40367@10minutemail.com address (and yes, they're slashdotted at the moment.)

Sneakemail also offers a similar service. I haven't tried SpamGourmet, but I am quite happy with Sneakemail. The thing I like best is that having a unique e-mail address for each website I visit lets me know exactly where the spam is coming from. Sneakemail also lets you use filters to control who is allowed to send mail to an address, but if you start getting too much spam from a particular address, you can deactivate or even delete the e-mail address and generate a new one. As I mentioned in a previous thread, until a friend submitted my real e-mail address to a fake friends-network website, I was getting no spam whatsoever.

Sneakemail's basic service is also free, but I pay a nominal amount (something like $2 a month) for a premium account because I like the service and I want to support it.

I use Sneakemail. For those who are not familiar with the service, it allows you to generate unique, disposable e-mail addresses (I have different addresses for each site/contact). That way, you can immediately see where the spammers got your address, and if the spam gets too bad, you can deactivate/delete an address and generate a new one.

Until a friend gave my real e-mail address to a fake friends-network site (grr!), I never got any spam at all. Now I'm thinking about changing my real address because the amount of spam is just getting ridiculous (even with filters).

Another good option would be to use http://sneakemail.com/ You can generate addresses there each time you need to specify an email address - all the mail to these addresses will then be forwarded to your main account. If one of the addresses starts to bring in spam you can just remove it - and you know who caused the problem, too.

For sites that need a "real" e-mail address to get in touch with me, I use http://sneakemail.com/ Everyone gets a unique address, so when the spam hits, I know where the spammer found the address. If someone starts abusing the privilege of being able to communicate with me electronically, I shut off the e-mail address, as one of my credit card companies discovered recently. All in all a very useful service for those of us that are too busy to set it up for ourselves.

I love using Sneakemail for hiding my real email address much of the time. It's great for reducing spam, too.

I use loop-AES to encrypt my hard disk.

https://sneakemail.com/ will also allows you to create "throwaway" email addresses.
They have a free service, and a very inexpensive pay service (like $2/mo or something).

If you don't want to bother creating/deleting emails in your own domain (or for those without personal domains), I've found these services to be very useful for this sort of thing:

http://www.spamgourmet.com/
http://www.sneakemail.com/
http://www.mailinator.com/

"When I get email I think about where I have bought stuff from recently, to make sure I didn't forget to opt out of something."

As someone else in this discussion mentioned, time is your most valuable resource. You can't get it back, end of story. Thinking about who you may have forgotten to opt out of takes a bit of time and is, generally speaking, irritating. Remove the thinking and use a website like sneakemail.com and save yourself some time. By creating a new disposable e-mail address every time you create a new account with an online reseller, you remove all the guesswork. You receive a spam, and you know it's from one of two places. A) A mass-mailing using random e-mail addresses, or B) An e-mail sent to you from someone you have given your e-mail address to in the prcoess of doing business. Most spam of the 'A' type are blocked before you even see them. Even Yahoo! has gotten to the point where I only see about one of these a month. The spam of type 'B' will be labeled with the name of who you gave your e-mail address to. You know where the spammer got your e-mail address. The business either sold it, or had it stolen. If you wish to continue doing business with this person, you can contact them about the problem, or you delete the disposable address and never hear from them again.

Personally, I no longer have to deal with spam. Not even my bank has my real e-mail address. Neither does Slashdot for that matter.

Entertaining for a moment the fiction that, in some parallel universe, I might actually want TV advertisers to have my contact details, I can still see some major problems with this.

The Yahoo! article speaks about sending your 'contact details' to an advertiser: the Slashdot poster interprets this as meaning 'email address'. The question is, "which email address?". I currently only use tagged disposable addresses (of the kind supported by SneakEmail, for instance) for communication with companies. This allows me to dump them if the company sells them on or won't take 'unsubscribe' for an answer. It also fingers the culprit if the address does get abused. So I'd like my hypothetical TiVo to let me specify the address that I want to send to each advertiser.

But if I can do that, then that opens the door to all kinds of abuse. Think of the fun I could have by entering the address of the person who last flamed me on Usenet and then spending the evening clicking through ads on the crappiest channel I can find. So my guess is that if TiVo supports sending email addresses, it will only send the user's address as registered with TiVo, making it impossible to figure out exactly which piece of sneaking mainsleaze scum sold that address to every mailing list company on the planet (and meaning that when I'm eventually forced to abandon that address, I lose contact with all the advertisers I did want to hear from).

This is part of a larger question: which information will it send to advertisers. My guess is that it would send a complete 'packet', including phone, physical address and email. What if I want an advertiser to email me, but not to phone me? Or if I want them to send their brochures to my house (at some measurable cost to them) but not spam my inbox (at negligible cost) four times a week? I'd hope there'd be some way of releasing information selectively, but I wouldn't be surprised if there wasn't.

If I owned a TiVo the first thing I'd do would be to disable this feature, and the second thing I'd do would be to enter garbage data in all the fields I could, just in case.

This is already done. It's called graylisting. Here's a website about it. Basically, you examine the unique combination of sender, recipient, and IP. The first time they connect, you return a "temporary failure" message. You continue doing this for a period of time (maybe about one hour), and then you accept the mail. The idea is that spammers, who use bulk-mailing programs, won't have the time or reason to resend a message, but that normal, well-behaved mail servers will. (This also means graylisting has to be employed on the mail server where the mail gets in. Once a "real" mail server receives the message, graylisting can't help.) I use Sneakemail, which is similar to Spamgourmet but a little more featureful, and it offers optional graylisting of addresses. I've used it on the (not spam armored) address posted on my website/blog, and it has filtered every piece of spam so far.

This is why I use sneakemail for every registration I ever enter. Sneakemail is a (free) mail-forwarding service, that will generate an unlimited number of randomized email addresses, and forward them to 1 of 10 of your addresses. Every forwarded mail has a tag (specificed by you) attached to the subject for easy filtering. The 'From' addresses are mapped os that a responses from you gets sent to sneakemail (where it gets re-sent back to the recipient with the 'random' e-mail address (and all header information removed). In other words, sneamemail is a kind of anonimizer proxy for email. I like this service because (a) I never have to give out my real email address, (b) I know which sites are giving away my email address, (c) I can disble, block, or delete an email address that is being used for spam, and (d) it makes it difficult for anyone to associate an email address to me (In the cases where I don't want to give my real name). Admittedly, you can accomplish all of the above if you have your own domain name, and create addresses for every account (except that (d) becomes a bit harder, as it requires fake information in your domain registration). This is superior to throw away email addresses, which only work for (a), and which if you ever need to receive email from them (say because you lost your password, or they use email as login) you need to remember the address somehow. I can always log into sneakemail and see a list of all the addresses I have, neatly categorized.

Sneakemail is you friend.

http://www.sneakemail.com/ does the same thing for free. I've been using it for a long time, works really well.

You and I know that there is nothing of great value on the internet that requires a hard drive, but the average user doesn't. Do you know what the number one complaint I got from my Mom after I switched her to Linux? That she couldn't run all the neat programs that her friends downloaded.

Also, that doesn't address the spam issue. The best solution by far I have found for that is http://sneakemail.com/. Before sneakemail, I personally received over 70 spam messages a day. Sneakemail lets you create a different disposable email address for every website you give your email. I have over 100 currently active email addresses now, and get virtually no spam. Well worth the $2 per month (they have a free trial too).

And use the spam armoring feature on slashdot and other forums! Without it, it takes less than a day to start receiving spam on a fresh slashdot email address. With armoring active, I only have to change my slashdot email about once a year.

It all comes down to education. The deeper one delves into the internet, the more one needs to be educated about the dangers and how to avoid them. Unfortunately most people will not listen until their computer is completely unusable, and then forget as soon as things are running nice again. I am astounded at what people shrug off as being normal performance and what dangerous actions are seen as harmless.

One wonders why they even bother collecting them if they don't validate them, they don't use them to contact you, and they don't sell them.

I've been a long-time user of SneakEmail and I cannot praise it enough. It has exactly the required feature set and is very handy. I highly recommend it to everyone concerned about e-mail privacy and I urge people to donate to support it (it is free but donations are welcome).

But that's not what I really want to tell you. There are ways to (at least partially) "authorise" your bank (or anyone else) to send you mail). I gave my bank a SneakEmail address that forwards the bank's mail to me, so any email from my bank has to come through this address, that is not published. The probability that a phisher can randomly produce it is very low. The only thing you need is an unpublished address that's very unlikely to be forged, and you can then have a reasonable level of sender authentication.

Now if this is not enough, consider VarA ("Verified And Recipient Authorized"). The details are not really important. The idea is that existing sender identification schemes can be used with unique recipient addresses: so say your bank published an SPF record (not that I endorse SPF as an anti-spam technique...). Then you can give the bank a unique email address, and then whenever email is received for that recipient address your server makes an SPF query on the bank's doamin name: the receiving address triggers a check that the email came from the allowed sender's domain. To be able to do that you'd need server software that does it, but then it's all doable on the recipient's side, no need for sender's cooperation. The sender just sends email to the address the intended recipient provided. No interoprerability issues. Anyone who wants to implement it on their servers can do it now, and there's no need for unifirmity: in fact, diversity in the way it is implemented is an advantage, as a uniform implementation is a bigger target for those who would want to circumvent it.

It will still get harvested... but you'll probably only have to cycle it a couple of times a year. The three or four spams a year that'll get through is probably negligible.

This is a good strategy for /. email, too.

Or use sneakemail.

Fine, then everyone can use disposable e-mail addresses.

I use sneakemail to have unique addresses with a label for where I used it. All the addresses point to my main one so it's easy to tell when someone sells an address. then I just kill that address and no more spam.

http://www.sneakemail.com/ It's free, you can make as many addresses as you want, and when one starts getting spammed, just delete it. Use it for your own Web site; when it starts getting spam, delete the address, make a new one, and put the new one on your site.

http://www.fastmail.fm/Best e-mail provider, IMO. Their paid accounts can't be beat for price or features. Excellent uptime and service. I use them to host my own domain. Catchalls, custom server-side Sieve scripts, and several free aliases on their own domains too. Good SpamAssassin filtering too. You can try out a more limited free account too.

But yet again, I would have to sign up for *another* site, give them my email address, etc for more spam to come through.

Use sneakemail and if they give your email address to spammers, you can turn it off, and you know who sold you out.

I was going to post a comment on low power FM, but searched to see if it would be redundant.

I think it is an idea who's time has come, and as an anarchist I won't be happy until everyone and their grandmother's dog has their own low power FM station.

I'd also like to jam the top 40 station with music like Skinny Puppy, but I doubt the chairman would be sympathetic to that desire.

The airwaves are supposed to belong to everyone so while there is bandwidth available there is no excuse not to permit it. (Other than big media not wanting competition.)

I might also say that we should just get over it as far as bad words go. Do you know why bad words are bad? I've heard that it goes back to either the Anglo or Norman invasion, and the peasant class still used the Saxon language. Bad words are seen as bad because they are Saxon words. In effect, the banning of these bad words amounts to anti-saxon racism!!!!

(Excuse the bangs, I guess I'm trying to be funny and serious at the same time.)

What do they block? It would hardly be possible to block people using their own domains - there are so many different e-mail services that they cannot be sure whethere it is a domain of an e-mail service or someone's own domain, and they hardly want to lose customers who are not able to register.

Now, as soon as you can use your own domain, you can track them. Maybe they block amazon@..., but you can track them with any string. It would be much better to use a more complicated e-mail address, anyway, otherwise you never know if you get spam because Amazon sold your address or because of a dictionary attack - it could even be a joe job, an enemy of Amazon sends lots of spam to amazon@ at many domains, and many people who use that system for tracking will think it's Amazon's fault.
Of course, if you use something more complex than just the name of the company, you have to administrate a list of e-mail addresses with data about who you gave them. Therefore, I think it is easier to use services like Sneakemail or emailias, there you can create as many e-mail addresses as you want (at their domain, not your own), and there are easy web interfaces to administrate the aliases, the e-mails will be tagged when forwarded to your address and there are lots of options.

But if you don't want to use such a service and have domains of your own, I recommend to attach at least some random string to the addresses, e.g. to use guo89wz_amazon@..., guo89wz_companyx@, guo89wz_companyy@... (to make it easier to remember, it can always be the same string). That way, you can at least assume that something went wrong at the company in question (selling the address or they were hacked) and dictionary attacks are not likely (of course, those of companyx with which you registered could guess the alias you have for companyy - so, it's still a bit problematic, using real random strings would be better, and services like the ones mentioned above facilitate this).

It works like this: sneakemail allows you to generate lots of addresses which all get forwarded to your main email address. So once an address has been captured by spammers you can just delete that address, tell your offending friend to be more careful in the future, and create a new address for them. That's a good opportunity to tell them about bcc, too.

Info about sneakemail.

4) Don't give your friends your email address

Then really why do I have an email addy in the first place?

Indeed. My personal information costs $0.99

Actually, the price varies depending on who you buy it from, how detailed it is, the number of people on the list you buy, and how specific of a demographic the list targets.

I'm not overly concerned about getting free coupons for ice-cream in the mail. I doubt they'll sell my e-mail address, but if they do I'll know it and close that particular sneakemail account. Giving my work number or a fax number works for keeping telemarketer's from bugging me.

Go to Sneakemail and sign up. It makes life so much easier.

Sneakemail works similar in some respects although the email addressess they give you aren't as nice. One advantage is that they forward email to your real address.

That's assuming you don't use Sneakemail and have thousands of disposable addresses to hand out. Or, assuming you meant the password to the e-mail account itself, you would need the adresses to the mail servers (POP3 or whatever); and of course, the sender's private key (who doesn't sign their mail nowadays?).

Here's what I use:

Sneak Email

Don't fear spam from shopping online ever again.
The original disposable email service. Regain power over your inbox from commercial forces, and catch them spamming.
Fully user supported and operating free of exploitable commercial ties. No debt, no operating loss, fully self sustaining... a virtual vault for your email address.
Now with version 2.0 free and premium services.

Quick start: three easy steps to total spam control.

1. Create an account: Providing a username, a password, and an email address you wish hidden from spammers.

2. Every time you need to give out your email address to somebody you don't trust, log in to Sneakemail and create a new Sneakemail address.

3. Give this Sneakemail address to them instead.

Mail sent to this Sneakemail address is rerouted to your real address, and when you reply it is rerouted back to the sender. Your real address is never seen. If you receive unwanted mail through this Sneakemail address, such as spam, you can take control by either filtering incoming mail using the Sneakemail filters, disabling the Sneakemail address itself, or disposing of it permanently. You also now know where a spammer got your address.

You now know all you need to know to protect your inbox from the internet by using Sneakemail.

Ummm, have you tried Disposable Email Addresses? They can do most of what you're talking about, including many-many addresses and changing your replies back into the original address. I use and prefer Emailias, but there are several around:

Emailias Sneakemail Spamex

Those who do not own their own domain can accomplish the same thing using disposable addresses available from services like SpamGourmet or Sneakemail.

sneakemail and spamgourmet are two services that let you do this sort of thing. Sneakemail creates addresses that are good until deleted, spamgourmet lets you create sddresses that are only good for x number of emails (where x is up to 20). I use both, and only get spam from spammers that have managed to guess my email address.

I personaly use both spamgourmet, and sneakemail.

but will not allow private parties to sue spammers

Just to be sure, and because I'm too lazy right not to read through the legalese.... does the law explicitly prohibit private parties from suing spammers?

And then, what about state laws, I already read a comment that quoted: "This Act supersedes any stat-ute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto."

but if an exception to this is rules that prohibits falsity or deception etc. would that mean that states could allow private parties for fraud and deception?

And how would this affect a private party from suing for a Denial of Service attack, which could be considered above and beyond "use of electronic mail"?

If this does limit spammers to using legitamite email addresses then at least I can update my procmail scripts to bounce email from entire domains that spam.

Regardless, I'm thinking of implementing a whitelist/greylist system.

And if I had a clean email address what I would do is not give out my real email address to anyone and use sneakemail to filter all my email. Even though I get a dozen spams a day, I still use sneakemail to see if anyone I do business with is giving away email addresses.

We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.

Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.

Something similar to what you describe is already available via Sneakemail. The concept is that they create a sneakemail.com email aliases to your real email account. So you create a label for each company who requests your email. So you would create a label called "Amazon.com" would be a good example. Sneakemail generates a unique @sneakemail.com email address for you to give Amazon.com. Sneakmail will then forward all mail to your real email address unless you tell it not to. You can easily see who is sending you spam by looking at who an email is addressed to (the foo@sneakemail.com address). You can also block an email alias so the sender gets a bounce notice when they try to spam you. There are other more complex rules you can use but that's the basic idea.

-Pato

I figured a list of email addresses was snuck out by an employee, but now I have to wonder if there was some last minute, desperate attempt to raise funds.

How do you determine the dotless number?

The dot-less number is a 32-bit unsigned integer.

Slashdot's IP is 66.35.250.150. Each number is an 8-bit unsigned integer. In binary it would be:

01000010.00100011.11111010.10010110

remove the decimals

01000010001000111111101010010110

convert binary to base 10

1109654166 is the answer.

If you need to do it on paper, this way may be easier:

66.35.250.150 =
(66 * (256^3)) + (35 * (256^2)) + (250 * 256) + 150 =
1109654166

Wondering if it would work to protect email addresses on websites from harvesting, when you can't obfucate them beyond what any browser can see (due to the client base you need to let contact you not having a technical clue).

While I don't know for certain since I don't know how the email harvester spiders work, I would think it probably wouldn't make a difference. You may try to use a disposable email address service like Sneakemail and generate a new contact address each time the older one gets too much spam.

Dispose of them if you ever get junk mail, and you will know exactly which companies not to trust or which web page got spidered.

I get no spam and haven't for several years now. I have had to generate a total of 5 or 6 new addresses for my own vanity page since that one does get spidered from time to time. People can still simply click and mail me.

The downside is that the address that someone uses today to mail me may not exist 6 months from now, and unless he checks my page for an updated address, he may think I don't exist any longer either. But that's okay, I think.

-h

There's a nice, free service to help you avoid this: sneakemail.com. It lets you easily generate fake email addresses to give out when you need to; the email is re-routed back to your real account through sneakemail's server. If you start getting spammed through that fake email addr, just shut it off!

Just don't think that you will be able to eradicate spam without governmental help.

The article had a very good point at the end: if you take a step back for a moment, the spam problem really isn't *so* bad, since it's the freedoms of the internet that we cherish so much that made it possible. i.e. in a sense, it's actually worth it. If you take care not to be foolish with giving out your email, etc. etc., your spam level should be low enough to be tolerable. Perhaps *eradicating* the spam is not necessary -- at least, not worth the pain that inevitably comes with government interventions.

However, these will only address the issue of a website or online store passing your email address around when they shouldn't (or idiots like Lycos and Yahoo who think sending emails to registered users is cool even when they have not opted in for any). It will not cope with the hardcore spammer who uses spiders to pull addresses from webpages/usenet postings or those that use random-garbage@yourdomain.com (I have been seeing a couple of these). It also does not address the waste of bandwidth/mailserver storage space imposed by delivering unwanted spam (which means higher access fees for everyone). For these, blacklisting is the only palliative - and the fact that spammers are now resorting to DDoSing the blacklist servers should be the best testament to how effective they have been (not to mention some of the pro-spammer AC postings here).

Ultimately, the only long-term solution is to make spam unprofitable - and given that most of it is generated by US businesses (as covered in this MSN article), this would be best done by imposing heavy fines on companies using, or profiting from, spam.