Slashdot Mirror

Well, let's see...

coo2m6nd02@sneakemail.com

coo2m6nd02@sneakemail.com

1) Put your email address on a web page

2) Register a domain name

I've been using sneakemail for a couple of years. I shows you where they got your address when you get spam. By far these are the two most frequent sources of spam.

But this thing is not a worm, but a virus. It can't survive without the naivete of the clueless user. That problem might be solved by providing a leaflet for buyers of new computers, which will contain information such as:

• NEVER open executable attachments, even if they come from people you know.
• NEVER give your email address to sites - use sneakemail or mailinator instead.
• Oh, and use WindowsUpdate and a firewall regularly.

there are many valid contacts in that database for spammers to use.

once again, there's a simple solution to that: sneakemail.

of course, your sneakemail address in WHOIS will be spammed to death eventually, but if you create a new one every year, the damage is quite limited.

It's darn easy if you use a unique email address such as that provided by sneakemail.

You should check out one of the free (as in beer) "fake" email services. Take a look at:

Sneakemail Basic account is free, premium service is $2/month. This is a wonderful service where you set up an address that will act as a front door and forward mail to an address you specify. You can have dozens of addresses, each for a specific company. Whenever you like, you can delete the address; no more spam problem.

Mailinator If you ever need a temporary throwaway email address just to sign up for something you're unsure of, use Mailinator. Once you sign up for Mailinator (using your Sneakemail address above ;-) then you pick AnyUserName@mailinator.com, Mailinator will capture the email, and allow you to look at it. I saw this in Cringely's column, and really like it.

Two extremely handy services. I use both quite often!

forgive the plug, but if the anonymity of the supply side is a problem, mainly because of the lack of anonymity of the demand side (asymmetrical anonymity!) - enhancing the anonymity of the demand side should help, no?

Use disposable email addresses: spamgourmet (my service), sneakemail, jetable.org.

The trouble is, Ma and Pa aol user don't "get" these services (especially mine -- even tech rag reviewers have a hard time sometimes :)) -- I think the next step is to make them more accessible. We're working to make spamgourmet more easily deployable, including a proposed PHP Nuke front end to go with your own installation...

Thinking out loud -- does any of the legislation cover what website operators are allowed to do with the email addresses they collect? Dangerous territory, I know, because anything like that would greatly increase the cost of operating a small website (compliance/legal costs, for one thing), but I believe analogous legislation is underway in California regarding the personal information collected by banks and related entities.

1. If the email is from someone in my whitelist, allow the mail to go through and feed it as 'ham' to the Bayesian filter.
2. If the email is not in my whitelist, run it through spam filtering software (Spamassassin works well) to determine if it is likely to be spam.
3. If it seems like spam, then use a challenge-response system (like TMDA) to find out if a human sent the email.
4. If the mail doesn't seem like spam, just deliver it. If I get 3 non-spammy messages from the same person (separated by a day or more) then add them to my whitelist automatically.
5. If someone responds to the TMDA challenge, put them in the whitelist and deliver the original email.
6. If no one responds to the TMDA challenge after a week, feed the mail as 'spam' the the Bayesian filter.

• Business mail I want (like receipts and newsletters from companies I do business with) get through always since the Sneakemail-type address is whitelisted. This solves the problem of businesses not responding to TMDA challenges.
• My real email address is protected from businesses who are likely to sell it and from people farming addresses from mailing lists.
• Personal email that the spam filter sees as non-spam gets delivered without bothering the sender with a challenge-response system.
• Personal email that does seem spammy by the filter still has a second chance to make it through the system with the challenge-response system. This should reduce false-positives to include only spammy emails from people who don't respond the the challenge.
• The Bayesian filter is automatically trained based on mails from people in my whitelist and mails from people who never respond to the challenge-response.

This is why Sneakemail was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.

Well, sign up for a sneakemail address (www.sneakemail.com), and send it from that. Then delete it after replying to SCO's auto email. Or keep it and see what they send you. Either way you're anonymous.

Try SneakEmail. Much easier to manage 100 @sneakemail.com addresses that forward to a real one than 100 Hotmail addresses that need to be checked individually.

Or you can get a domain name where any message to the domain gets sent to you, and give each comany an address of companyname@yourdomain.

Microsoft offering solutions to the spam problem is to Microsoft offering an OS that don't require rebooting every 2 hours.

One might consider using a method employed by Sneakemail which creates dynamic email addresses. Make a bunch of them.. have one for friends and family, and use seperate addresses for newsletters, or advertisements (you actually want.) If spam comes through one of them, then just delete that address so that spammers only see that big "No address" error pop up. :-)

But then again that doesn't stop spammers from spamming anyways, nor does it tell the blackhat ISPs to stop harboring the scum. In which case, I'd stick with using blacklists to block the idiots.

No, I am not part of the high and mightly Lumber Cartel (tinlc). I am not one of their secret agents involved in their super-secret black ops projects. ;-)

Of course, the average windows user does not have his or her own domain, but I think services like Emailias, Sneakemail, SpamEx or SpamMotel are in principle suited for the masses. It's true that they are not very known, and most people seem to take it for granted that one has a limited and relatively small number of e-mail addresses, the idea to create a new address for every new contact (with a few mouse clicks) seems strange to them. I think that can change when mainstream e-mail providers (Hotmail, AOL, GMX etc) offer disposable e-mail addresses.
So, if they are serious about preventing spamming, these large mainstream mail providers should acquire a few hundred domains and let people create additional addresses for their existing accounts in an easy way on the web interface. That would be relatively easy to do.

sneakemail.com works well too. Have been using it for years.

Visit one site:

sneakemail.com


Completely valid email addresses. Totally anonymous.

Use something like Sneakemail.

Please go check out Sneakemail which is a service specifically for this purpose. There is a free and a paid service. You can generate a throwaway address isntantly and then delete after you get the registration information.

Sneakemail and teach her to never give out her real email address to anyone. Just set up a new sneakemail address for whoever needs her address and give them that one. I have been using this for about 6 months since I got a new email address, and I still get no spam at all.

The thing that really makes it cool for me is every email you get is forwarded to your real address through sneakemail, but sneakemail puts a label on it that you enter for each address you create. So, if you start getting spam from a certain address, just got to sneakemail and delete it.

Heck, my mom doesn't even know my real address anymore.

• you can "unsubscribe --force" by dumping the address
• you loose nothing if you dump that address
• you can see if the email address was given away (since it's unique)
• sneakemail is free for basic use (I pay them, their service is valuable to me!)

Quick link to create your account.

• you can "unsubscribe --force" by dumping the address
• you loose nothing if you dump that address
• you can see if the email address was given away (since it's unique)
• sneakemail is free for basic use (I pay them, their service is valuable to me!)

Quick link to create your account.

If you're that worried about giving out your email address, why not use one of the disposable email address providers such as sneakemail . Then you can create a brand spanking new address for sage, and if they start sending you junk, just set it to block any mails they send.

I've been using Sneakemail for awhile, it allows for totally disposable addresses with FULL accountability for each sender.

For example, say a spammer grabs my address from here despite the /. filtering (which every site should have). Every email forwarded from sneakemail shows which specific one-time address it was sent to on the subject line. And since sneakemail allows you to filter each individual address seperately by every sender that's ever mailed that address if nessesary, I can easily turn off the spam while not having to truely discard an address. Plus it's great to know exactly where your address was harvested from, in fact one I've gotted alot of spam from was a one-time address I used for a techdirt.com spam article reply I made!

Did I mention it's a quick bookmark popup thats easy to use and free (banner supported) or cheap premium (6 months $12US).

This is of course only part of the solution, for the rest I use Mailwasher.

Jonah Hex

I've been using SneakEmail for years and I get absolutely zero spam. It works, it's free at the basic level, and if you're willing to cough up a little cash (~$25/year) there's some damn decent additional services available. It makes email filtering far, far more convenient, too. Finally, as an added bonus, they (unlike MailBlocks) don't sell your address, personal information, or the likes.

I've used sneakemail, and it works pretty well. They limit the amount of bandwidth you can use with their free service, but it does actually work. In time it becomes a pain in the butt to go and create a new email address, so many times you'll find yourself saying "oh hell, I'll just use my yahoo account", but nothing is perfect.

Really, this is ON-topic... just not till the last point i guess :-/ This filter suggestion you have:

Beef up your filters and accept it.

is good. Your logic about the marketers needing 30 days is also reasonable. But since this is a board for nerds, I think it warrants something more involved... you want maintain control over your mailing addresses, and whether or not you recieve mail sent to them. The solutions are out there- you just need to take a few minutes to put the pieces together.

I just started using a new account for my main email address, and I'm taking this opportunity to try to break the chain of spam that I developed over 6 or 7 years of using my last address at a .edu domain. What steps am I taking? (note- of course, this is a linux-centric view. If you're using hotmail/outlook/AOL, and you're really concerned about the spam you get, my only suggestion is "find something else.")

1. Set up Procmail. If you're root, it's a little more involved... if you're not root, odds are procmail is already running somewhere on your system. "man procmail", "man .procmailrc", "man procmailex" should be enough to get you going.

2. Use Spamassassin. Once again, if you're the only user on your domain, it's more work because you have to dl/install/configure the SA program. Lucky for me, i don't have root on my mail domain, and my friendly new sysadmin had it running already- so all I had to do was set up a new procmail recipe like this one. In fact, i think i used that one, exactly.

3. Use sneakemail to generate new email addresses for any public post/contact information. Point the sneakemail account you set up to your real address. Don't ever list your actual REAL address ANYWEHRE that a bot can pick it up off the web. Don't give it out to anyone on the phone. Don't use it to send email to anyone at hotmail. Don't list it in the text on your resume or write it out in your .signature. Don't fill it in on warranty registration postecards.

#3 is the really important one- which is why i brought it up in an earlier post in this thread. You probably have another account that is getting a lot of spam right now, which is why you've read this far. So you .forward that address to your new address, where everything that comes in gets run thru procmail and SA just like any new mail. Procmail lets you set up separate delivery folders for mailing lists, so if you use Sneakemail every time you join a new mailing list, or give your address to another company online, you can direct mail coming to that address into its own folder, because sneakemail tags the "From:" headers with information as to which address someone is sending mail to. SO- to take this particular case in point, you make an "audiogalaxy" sneakemail address, and when you get spam from Sprint on the audiogalaxy address, you know that audiogalaxy sold you out. So you call them up, complain, AND THEN YOU LOG INTO SNEAKEMAIL AND TURN THEM OFF.

Unless you use sneakemail. Whenever I encounter a webform where it seems like I need to provide a valid email address, e.g. to recieve a tracking number or an initial PIN code or some such thing, I just pull up sneakemail, create a new address, label it with the date and the party who is getting the initial address (March 14 03, audiogalaxy).

That way, if audiogalaxy sells that address to someone else, not only do I know where that someone else got my address from and (approximately) when it must have happened, but (and this is the important part)

I CAN CUT THEM OFF
Sprint can send as many emails as they want to the address from audiogalaxy... that address is no longer valid, because sneakemail let me kill it.

yes, i'm a paying subscriber, and i've been using it for about 2 years now.

• Spam Gourmet
• Spamex
• Sneakemail
• Mailsehll
• Emailias

Briefly, I'll explain how they work in theory. After signing up with a disposable email service, they give you a disposable email address that you can, for example, enter into forms. Mail sent to that disposable email address gets automatically forwarded to your email account of choice. But here's where they supposedly come in handy. You can sign up for a different disposable email address everytime you fill in a web form. If you start getting spam, you can look at the disposable email address the spam was sent to and you can do 2 things: (1) cancel the disposable email address so you no longer get spam sent to that address; and (2) you know who gave out your disposable address and you can take whatever action you deem appropriate.

This seems like a cool product, in theory, but I haven't seen anyone with real world experience with these services. If anyone here can describe their experiences, it would be greatly appreciated.

Myself, I've tried domain based systems like SpamCop (overall good, but not perfect), double blind email systems (like SneakEMail and client side filtering.

Presently, I'm trying the 'intelligent' filtering in Mozilla with pretty good results. As I don't pay a per MB charge for bandwidth this solution works for me on an individual level. The one cost is waiting for 50 - 100 spams to download while I get 1 or 2 good messages. (Note, the current Mozilla is kind enough to move auto flagged spam to a Junk folder for me).

I've found that even when it flags "legitimate" emails, they're marketting emails sent from orginzations I do other business with. I'm quite happy to not see their marketting emails. :-)

Barring a totally new email protocol, we'll always have to deal with SMTP attacks. I'm afraid there's nothing you can do about dictionary attack, except maybe detect them and refuse the connection from this IP address for the next X hours.

Bayesian filtering is interesting because it reduces the efficiency of spam, hence the profitability of spam. But there is another way: Force people to think twice before they sell your address or, worse, post it on an open web site.

As a deterrent against address selling, I am now using exclusively disposable, traceable addresses, from www.sneakemail.com and www.spamgourmet.com.

Addresses generated from these sites can be given to just one entity or person. If that person sells or post your address, you inhibit the address and put that person/firm in your "stinker" list. And you make sure people know.

If the use of traceable addresses was prevalent, the number of spamming outfits would quickly drop, since you can pinpoint the source of each address. At least that's my experience.

My question is, do you think this would work on a large scale?

Spambot databases have very low lag. One time, as an experiment, I un-spam-armoured the e-mail address attached to my slashdot posts, and then I posted some messages. Within eight hours, I had spam. Fortunately for me, Sneakemail allows me to generate a new 'relay address' instantaneously.

See Also: SneakeMail

It's easier to use sneakemail. it's a service that masks your real email, allows you to create new email addresses to give out. You can attach comments to those addresses so the minute you get mail, you know for example where the email address was used. Here's an example: From: "david_holkins-at-yahoo.com |news-10-2002/1.0-Allow|"
The original from is david_holkins@yahoo.com. The spam was sent to my news address, address I had created on Oct 2002. Using these addresses I have busted one website for giving my address out though they first claimed they had nothing to do with it. When the address starts to get enough spam you either add filters to it (at sneakemail) or just delete it.

Start off with a new e-mail address. Do this sooner or later because you already have a ton of contacts who know your current address. The longer you wait, the harder it is to switch.

To get a new address, I bought a domain name through DirectNIC (whose service is fantastic, btw) and set up a referrer myname@mydomain.org to point to my POP3 box. NOBODY ever gets the pop3 address. The contacts I trust get the @mydomain.org. For other online services, I create servicename@mydomain.org (or use sneakemail, which is also fabulous, btw) and can kill those if they get spammed.

My addresses NEVER appear on any web site, usenet, etc. without spam-guarding.

This method works, and at my real address I only get about four spams PER YEAR. (It's always the same spam too. Something about skin care.)

Now which would you prefer? Setting up tons of filters, spamcop, spamassassin, etc. or just acting with a little more caution from the start and avoidign the spam in the first place?

(Note to trolls: The e-mail address you see attached to this message is a spam-trap.)

In my view, disposable e-mail addresses with systems like mailshell are definitely the best solution, I find the little additional work of getting a new address is really worth it. There are quite a number of such services, a few more links:
Sneakemail, the oldest one of these system - there is still a free version (with limited mail size)
emailias.com, I find it very convenient, a lot of options (19.95$/year)
Spamex, a similar service ($9.95/year)
Spamgourmet, a slightly unusual, but interesting system, free
These services are quite sophisticated, with most of them you can reply to mails in any mail client without giving away the real address because the reply-to address is replaced and the answer will first go to the DEA, where it recieves the appropriate from-address; with emailias and others you can forward different alias addresses to different real addresses, ...
More information: PC Magazine article about DEA system with reviews

If you've a domain and unlimited email addresses, you don't need to resort to shifty yet effective third party tactics (e.g. sneakemail) I provide a different email address for every online endeavor (amazon@uncoolcentral.com noodlestore@uncoolcentral.com etc.) and route all addresses to a catchall until they're spam compromised. The compromised addys are then forwarded to dev null. Works like a charm.

Or get a sneakemail account. I think Sneakemail is the greatest thing since sliced bread.

1) Never, ever give it out (i know, too late now) use stuff like http://sneakemail.com
2) If you are using exchange, then its a farlly safe bet you are using Outlook, assuming outlook 2000
Organize
Rules Wizard
Click new, lots of times.

I would suspect this is because Hotmail is the devil. I've had my Hotmail account for years, and used it pretty much as a disposable account, and used my domain-based email address for everything else. I use Sneakemail to keep spam out of my domain email, and I had never recieved a single piece of spam at that address, EVER (4+ years). Then, one fateful day, I decided the best way to get some archived Hotmail messages to my domain email client was to forward them (don't ask why, I was tired), and forgot to use a Sneakemail address, and within 20 minutes I started getting spam at my domain email. Hotmail feels perfectly free to log and sell outgoing email addresses. Some good Evolution filters get rid of most of it, but I loathe Hotmail forever.

Prove it using sneakemail. It's too late for you to do anything about netop now, but using sneakemail can save you a lot of aggravation since you set up an e-mail address PER mailing list. If you get spam at one of them, you know who sold your address.

Also, don't use your real e-mail address for anything related to comdex!!!!! You will drown under the spam.

Here's an anti-spam service I'd pay for.

• Have a system like Sneakemail that gives me a random email address to use for signing up for stuff on the web.
• Use Spamassassin (or a similar tool) to filter mail.
• Include all of the Sneakemail addresses in the whitelist automatically so they get through. If they start getting spam, there should be a way to set them to bounce. This makes sure that receipts and newsletters get through 100% of the time since they are often incorrectly tagged as spam.
• Anything that scores under 5 or so from Spamassassin gets delivered automatically.
• Anything else has to go through a TMDA like system to authenticate.
• A second (and third?) email address that always goes through TMDA. This would be used for mailing lists and Usenet.
• A web interface, IMAP, and POP3 for downloading mail. Allow people to forward their filtered mail to another email address also.

I think this system would have the best balance of a spam-free inbox and low risk of losing important mail. How much would I pay? I think I'd pay $5 a month if it was set up well. $10 a month is too much for sure though, unless you offer some other features. There is already a cool webmail service called MailSnare that uses TMDA for only $19.95 per year, so you'd have competition :-)

sneakemail

If it is just a ploy to get addresses, avoid the trap by using a DEA (disposable email address); emailias.com, sneakemail, spamex, etc.

I was getting so much spam on my dial-up account that it sometimes took me 20 mins to download mostly useless, if not offensive, email. Sorting it automatically by client-side methods (e.g. SpamAssassin) wasn't helping the download time, since you still have to download the blasted spam before you sort it.

So I got rid of my contaminated address. I created an account on two web sites: www.spamgourmet.com (free) and www.sneakemail.com (mostly free).

Spamgourmet allows you to create an infinity of different email addresses all going to your POP3 account, by adding various prefixes. So say, to take a recent example, that your account is SpammerMaimer and you want to subscribe to, oh, MIT Technology Review's newsletter. You create an address called MITTechReview.20.SpammerMaimer (@ the SG domain). The "20" in the middle word of the address gives them 20 shots at emailing you before the address shuts itself down (and you can manually reset the counter).

Then, surprise! This stupid magazine sells your address to several spammers. On top of that, their forum system is spammer-friendly because it encourages email address collection.. You know that it's them, because you haven't given that address to anyone else. So what do you do? You go to your Spamgourmet account and shut down that MITTechReview.20.SpammerMaimer address. Problem solved.

For truly one-shot emails, I use sneakemail, which creates disposable addresses that you can disable individually.

The hardest thing is to keep the old address active for a while until all your usual correspondants have been informed of your new address. Then, when you switch your ISP email address, you just have to change the forward address in SG and Sneakemail.

Highly recommended.

-- SysKoll

Sneakemail.com was created just for this purpose, its like a condom for your email address. And no its not going to disappear, its been running over 2 years and is profitable

$ grep 127.0.0.1 /etc/hosts | wc -l
12708

I run a local HTTP server that blindly returns a 1x1 transparent png.

Add to that use of mozilla.....

and I really see very few ads.

ICQ spam is a bit annoying, I wish GAIM had a filter....

I get no more then a few spams per month, partly due to spamassassin (My ISP runs it) and partly due to being damn careful with my address.

I use both sneakemail (I even subscribed before it did anything other then remove a nag screen) and spamgourmet. You should too. If you want to protect your webpage email address, that is easy too, just use javascript or images (harvesters can't parse these), and even using HTML entities should offer some protection.

I use Sneakemail

Moderating trolls and flames as "Offtopic" is Unfair

Suppose I reply to the article "Microsoft buys AOL" with "KILL ALL ".

This IS offtopic. It's also flamebait, and a troll.

In the intrest of being on topic.....

Yes, it is "Bad and wrong to do business with spammers" because you are giving them reason to spam. There's a grey area though. What if you don't respond to the spam directrly, are already patronizing the buisness? You should also be sure that they are not sending email in "good faith" IE another business told them that you had requested te recive such mail (though you probably forgot to request not to, but that isn't the spamvertised business's fault, is it?). Often, spamming services will send mail for a business, falsly claming that they are only sending mail to those that opted in. Look at the headers. Try to contacting the business. Use services like sneakemail that allow you to track where the address the mail came to was obtained. Now, there may also be cases, where a business hires out a spammer to get thier message out to 100 million harvested addresses. If they do that, certinly, keep away from them. They may offer an "affiliate program" which may be used by spammers. Look into how diligently they work to resolve abuse issues.

Fuck you, biaaaaatch.

dl75jdwq02@sneakemail.com Lameness filter encountered. Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.

www.sneakemail.com
Been using it for over a year and it works great.

I have to agree with you there. I use a sneakemail address for monster, and I have never received any spam at that address.