Slashdot Mirror

I used to use my catchall for precisely that (e.g. slashdot@mydomain.

It DID help me bust someone for passing on an address which was instantly traced back to them.

Spam however has completely ruined it though for the problems outlined in this article. Unfortunately I can't turn off the catch-all as there are so many 'legacy' addresses from which I might only hear once a year but don't want to miss their email.

I now use http://www.spamgourmet.com/ instead to create disposable accounts as I have the luxury of being able to kill them (or let them die) if need be. It's free and I highly recommend it.

Or check out spamgourmet.com in case you want to use this type of service without having to install it.

Spamgourmet is cooler.

Then you can use spamhole or spamgourmet and set it to some mailinator address!

I use spamgourmet.com. I can also create addresses on the fly, but then a specified number of replies is forwarded to my real e-mail. For example, I can makeup something like sd.c.myID@spamgourmet.com, and 3 (a,b,_c_) mails will be forwarded to my real address through myID account on the spamgourmet site, the rest will bounce.

spamgourmet provides a similar service if you don't want to lease a domain.

There are plenty of places you can safely point to. It's fair to assume that mailboxes at example.{com|net|org} are unmonitored. There's also me@privacy.net which bounces email with a polite notice that you don't want email from the sender. Spamcop provides the conspicuous nobody@devnull.spamcop.net, originally provided for users of their newsgroups but open to all and of course you can just use fake tlds like nobody@fake.invalid which will always be rejected before the email even leaves the spammer's servers.

If you do want to recieve email but only, say, once from a company then you'll be looking at SpamGourmet which provides simple, free, fowarding addresses that expire after X hits.

Plus, black listing is only one of the tools available right now, there is also white listing, and a host of other solutions that are currently being experimented with. Once spam gets to an untolerable level, some people will say enough is enough, and will start using tools like spamgourmet.com And once spam gets to an untolerable level on a mass scale, free services like hotmail.com will be blocked entirely.

Or, you could do what we do at spamgourmet -- that is, go ahead and put up artwork that the developers did. It looks so bad that the artists will volunteer to rework it all (we're currently undergoing a rework now :)).

The new site will definitetly have links to the artist's site, so there's some no-cost promotion involved.

So...
1) get out the crayons and the scanner
2) slap something up
3) sit back and wait, countering frequent expressions of ridicule with offers to volunteer
4) art!

I used to do the same. Now I'm paying for it.
Several viruses were sent to jane@mydomain, pete@mydomain, sedlskjl@mydomain etc.

Inevitably these same addresses are now being used for Spam and viruses as the source OR destination address (meaning I get bounce messages as well).

I HATE it when moron anti-Virus gateway administrators set them up to return confirmed viruses to sender with a polite note - except I am NOT the sender, my address was spoofed.

Unfortunately I have been using the catch-all trick for so long (e.g. ebay.com@mydomain etc.) that it's not as simple as turning it off or setting up filters - I don't even know what all the 'legit' addresses are as I used to create them on the fly and may only get email to some of them once a year or so.

I only ever busted one person for passing on the account details which was satisfying, but I am getting PLENTY of Spam/viruses now instead.

I use the excellent Spam Gourmet now for instantly creating disposable addresses with the added advantage that they can actually die when I want/need them to.

Why people don't use disposable accounts is beyond me. Once you start using Spamgourmet you'll never go back. I've been active with them over two years and here's my current stats:

Your message stats: 339 forwarded, 43,796 eaten. You have 155 disposable address(es).

yeah, that's right, thanks to disposable addresses I *haven't* read 43,457 spam emails! When I do need (want) to use my real address, I use SpamSieve (with Entourage X) - very good baysean filter (not sure if it Mac only or not).

Is there an open source project going on to implement a similar interface to gmail (I think labels are really a great idea) for the webmail of my server ? :)

Ideally it would be able to use IMAP as its backend to stay compatible with other clients ... but it might not be easy to store label information in IMAP ...

Anyway if somebody has a spare invite i'm really interested (trying is the best way to start implementing it if it's not already started)

gmail.50.freeman@spamgourmet.com

thanks

As for the issue of collecting personal info. I think it's fairly reasonable for them to attempt to characterize both the size and demographic of their readership in order to sell ad space. I don't think every little annoyance is justified in light of the "it makes money therefore it is GOOD" attitude some coorporate stooges have (pop-ups come to mind), but yeah, they're supplying a service, and if that's what they have to do to stay afloat. If it bothers you that much, fake your info.

also check spamgourmet - it forwards a configurable number of emails from each sender then eats the rest.
Very useful, I've found.

My favorite for this is Spam Gourmet. It provides the tagging as well as disposable addresses.

Psst. Hey buddy, can you spare a .sig?

After you have confirmed your forwarding address, you can give out self-destructing disposable email addresses whenever you want. The disposable addresses are like:

someword.x.user@spamgourmet.com

where someword is a word you have never used before, x is the number of email messages you want to receive at this address (up to 20), and user is your username.

For example, if your user name is "spamcowboy", and BigCorp wants you to give them your email address . . . give them this one:

frombigcorp.3.spamcowboy@spamgourmet.com

This disposable email address will be created here the first time BigCorp uses it (you don't have to do anything to create it), and you'll receive at most 3 messages, forwarded to your forwarding address. The rest will be indelicately consumed.

Or Spamgourmet you can build in a maximum number of messages, create trusted senders/domains for particular disposable addresses, and reset counters on the website.

SpamGourmet.com is cool as well..

thanks to spamgourmet.

use spamgourmet, then you don't have to worry about the checkboxes.

[disclaimer: I'm associated with spamgourmet -- if that bugs you, please *don't* follow the link :) ]

If you don't happen to have your own domain, you can get the same benefits you described by setting up a Spamgourmet account.

You create throwaway addresses on the fly (just make them up - no logging in) and email gets forwarded to your real address. Works great for addresses you only expect to receive a few emails from (like when registering for NYT, etc), as the address automatically expires once you receive a certain number of emails. If you want to continually receive email at that address, you can specify an exclusive sender (by email address or domain) to allow email to come in indefinitely.

Works great and is free too.

A good free tool for having unlimited throw away email addresses is spamgourmet

You go there and register a name (say, august_zero@spamgourmet.com). Then, whenever you have to give out a displosable address, you make it string.n.august_zero@spamgourmet.com, where string is some unique string you'll use to remember this address and n is an integer ST 1 Far easier.

slight problem: if you bounce spam, you let the spammer know that your account is live, so they will proceed to send you even more spam.

besides, a lot of spam also has fake return addresses (viruses and such). so you are spamming the real owners of the address. and if they have such a bounce-system as well...

=> if everybody automatically bounced all spam, the internet would go down in an avalanche of spam and bounces...

the best way to stay spam-free is to never give out your email address. use a disposable one instead, like this one: slashdot-test.3.nikster@spamgourmet.com

i will receive the first 3 emails to that address. everything else gets eaten (deleted right on the server). works beautifully.

• Opt In Real Big claims to be an opt-in only company. However, they operate through third parties with no checks in place to ensure the third parties are using opt-in lists, paying those parties based on how many people click their links. Making it a policy gives them plausible deniability up until people start laying down evidence that they're full of shit.

Now taking your throwaway E-mail you created for this, OPT IN to Opt In Real Big's spam. Yep, I said opt into getting spammed. Wait a week or so to make sure you're receiving it, and keep every piece. After you're sure you're opted in follow the opt-out procedure. Note the time, date, etc. of it, and if possible note step-by-step what you did, and which instructions you followed (I'm willing to bet the opt-out instructions change fairly often.)

Keep monitoring the address, anything you receive after opt-out (and a certain amount of leeway time, I believe CAN-SPAM allows no more than 48 hours for the spam to stop) are wonderfully valuable evidence. Ironport can use them against this lawsuit, and even better, you can turn them over to the proper authorities to prosecute under the CAN-SPAM act!

Just be sure the address you use for this is brand new (untainted, so Scott can't claim you were signed up before to his/other spam lists). Even if spam you get is from companies other than Opt In Real Big, the fact the address was brand new, and ONLY used to opt-in with Scott's company will link everything received by it to Scott and company(ies). We all know he's an idiot, and he's not going to make it easy to opt out, or if he does, he'll more than likely sell your address off. So let's prove it. Consider it a DDoS using the law.

adding, for example, p3n1sgrowth.9999.mbloore@spamgourmet.com to his mailing list?

• The other thing I do now (which I'd have done earlier, had I the resources) is give each company I do business with it's own address. While this doesn't cut the spam, it does allow me to track who's been selling my address, and who hasn't. Yahoo and Ebay (both previously mentioned in other threads) have been the main culprits thusfar, although there are a few smaller companies I've caught as having sold their email lists as well.

There's more to it than that for those willing to dig into the advanced options. You can add trusted senders so if you're on a mailing list in archive form, you can use a disposable E-mail for it. None of the trusted sender's E-mails lower the counter of remaining E-mails to that address, and they will continue to get through to you even after the address has dropped to 0 remaining. You can set it up so the E-mails it forwards to you are ready for you to reply through Spam Gourmet, masking you real address so it looks like it came from the disposable one. You can also go in and adjust the remaining E-mails left on an address, both up and down.

Since I started using it I've had less spam problems, and I can tell you every company that sells my address. It's a great service and totally free!

Nobody mentionned the magnificent Spamgourmet.com ?

I love this service.

You can create as many disposable email addresses as you want.
Now you can even send mail, and those little critters won't be able to spam you on these addresses.

Hint, hint !: Create a single, specific address for each address you give, and you will be able to see who sold/gave your email.
And it's free (as in beer).

It costs me $35 to buy my own domain and a one off payment of about $30 to zoneedit to set up the mail forwarding.

Use a registrar like directNIC that has $15 domains and free email forwarding.

But note that you don't have to have your own domain to use that method. MTAs like qmail offer extension addresses (user-*@example.com). Also check out spamgourmet for a more advanced approach.

What you have suggested is a good idea.

It is also more or less implemented by Spam Gourmet.

Spam Gourment allows you to specify an email address on the fly that will only accept and forward a limited number of emails (less than twenty). Any emails sent to that email address after the limit is reached are silently "eaten".

Easy.

The email address is in the form of randomword.11.username@spamgourmet.com, where 11 is the number of emails sent to this address that should be forwarded. (As well, if you don't loke the name spamgourmet, or think having that domain might tip some people off, there are a number of different domains that work: namely antichef.net, neverbox.com, spamcannon.net, dfgh.net, antichef.com, or recursor.net...)

To email me, any of the following would work:

• slashdotRulez.5.fredmonkey@spamgourmet.com
• ilovemyspam.19.fredmonkey@antichef.net
• hotstuff.3.fredmonkey@dfgh.net
• etc

Give it a shot: Spam Gourmet - free disposable email addresses.

- dj

-----
SpamGourmet Stats:

668,357 disposable addresses
3,781,398 msgs delivered
35,252,993 msgs eaten

What you have suggested is a good idea.

It is also more or less implemented by Spam Gourmet.

Spam Gourment allows you to specify an email address on the fly that will only accept and forward a limited number of emails (less than twenty). Any emails sent to that email address after the limit is reached are silently "eaten".

Easy.

The email address is in the form of randomword.11.username@spamgourmet.com, where 11 is the number of emails sent to this address that should be forwarded. (As well, if you don't loke the name spamgourmet, or think having that domain might tip some people off, there are a number of different domains that work: namely antichef.net, neverbox.com, spamcannon.net, dfgh.net, antichef.com, or recursor.net...)

To email me, any of the following would work:

• slashdotRulez.5.fredmonkey@spamgourmet.com
• ilovemyspam.19.fredmonkey@antichef.net
• hotstuff.3.fredmonkey@dfgh.net
• etc

Give it a shot: Spam Gourmet - free disposable email addresses.

- dj

-----
SpamGourmet Stats:

668,357 disposable addresses
3,781,398 msgs delivered
35,252,993 msgs eaten

For now, the only real solution to spam is setups simlar to http://spamgourmet.com/

It's very simple and it's effective.

I have a spamgourmet address for my domain's contact email. In about a year, I have only receeived two emails on that account. I think both were from my registrar, and were somewhat legit (although they probably got deleted). While I still get tons of spam, I haven't recieved much due to my whois record.

Those who do not own their own domain can accomplish the same thing using disposable addresses available from services like SpamGourmet or Sneakemail.

See www.spamgourmet.com for an easier, entirely free, and more reliable system to solve this problem.

Email is all or nothing. You either accept that by having an email account you will receive everyting that is sent that address or you don't have one.

On a related note, I was at my parents home this weekend. They like to use Yahoo for their searching. No problem, but they were complaining of popups. I decided to install the Google toolbar for them. The thought crossed my mind to install the Yahoo toolbar, since they prefer Yahoo, however, it came down to a matter of trust. When Google says they're not going to resell my information or track my moves, they've given me no reason to disbelieve them. But seeing some of the ads on Yahoo makes me feel they're willing to do anything for an extra click. I appreciate that they're in the business to make money, just as Google is, but Google just makes me feel more comfortable about it.

Not a big deal either, since there's a goof chance my parents won't take notice the new bar anyway ;)

It is sad that you have to question every motive and move you make on the Internet thanks to all the toxic waste that is present. One wrong subscription and your inbox is hosed. I made that mistake the other day. Fortunately, I used a throw-away e-mail address so the damage was minimal.

Easier still, go to Spam Gourmet and get temporary accounts for them. It'll do pretty much exactly what you listed but you don't need to have your own domain to do it (yeah, I know we're geeks and should all have our own domain, but some of us are poor at the moment! :> ).

Spamgourmet is also a good site for creating disposable e-mail addresses. Took me a few minutes to figure out how the system worked but after that I've been using it whenever necessary and it works quite well.

> I can provide as much fake information as Yahoo asks for, as well.

Instead of abusing free services, why not use some free throw-away e-mail addresses. It's precisely what the service was designed for, and it's free, easy to use, and works well.

Better yet, use a service like Spam Gourmet for anything you sign up for online. I do this and use a unique disposable address for each site. I like to enter contests so this is quite handy. A nice side-benefit is I can tell you which sites I signed up with are spammers because they're the ones with 100+ E-mails trashed and not forwarded. Hell, I even signed up for Spamcop through Spam Gourmet. I made the spamcop reporting address (the one they send from) a trusted sender, now if some spammer manages to somehow get the address I used to sign up at spamcop, they'll get to send a grand total of 2 E-mails before they're all eaten automatically. No bounces to warn the spammer the address is bad either, they just get quietly deleted without anyone ever looking at them.

Or just use spamgourmet.com. Works for me.

We *just* added captcha functionality at spamgourmet but we're using a random number at the end of each quizword, and we use a random filename for each image. The code just went up on sourceforge if you want to take a look.

yeah, and Hurricane Electric got listed by SPEWS, too, which blocks spamgourmet a spam *fighting* disposable email service. I freaked at first, but the fallout doesn't seem that bad -- maybe nobody's using SPEWS.

Look - it's easy to say "you should move or force your ISP to change" -- but that's really not an option for most operations. Moving is *expensive* - say you move to another ISP (a nightmare to begin with), and there are service problems, etc. -- more cost. And after you're happily settled in, what if SPEWS blocks the new ISP? Start over?

Further, if you're small in terms of $$$ (like spamgourmet is -- very small), the current ISP isn't about to listen. Why should they?

This method just has too many *externalities* - it puts the cost of spamming on many people who don't do it, and are maybe even fighting against it. It creates bitter factions and ill will toward spam fighters in general. That's not good.

As someone said here, these tactics would be perfect for a spammer to use...

I don't even bother obscuring my address most of the time due to a handy free (as in beer and speech) little utility over at Spamgourmet.com. It allows you infinite disposable email addresses that forwards to an address you specify.

How it works: When some site/etc is asking for your email address and you just *know* they're going to spam you, give them a spamgourmet address. -

identifier.#ofemailstoaccept.userhandle@spamgour met.com

I.E.

slashdot.5.user@spamgourmet.net

Once you get five emails you won't get any more mails forwarded from the slashdot identifier. Been using it for over a year and looking at my user page I've been saved from over 600 spams. By giving my real email address out to only sources I trust and using a spamgourmet address for all the rest my email box is totally free of spam. I'd highly suggest it.

Not completely on topic, but it's how I give out my address 95% of the time and it works for me.

It's not hard, but your method is not foolproof.

I had a brand new MSN email account which I never used and which I never gave out to anyone, but I still managed to rack up 264 spam messages in one year.

For mailing lists and whatnot, you can also just use spamgourmet.com, once you understand how it works, it's kind of simpler because you only need to remember one email address.

Its solution is basicely the same as yours, plus it's free and it doesn't require you to have your own domain name.

Just a pbs work - not affiliated with yahoo or spamgourmet.

Spam is easy. Just use a mail aliasing system that allows you to give a unique address to every form and your real one to none. Then if one alias starts receiving spam, kill it. Only problem is that it doesn't fix an account already infected with spam, you have to change address. Best move I ever made was dumping my Yahoo address and signing up for a Spamgourmet account.