Slashdot Mirror

sneakemail and spamgourmet are two services that let you do this sort of thing. Sneakemail creates addresses that are good until deleted, spamgourmet lets you create sddresses that are only good for x number of emails (where x is up to 20). I use both, and only get spam from spammers that have managed to guess my email address.

So the obvious coutermeasure to spam is to make stolen addresses worthless.

Use spamgourmet and only give disposable addresses to businesses, web sites, forums and friends running Windows.

Exactly. I use spamgourmet for this.

check out spamgourmet for help with this.

http://spamgourmet.com/

Lets you easily give a different email address to each different list/website/company you deal with, to limit the amount of mail you get to each address, plus set up trusted senders... works well.

I know you probably already know this, but just in case, the solution many of us use for that exact same problem is a combination of Mailinator and Spamgourmet. Maybe you can still use your Hotmail account in combination with those, but you'll have to check it less and less, so it'd become less of an annoyance...

You mean something like this.

Larry Seltzer did a similar job with a review of disposable email address services in
PC Magazine.

Spamgourmet (open source and free to use) was lined up against several commercial offerings, and was rated the lowest. It was clear from the review that he didn't spend much time learning about how spamgourmet works -- he wound up faulting it for perceived problems that were addressed by features that he ignored in the review.

Not to be cynical, but if I were a tech reviewer, I might be afraid of lawsuits resulting from my reviews -- open source projects have no revenue, and therefore can't prove up any damages in court. This might make me more likely to choose the open source alternative to get the shaft. Hopefully that's not what's going on here, but you've got to wonder...

I am an Indian programmer. Contact me at sd1.5.saurabh@spamgourmet.com. I have a team of 5 programmers working with me and our hourly rates range between $10 to $15 depending on the project.

I use SpamAssassin to sort and tag the spam server-side, with my threshold set at 5. Or rather I should say the ISP hosting my domain uses SpamAssassin, I don't have full control over the mail server.

Then I use Mailwasher mainly to preview the messages on the server before downloading them. Mailwasher has its own filters to tag and bag spam, and they're pretty good. Do NOT use Mailwasher's fake bounce feature, it only contributes to the problem. I get the full source of the messages before downloading and report them to SpamCop.

I then use Mozilla Mail for the actual downloading and reading, which of course has its own Bayesian filtering, but messages have already gone through two other filters before they reach it. The funny thing is that even though I preview the messages with Mailwasher, I don't delete them on the server, I want them for training purposes.

I use throw-away accounts on SpamGourmet if I need to sign up for anything online.

I only get maybe three spams a week to my real email address, so all of this may be a tad extreme. But perhaps this paranoia (I'm also very protective of my email address to begin with) is *why* I get so little spam.

My Hotmail account, OTOH, was getting about 20-30 per day, five or six of those were making it past the filters into my inbox. Since I don't use the account for much serious correspondance, I finally set myself to "Exclusive" and whitelisted those few domains that I actually want to get mail from.

Spam Gourmet, and his setup is open source.

However, these will only address the issue of a website or online store passing your email address around when they shouldn't (or idiots like Lycos and Yahoo who think sending emails to registered users is cool even when they have not opted in for any). It will not cope with the hardcore spammer who uses spiders to pull addresses from webpages/usenet postings or those that use random-garbage@yourdomain.com (I have been seeing a couple of these). It also does not address the waste of bandwidth/mailserver storage space imposed by delivering unwanted spam (which means higher access fees for everyone). For these, blacklisting is the only palliative - and the fact that spammers are now resorting to DDoSing the blacklist servers should be the best testament to how effective they have been (not to mention some of the pro-spammer AC postings here).

Ultimately, the only long-term solution is to make spam unprofitable - and given that most of it is generated by US businesses (as covered in this MSN article), this would be best done by imposing heavy fines on companies using, or profiting from, spam.

But consider the worm. There is some fairly cool technology in there to get them to work right. Right now that technology is being used mostly for evil. In the future the technology may mature to the point where we will wonder how we lived without it. As an example, instead of a slashdot web site, there could be slashdot worms that find you and deliver your content you want in real time to a computer or handheld device instead of you needing to query for it. It would simply be there on your computer. No more world-wide-wait. Don't laugh it could happen (or maybe not).

Similarly spam is using technologies in creative ways for evil. Yet the same techology is being used here on slash dot to notify me when one of you wonderful people comments on my comments. As the technology matures we may see new and wonderful things grow out of what we call spam; again maybe not.

However, both of these evils are responsible for a whole new set of technologies the thwart them. As the spam filters get better, the spam improves to overcome the latest improvements. The spam filters react and create new technologies which the spammers respond to and so forth. Worm and virus protection works the same way.

Each iteration requires using some existing techology in a new way or creating an altogether new techology. These technologies start to be applicable in other domains, thereby increasing and improving the general level of technology in the world at large.

As I gaze into the crytal ball, I see that the current war of spam and virus, like all other wars, will create new techology that was not considered and would not have been conceived had it not for the necessity of the times.

See James Burke "Connections" for a similar view of history, only much better.

Now I use Spamgourmet and I can track my addresses as well as block them. Never had a problem in more than a year.

(i) Many spammers have become so adept at masking their tracks that they are rarely found, and are so technologically sophisticated that they can adjust their systems to counter special filters and other barriers against spam and can even electronically commandeer unprotected computers, turning them into spam-launching weapons of mass production.

"I'll be damned if I'll trust my fate to 12 people who aren't even smart enought to get out of jury duty..."

I've read the previous replies to this message, and I thank them for the new inputs.

Here's another to add to the list:

SpamGourmet .

Sneakemail has a free option and a pay-for option. The cost is $2 a month. The free option requires you to "create" a throw-away address before you can give it out. The pay-for option allows you to define a key/keys unique across all sneakemail users, and you can use this key on the fly in your throwaway addresses.

Mailinator is a different approach. You can give out an address, any address@mailinator.com, and you can check this address at their website. There's no accounts there, no passwords, no privacy for the letters sent there. The letters are auto-deleted after a "couple" hours, so you have to check soon, but I have a feeling most folks aren't really interested in seeing any letter they get there anyway, unless it's perhaps an immediate response. But, hey, it's free.

Spamgourmet is free. You register for an account. You make up your own throw-aways on the fly, using a formula for the address--

[label].[num of msgs to frwd to you].[acctname]@spamgourmet.com

It keeps a big database, and forwards up to the number of messages you put in the middle element of the throwaway address, then just discards any further email to that address. It keeps track of the totals. You can view each throwaway address that has actually been used to send you email, and how many messages have been "eaten" over time. You can also define rules for the [label], to help prevent evil people from making up throwaway addresses for you, to spam you. Spamgourmet also has multiple domain names you can use for the addresses. And, you can pick up the source for the system, and implement it on your site.

There are some other pay-for sites that provide throw-away addresses. I just don't have the money to try them out and see what their advantages/disadvantages are.

I fully agree with the point, however, that whatever the method, people can save themselves a lot of spam if they use throw-away addresses a lot, keep their emails off webpages, (at least unencrypted), and use mild encodings if they are unlucky enough to have their names on any of the domain registries. And, if you do send messages to mailing lists, or anywhere else, use throw-aways! Many of these lists keep archives of the messages, which are rich in email addresses for email harvesting bots!

I don't think RSS is the end-all to mailing lists, and especially don't see them as a key player in the fight against spam. But, they serve their purpose.

Your email address MUST be correct to process your registration.

It only has to be valid long enough for them to send you a confirmation email. Using a throwaway address is more than good enough. How do I know? Because it worked for me(tm)! :)

The spammers cannot be regulated in the same way because there is no way to regulate internet access in the same way. So a Do Not Spam list would really be a Spam Me Lots list. See SpamGourmet to help reduce the spamming

You might also want to take a look at SpamGourmet, which can do this type of thing already and filter it at their level so you don't have to deal with it at yours. I always use a spamgourmet address to sign up for things and I get barely any spam at all.

long live whitelisting

Doi!

for what it's worth, the stats at spamgourmet.com confirm a drop off in spam the last couple of days. (if you look at the graphs, note that there was a server move near the beginning of July that accounts for the big drop and spike at that time).

Are we saying, beyond the featured shutdown, that SoBig, etc. have actually taken the *spammers* out of commission for awhile -- not only by clogging mail servers, but by infecting and disabling their boxes?

forgive the plug, but if the anonymity of the supply side is a problem, mainly because of the lack of anonymity of the demand side (asymmetrical anonymity!) - enhancing the anonymity of the demand side should help, no?

Use disposable email addresses: spamgourmet (my service), sneakemail, jetable.org.

The trouble is, Ma and Pa aol user don't "get" these services (especially mine -- even tech rag reviewers have a hard time sometimes :)) -- I think the next step is to make them more accessible. We're working to make spamgourmet more easily deployable, including a proposed PHP Nuke front end to go with your own installation...

Thinking out loud -- does any of the legislation cover what website operators are allowed to do with the email addresses they collect? Dangerous territory, I know, because anything like that would greatly increase the cost of operating a small website (compliance/legal costs, for one thing), but I believe analogous legislation is underway in California regarding the personal information collected by banks and related entities.

be sure to use spamgourmet when you sign up at the Dean site...

you might find this sight particularly useful. it will let you set up a temporary address based on a naming convention that forwards to your real address but expires after a few emails. you can setup something like rusxxxxx@asdf.com where xxxx is whatever you want and it will fwd to your real address so if the badguys get your email its no big deal the temp addy will just stop working.

Here's a good way to get those usenet responses back and keep your real email hidden, disposable addresses:

Spam Gourmet

Use a free throwaway web-based account . . .
I use Spamgourmet, I can give out an address I make up on the spot. After a certain number of messages are sent to that account, (and options can be set, like trusted senders and the like) Spamgourmet eats all the messages sent to that account instead of forwarding it. It's great.

If everyone started downloading legal music instead, we would make short work of the RIAA, because people would start buying CDs from indie bands, and seeing their shows, instead of enriching the major labels every time you buy a Britney or New Kids CD. The RIAA would also have no cause to complain - these music downloads are not copyright violations because the artists give you permission to download them.

Probably the best known site for downloading MP3s is of course MP3.com . See especially their genre index . Click the link. You will be quite astounded at how many genres there are.

Unfortunately the website usability of MP3.com is atrocious, and their streaming audio seems to be buggy - I can't get it to work in either Explorer or Mozilla. To get an MP3 file to download to your hard drive, you have to register, which I'm sure will result in merciless spamming. May I suggest registering with a throwaway email address from spamgourmet ?

The Open Directory Project has Bands and Artists and Styles indices. Not all the artists offer downloads, but the site says they list 48,000 artists and I imagine many of them offer downloads.

There are better sites for hosting MP3s than MP3.com. Some of them allow you to buy the band's CD from the same page as the MP3 download. Among them are The Internet Underground Music Archives, CDBaby, Epitonic.com, Lulu, SoundClick, Matador Records and insound .

Monotonik provides BitTorrents with zip files containing 60 to 100 MP3s apiece available here.

If you prefer the higher quality, patent-free Ogg Vorbis files you can find several download sites here . Ogg Vorbis players are available for many platforms - WinAmp will play them on Windows, and I understand iTunes on Mac OS X supports Ogg now. There are open source Linux ogg players and encoders, even an open source fixed-point decoders for embedded applications where the CPU doesn't have floating point hardware.

There are also peer-to-peer applications for distributing legal music. See Furthur Network and konspire[2b] .

Unfortunately, musicians are often not very good website designers, so poor usability is a significant obstacle to getting music directly from artists' websites. If you're a musician, and you'd like to know how you can improve your website so more people will download your music, please read my article If Indie Musicians Wanted Their Music Heard....

Finally, there is the problem of finding the music that's actually worth listening to. The labels do serve the (somewhat) legitimate purpose of picking out the good from the bad. But we can do that ourselves with legal downloads by using collaborative filtering, for example by downloading our music with iRATE, which you'll find at

Probably the best known site for downloading MP3s is of course MP3.com. See especially their genre index. Click the link. You will be quite astounded at how many genres there are.

Unfortunately the website usability of MP3.com is atrocious, and their streaming audio seems to be buggy - I can't get it to work in either Explorer or Mozilla. To get an MP3 file to download to your hard drive, you have to register, which I'm sure will result in merciless spamming. May I suggest registering with a throwaway email address from spamgourmet?

The Open Directory Project has Bands and Artists and Styles indices. Not all the artists offer downloads, but the site says they list 48,000 artists and I imagine many of them offer downloads.

Better sites for hosting MP3's than MP3.com are Epitonic.com and insound.

If you prefer the higher quality, patent-free Ogg Vorbis files you can find several download sites here. Ogg Vorbis players are available for many platforms - WinAmp will play them on Windows, and I understand iTunes on Mac OS X supports Ogg now. There are open source Linux ogg players and encoders, even an open source fixed-point decoders for embedded applications where the CPU doesn't have floating point hardware.

There are also peer-to-peer applications for distributing legal music. See Furthur Network and konspire[2b].

I'm sure if more people availed themselves of the wide variety of music available for free download, we will make short work of both the RIAA and ClearChannel. Our lives would also be richer for it.

I second the vote for spamgourmet. It's free, it has multiple domains to chose from, and it has lots of other neat features.

Why not just use Spam Gourmet? It allows you to make disposable email addresses that forward to your main address. The addresses are unique based on a key word which helps you know where your spam came from.

And if you don't have your own domain name, you can use a self-destructing disposable e-mail account at spamgourmet.com. It lets you do things like attach a tracking name and also limit the amount of e-mail allowed on that name. i.e. Amazon.10.myaccount@spamgourmet.com

Yeah that works. I have my own country, so when I buy from bn, I make a street named "bn street" and have them send mail there, or "amazon way," etc. If I get junk mail at bobscomputers ave, then bobscomputers.biz is likely the culprit.

Actually, I'm lying a lot.

As enlightened as your idea may be, warpath, it is illegal for most users to run their own mailservers with their ISP setup. Also, as noted above, it doesn't really apply to people who give out your physical address when they shouldn't.

We are not completely without alternatives, though.

Perhaps to REALLY screw them up, we should invoke some kind of e-mail trading system, so that demographics identification is no longer effective and they leave us alone.

I use spamgourmet. http://www.spamgourmet.com

Better than creating a throw-away yahoo or hotmail address, go check out spamgourmet.com, and create a self-destructing disposable email address that will forward a limited (set by you) number of messages to your regular address. So far I have found that this works for everyone who needs a valid e-mail address, for any reason. Although I haven't tried it yet on this do not call list yet....the site is running reeeaaallllyyyy slooowwwww......

Yes, so confident am I with Spam Gourmet that I even use it on Usenet...

...and on here.

Just use SpamGourmet and set up an address that expires.

Usage: [keyword.number.username@spamgourmet.org]

Like: donotcall.6.nege@spamgourmet.org

After 6 emails (or whatever number you specify) the address is deleted. This way, if they actually need to send you anything (confirmation, etc) then they'll get through until the address expires.

I use it whenever I order pizza online from the local places.

You should check out Spam Gourmet instead of creating whole yahoo or hotmail accounts. It has worked really well for me.

In order to sign up to certain services / sites you need to provide a valid email address.

this tool provides a simple solution to that problem.

ever heard of spam gourmet?

they let you set up temporary e-mail aliases that expire after a specified number of messages have been relayed.

Spamgourmet disposable e-mail addresses use a customisable e-mail address to register, and have it link via spamgourmet to your real address. After a user definable number of replies (like 1, for the initial confirmation) everything else is swallowed by Spam Gourmet.

spamgourmet - self-destructing disposable email addresses, titanium strength spam blocking, very short learning curve.

Spamgourmet is made specifically for the prupose you describe - and IMHO, does it much better.

There. Now you don't need Hotmail at all. Yay!

go for the bonus round by getting a disposable email account (eg spamgourmet.com) to protect your new address.

Seriously, you shouldn't have to worry about this. I don't anymore.

Check out http://www.spamgourmet.com/ and create an account. You never have to visit the site again afterwards.

Make up a new email address each time you need a quick account for something like FileShack. I used this email address for my new account:

fileshack.1.inda@spamgourmet.com

'fileshack' is for my reference
'1' says that the address is only valid 1 time
'inda' is my account name

They can havest that address because it no longer works. Good, yeah?

Seriously, you shouldn't have to worry about this. I don't anymore.

Check out http://www.spamgourmet.com/ and create an account. You never have to visit the site again afterwards.

Make up a new email address each time you need a quick account for something like FileShack. I used this email address for my new account:

fileshack.1.inda@spamgourmet.com

'fileshack' is for my reference
'1' says that the address is only valid 1 time
'inda' is my account name

They can havest that address because it no longer works. Good, yeah?

Spam Gourmet works great too. It lets you setup virtual forwarding addresses that remain active for a specified amount of time. This is especially useful for sites and services that require and email activation, etc.

and spamproof the other account

Even easier is to simply setup an account at SpamGourmet and when somebody asks for your email address, give them something like slashdot.2.alux@spamgourmet.com. Spamgourmet will simple forward the third and all subsequent emails to Dave Null.

If the only address one ever gives out, is that spamgourmet one, then anything not from support/management at your ISP or went through spamgourmet, can be deleted as spam. Procmail can do that check for you.

Wind under Thy Wings

Amber

I track spam at spamgourmet.com for about 27,000 user accounts (disposable email accounts). It's actually down about 13% this week. (no, I don't have a life)

We see dips around major (US) holidays, such as Thanksgiving and Christmas, and, for instance, a big one right after Sept. 11, 2001, but I'm not sure how to explain this one.

The two following email addresses are valid spamgourmet email addresses:

realplayer.10.stephanruby@spamgourmet.com

or

yahoo.a.stephanruby@xoxy.net

In addition to knowing where the emails are coming from, you can fine-tune the exact number of emails you're willing to accept from that particular sender, and you can change your filter settings easily enough to block or accept all the emails coming from a particular user.