Slashdot Mirror

I have a policy that my customers pay me on time. Unfortunately I tend to get strung along for 90 days. Since my policy doesn't have the force of regulation I tend to have to suck it up.

I hate this type of post.

It's defeatist and dispiriting to the reader. By advocating no action ("suck it up"), it supports and encourages loss of freedom, authoritative control, and hopelessness.

It's also uncreative - there's *lots* of things we could do, both as a group and individually, to try to change the situation.

You don't have the will to fight, so go drown your despair in drink. Don't being down everyone else as well.

The OP took the trouble to file suit against the TSA. Looking at his website, he might be a rare case of a lawyer doing an open source 'kind of thing.

I haven't seen a lot of this type of "open source good for the community" from the legal profession. I'm not saying that there's *none*, but it's very rare compared to the number of lawyers around.

Engineers are pretty generous with their time. There's a ton of open source software and designs for hardware, people answering questions, things you can make and modify and use.

A lot of lawyers I talk to claim to be unemployed or under-employed. Looking through the myriad number of social abuses we come across at Slashdot, I've always wondered why some of them don't put their spare time into fixing some of our problems using the court system. If it's their own time and they are otherwise unemployed, it wouldn't be very expensive.

They'd also get a big boost of popularity (and business) from having defended a rights issue. When the police decided unilaterally that recording them was illegal, it took an incident to take it to court, and not a pair of lawyers who had set up a situation, with proper witnesses and affadavits.

Anyway, this guy appears to be doing some legal things in the manner of open source.

Cut him some slack, OK?

It's not enough. You need to use a service like spamgourment and have a unique address for each mail list so that you know exactly what act linked your email address to your web search.

Google searches used to leak information in the referrer (I'm not sure what personalised search would have done to this; possibly something would include enough to link to a mail address). They stopped doing that now.

Every account I have in under a different handle, each piece of mobile equipment is under a different
persona http://www.fakenamegenerator.com/ I don't do social sites only because I don't care for them.

I've nothing to hide, it's just what I do. I was security conscious long before Gore gave the public access to the Internet.

Forte Agent mail reader lets you have multiple personalities, POP3ing Email from your other accounts.
-I don't care for online e-mail.

Google will catch up with you if you have multiple Gmail accounts; asking if you would like to combine
them and use your real full name Mr. Micky Mouse . I see this as an IP match and where the weak link is.

It's what I do, but not a fanatic about it, I know there are key phrases, and statements I'm prone to use
no matter the account.

Just use a HOSTS file it blocks most of your tracking and spam online, it's your E-mail address that screws you (spam wise),
I use https://spamgourmet.com/ for disposable Email addresses, many filter that address and don't allow it.
-A HOSTS file block tracking ie if you don't touch their site they don't know about you or your surfing habits.

Root (jailbreak) your mobile equipment so you can use a HOSTS file cause your phone/tablet has conversations with the trackers.
Google Play Store put a halt to programs that stopped that conversation, so you have to find your blockers elsewhere.

And always read ToS's and Privacy Policies, while they may not be telling you the truth they do list sites you need to block
if you use their service (tracking). Also one's with a hardcore we collect everything policy I've no use for (Angy Birds (rovio.com)).

I have used Spamgourmet for disposable e-mails since forever.

Test spamgourmet.com. That makes throwaway email easy. Using that I never noticed junk mail from them.

Try an E-mail multiplier, such as SpamGourmet.

You can set up any number of separate E-mail addresses which get forwarded to your main E-mail, and if you set mega as the "exclusive sender" there's no limit count on that address.

Whoa... companies are abusing their ability to obtain people's personal information? I'm shocked... SHOCKED I tell you!

As an aside, here is an incredibly undervalued service:
http://www.spamgourmet.com/

Lets you invent dynamic email addresses, so if someone wants your email address you can give them a specially crafted one right on the spot.

Good idea for the phones, Stiletto! This is how SpamGourmet (a free service) already handles email.

The disposable, dynamically-generated addresses can optionally die after a specific number of received emails, and you can specify a single "trusted" sender for that address. If they or anyone else give out that address, it only works so long, then those emails stop. Now if we could just get authenticated information from the phone spammers, instead of blank or spoofed numbers, it might work.

For those that don't know, there is a simple and fantastic service called SpamGourmet. You can create disposable addresses on the fly, control how many emails they accept, etc.

http://spamgourmet.com/

How do you know it was dropbox that let your address out?

I use spamgourmet to create unique email addresses for every site that wants my email address. I've used this for nearly 10 years and have created 616 different email addresses. The one I used for dropbox has never received spam, but I have gotten spam on the addresses I created for a samsclub rebate, and for the email address I used to make an account with Sony Online Entertainment, and on a few various other websites. These types of database cracks are common, and it really shouldn't be a news story.

I do not wish to advertise for the site mentioned above. As it stands now, google and yahoo mail both give the opportunity to make disposal email addresses now, so the service I use is no longer unique. But, I do recommend that everyone does use a service of this type, so that you can shut down only the addresses that you get spam with.

Create second gmail account. Use aliases there. Have that forward to your primary account. You now have the same net effect as your second yahoo account, with the "base name" of the yahoo account's spam filtering replaced by the address of the secondary account.
Or use Spamgourmet, which is what Yahoo's system is based off of. Or Mailinator, dudmail, or any of the many, many other such free services.
My point was that a system exists to decoy spam in gmail, while ThunderBird89 seemed to think there was no such system.

If you are more paranoid than average you can use a second address set to auto-forward as the base.

Most people are not going to be familiar with the system enough to know what you mean by this. Google's FAQ will help:

Gmail doesn't offer traditional aliases, but you can receive messages sent to your.username+any.alias@gmail.com. For example, messages sent to jane.doe+notes@gmail.com are delivered to jane.doe@gmail.com.

Obviously any spammer can figure out that your real address is jane.doe@gmail.com with such a system. Your solution, to chain the alias account to a secondary real account to a primary real account does hide the primary address, but exposes the secondary address, which is just as bad. You can't close that down, or all your aliases stop working.

I haven't used Yahoo!'s system, so I can't speak to whether or not it is better. The best approach is to use spamgourmet's service and watch words, which is essentially what Yahoo and Google were both copying in the first place. It will, of course, work with any email account. They explain watch words here:

Watchwords (the new way) are similar except that they must be contained in the word for the new address to be created. They use regular expression matching (if you know what that is) so you can come up with all sorts of interesting approaches. For a simple example, if you have rope and soap as watchwords, these addresses would work:
saddlesoap.4.spamcowboy@spamgourmet.com
ouch-ropeburn.4.spamcowboy@spamgourmet.com
but this would not:
someotherword.4.spamcowboy@spamgourmet.com

I've been using spamgourmet before gmail even existed, and am up to 609 created disposable addresses now. It's amazed me which retailers have sold off my address to spammers. For the record, Sony Online Entertainment and Sam's Club were the biggest surprises. I get "Viagra from Canada" spam from the addresses that I created specially for SOE and Sam's Club.

I really do not know why spamgourmet never gets the attention that they deserve. It really is about the greatest free service I've ever found.

'Catchall' email addresses once were useful for precisely that purpose. I had slashdot@mydomain.foo set up and could tell where a spammer got my details from or who sold them. I did catch a few people out.

The problem is, spammers often bruteforce email addresses as well. So accounts@mydomain.foo, management@mydomain.foo, john@mydomain.foo, betty@mydomain.foo would all receive spam.

Moreover it makes it impossible to close down an account, for example if you decide to change your primary email address etc. Unless you go to the trouble of routing that email address to your trash at a server level.

I love disposable email addresses but don't think wildcard catch-alls are the answer any more. Another thing that Spammers have ruined.

Check out http://spamgourmet.com/ for another approach.

There are personal reasons for these services as well (ie: spam and tracking).

Disposial Email address? I use
http://www.spamgourmet.com/

Another identity? I use.
http://www.fakenamegenerator.com/ .
Only when the website greets you do you know who you are there - Hello: Robert!.

I've had the issues as the original poster. So, about 6 years ago, when I was about to change email addresses anyway, I signed up for an account at Spamgourmet.com. I hoped that I would never need to worry about unsubscribing again.

It works perfectly. I place unique characters in every address that I give out online. The first 'n' messages to a particular address get forwarded to my main address. After that, they get eaten by spamgourmet. I have to manually increase the limit or designate an exclusive sender if I want more than the first 'n' messages to go through.

You can set 'n' to be anything from 1 to 20. I use 5 typically.

Try spamgourmet. It's really neat because the act of signing up can automatically create the email address for you. After that you get to know for sure exactly which services sell on your email address. I've been surprised (I only found two so far; they weren't ones I expected; it seemed to be due to a security problem).

The advantage over a catch-all domain is that it has all sorts of mail handling features like auto-expiring the address if they start to spam; re-instating the address if it turns out they are sending useful info; allowing email to an address only from an address etc. etc.

I use spamgourmet.com for disposable email addresses.

Among other things, spamgourmet lets you set the number of messages that can be sent, so it can be useful for things like placing an order where you need to register, get an email with a link to validate your email address and then get an order confirmation and a few tracking status emails, but then stop accepting anything after that.

It doesn't catch as many bad actors as I thought it would, but when they do misbehave, it's kind of cool to see the number of deleted messages that never filled my inbox.

They also have it set up so that it you can reply to messages routed through spamgourmet without giving away your real email address. There's also an alternate domain so that when you're dealing with an actual human being they won't be freaked out by an email address that has the work "spam" in it.

Spamgourmet allows you to do this on-the-fly, no personalized domain necessary.

Let's say your free email address at spamgourmet is joe@spamgourmet.com

Wen registering at Newegg, you'd just write newegg.joe@spamgourmet.com and spamgourmet would automatically forward your email to your real email address. The system even allows you to reply to the forwarded message from your real email address, and spamgourmet will act as the intermediary removing your original email address from the message. Spamgourmet even has more capabilities than that, for instance you could just write newegg.12.joe@spamgourmet.com instead that would mean you're only expecting 12 emails from Newegg, not a single more and spamgourmet would just keep a reverse counter (and of course, the system allows you to change your mind, for instance you could just decide to whitelist any of the emails coming from Newegg even if you had it set to only receive 12 emails from them).

And of course, some web sites have been banning spamgourmet email address from their registration form, but that doesn't really matter, spamgourmet has many alternative domains you can use, and you can even donate your own domain to the cause if you wanted.

And by the way, the system is free and open source, so you could even set this system up on your own servers if you wanted (not that you'd really need to).

I've used spamgourmet for years and never had the address refused anywhere.

And spamgourmet has been doing something like this as well, but better and more anonymously:

1. If you haven't done it yet, create a spamgourmet account. Enter your user name and the email address you want to be protected. You will be asked to identify the word in a picture and pick a password.
2. Spamgourmet will forward to this address all the emails sent to your spamgourmet disposable addresses -- that way you don't have to tell anyone else what it is -- this is why it's called the protected address. Of course, this protected address must exist. That's why you have to confirm it. You'll receive an email asking you to confirm.
3. After you have confirmed your protected address, you can give out self-destructing disposable email addresses whenever you want. The disposable addresses are like 'someword.x.user@spamgourmet.com'

All they need to know is a user name and your email address (because they need something to forward emails to).

Any site that asks for my email address right away, forget it.

I have 700+ email addresses on spamgourmet.com. I get mail on the ones that I want to, and throw out the mail on the other addresses. I can turn them on and off through a web interface.

Why doesn't this work for you?

Because a genealogy site - ANY genealogy site - isn't worth the 15 seconds of my time it would take. So if you want me to look at it, you have to make the barrier to entry pretty much zero.

Any site that asks for my email address right away, forget it.

I have 700+ email addresses on spamgourmet.com. I get mail on the ones that I want to, and throw out the mail on the other addresses. I can turn them on and off through a web interface.

Why doesn't this work for you?

Spamgourmet is useful as well. You can set a maximum number of emails that you want to receive sent to a particular email address.

I recommend Spam Gourmet, personally. Its free, it has many domains you can use for forms in case one is blocked, and it is rather robust. I've been using it for years, and yet to have any serious problems with it (sometimes it has eaten something it shouldn't have, or has had a decent delay in resending, but this is rare, and I doubt your using it is a primary email address for things that are actually important

Your message stats: 3,789 forwarded, 224,298 eaten. You have 326 disposable address(es).

Is it me or is Mailinator a blatant rip-off of http://spamgourmet.com/?

Aliases - instead of having to keep a bunch of throwaway accounts with Yahoo, MSN, etc - I just set up a few aliases. Every so often they're purged, thus the spammers rarely get a hold of my address.

everyone should have a spamgourmet acct! http://spamgourmet.com/

SpamGourmet - I can't begin to say how awesome this is.

Have a look at spamgourmet.com. That page explains it better than I can, but I'll try to give a quick summary.

In 'simple' mode, you have a username at spamgourmet which is assigned to a particular external address. Each time you sign up for a new thing, you create a custom address which indicates how many emails you wish to receive, e.g. keyword.7.user@spamgourmet.com. You will never see any more email sent to that address beyond that limit (an advanced customisation is available to reset the counter).

You can also use Spam Gourmet at http://www.spamgourmet.com/. It has several features that go above and beyond what GMail has (to my knowledge).

First, it will forward the e-mails to any address, so you don't have to use GMail. Second, it lets you include an identifying string, like GMail. Finally, however, is the best feature: in the address you give you can specify the number of e-mails that you want forwarded to you before they start getting sent to /dev/null. You can also whitelist addresses if you choose. I've been using it for years, and it works very well.

identifyingstring.numtoforward.username@spamgourmet.com

http://www.spamgourmet.com/ is a nice alternative

I use SpamGourmet for a few years now. You can e-mails that auto-expire after x amount of e-mails and/or add trusted domains that don't toggle the e-mail count.

I've been using GishPuppy for a while, though it's sometimes down and doesn't forward as instantly as I like. Its simple interface for creating new addresses and expiring current ones is the best aspect for me. I've used Spam Gourmet a few times and it looks promising. It has several interesting features that I have yet to master.

A classic example of this is Ameritrade.

1. http://bbs.spamgourmet.com/viewtopic.php?t=81&postdays=0&postorder=asc&start=45&sid=21389b26d00d7c69bc59424a299b3f98
2. http://groups.google.com.fj/group/news.admin.net-abuse.email/browse_thread/thread/de64222d0929c6b4/a402bc49558f7330

I set up an account with them, using a single-purpose email address, amtdcrowell06 at lightandmatter.com. Notice the amtd on the front, which was a unique prefix I chose just for use with them. I started getting spam like crazy. Strangely enough, the spam was all about stocks -- pump-and-dump stuff. Ameritrade tried to blame it on a virus, which wasn't very plausible, since I was running FreeBSD, postfix, and mutt. They tried to blame it on a brute force or dictionary attack, which also wasn't very plausible -- the prefix doesn't really consist of dictionary words, and 13 characters, consisting of a mixture of letters and digits, gives a total of 10^20 possible addresses that would have had to be checked by brute force. I wouldn't have minded if it was a myspace account or something, but these were people who had large amounts of my money. I migrated my account to scottrade. Years later the news broke that ameritrade had leaked tons of email addresses. They blamed it on some unknown insider. Since people had been telling them about the problem for years, you'd think they'd have clued in a lot earlier. It's amazing how bad an internet-based company can be at the internet thing. If any slashdotters are using ameritrade, you might want to think about switching to some other company. (Ameritrade's web interface also had some functionality that didn't work properly in Firefox on Linux.) You can transfer your portfolio from one company to another without having to pay capital gains, and without incurring transaction costs.

and to email it you have to give them the email address.

You don't even need to own a domain. http://spamgourmet.com does a variation on your idea for free (plus, if you don't want the domain name spamgourmet.com, they always have other less obvious domain names you can chose from). They've been around and working for a number of years now. And they're open source, so if you wanted to do something even more elaborate with your domain, you could just use their code.

Plus, there is another free service that does a similar thing (although I can't remember its name). And of course, there are a couple of commercial outfits that provide variations on the same theme.

This has been going on for years.In 2005, a user of the spamgourmet disposable web site address reported that he was getting spam advertizing stock scams to an address he created exclusively for Ameritrade. Moreover, the user ran a *nix version on his PC and was very careful, so a leak on his end was unlikely. Ameritrade first denied, then compensated him. That was only the start. Since then, many reports surfaced showing that Ameritrade has an email leak problem.

It was only logical that the leak wasn't limited to email addresses.

Meanwhile, Ameritrade denied that their system was compromised. For instance, a spamgourmet user attempted to contact Ameritrade but got nowhere, so he complained about Ameritrade to the BBB. That woke Ameritrade up. They finally answered the user, while denying any breach in their systems:

We received correspondence from the Better Business Bureau about your Ameritrade account.

I wanted to follow up with you about the Spam e-mails you received. I apologize for the delayed response and understand any frustration you may have experienced in this matter. Although we have been unable to determine the exact cause of the Spam, I wanted to inform you of what we do know.

We thoroughly reviewed our systems and data sent to third parties with access to e-mail addresses and found no misuse or compromises of any of our systems or storage mediums for e-mail addresses. Additionally, after further review of our systems, there is no indication that your account information held with Ameritrade has been compromised. Please be assured that we regularly contract leading edge security firms to conduct network and application penetration tests to test the security of our network and web presence. We also employ a staff of full time employees solely dedicated to Information Security.

In the light of their recent admission, this translates into: "Our staff was utterly clueless and couldn't find a Trojan if it hit them in the balls with a brick. This contractor guy ran a newfangled thingie called a "rootkit detector" and whaddya know, it lit up like a Christmas tree. He saod your data got pwned. So there."

I've got to plug SpamGourmet.com. It's perfect for temporary throw-away addresses, like "slashdot.5.myalias@spamgourmet.com" which is my way of saying, "I've given my email address to a site called slashdot. They're only allowed to send mail to this address 5 times. After that, they bounce. The first five that make it through will be forwarded to an email address of my specification."

Of course there's the risk that a spammer would learn about spamgourmet and decide to exploit it by sending 115ASG123.20.myalias@spamgourmet.comm, but then they'd need to know my spamgourmet alias.

http://www.spamgourmet.com/.

There is even a spamgourmet user who created a unique address for ameritrade and received spam, thus confirming the trend. See http://www.spamgourmet.com/bbs/viewtopic.php?t=81& postdays=0&postorder=asc&start=60. The user complained and got the same kind of letter as everyone else.

Use spam gourmet. It's quick, easy, and you only have to give out your real email to one company. If they leak it, you know who did it. I've been using it forever, and it works great.

Protip: if you run your own mail server generate a whack of aliases (ie: bogus000 through bogus999) so you always have a disposable address available.

Even easier: just go to Spamgourmet.com and set up an account there (takes about 15 seconds, seriously), and then you can use all the addresses you want of the form [someword].youremail@spamgourmet.com.

E.g., if you're signing up for Ameritrade, you could use the address "ameritradesucks.kadin@spamgourmet.com" (or any other of about 10 different domains, it's not just limited to spamgourmet).

After each address has forwarded a set number of emails through to your real, hidden address, it will shut off and all further messages will be "eaten." (You can re-activate emails if you want, or set up whitelists so that all email from ameritrade.com gets through.)

It's a pretty brilliant system, and it's completely free. If you set up an account and use Spamgourmet dummy addresses everywhere, you can almost totally prevent spam arriving directly to your inbox. Also, you can go in later and see which addresses have been flooded with spam (some of mine have received thousands of messages) and see exactly what services are selling out out. Very cool.

"I've often thought of generating some kind of unique e-mail address for each of my friends, to detect if my e-mail address has been compromised by them (or their PC). e.g:
asdf2344ks@gmail.com for my emails to Tom oieo116i2k@gmail.com for my emails to Liz"

This service already exists. It's been around for a while. It's free. You only need to remember a chunk of your username, and make up the rest (instead of making up the rest of the name, I use the name of the actual site I leave my information with). I use it for every web site I'm forced to register with. It has a number of other domain names in case you don't like the spamgourmet name. Plus, it has a number of other cool features -- if you desire to delve more into it. And it's also open source, so you can easily install it on your own server and modify its functionality to your hearts content.

http://www.spamgourmet.com/

Not only that, but unless I can consciously remember signing up for a particular mailing list, I'm not going to use its unsubscribe link -- I'm just going to mark it as Spam.

Why? Because an "unsubscribe" link can just as easily be an "this email address is live, sell it to all the other scumbags" link. Unless I know that the organization it's coming from is legit, clicking on an 'unsubscribe' link in an email is considered harmful, and I won't do it.

If you want to send out bulk emails (and I think this is a pretty terrible idea to begin with), you should carefully cull your lists if you don't want to be marked as a spammer. I don't want to get messages from someone for the rest of my life, just because I bought something from them once. At best, that's going to make me regret ever doing business with them. Just because I bought something from your crummy web store, shouldn't give you the right to send crap to me forever; if I haven't made another purchase in a few months, I'm probably not coming back. Roll the old address off of the list, and move on -- you're probably just going into a junk-mail box somewhere anyway. (Or more likely, being "eaten" by Spam Gourmet after the 10 messages from you I told it to let through have come and gone, because I didn't trust your ass not to spam me in the first place.)

The ultimate definition of "Spam" is pretty simple: it's email that people don't want to receive. If you're sending out email to people who would rather not be getting it, you're a spammer, plain and simple. It may not be illegal (yet), but it doesn't mean that it's not obnoxious.

The first thing you need to do, more or less straight away, is find a way to separate your email address from the place your email comes to rest. I have a domain AND an account with Spamgourmet. One is for fighting spam, but both are so I can hand out addresses that are independant from whatever service I choose to use to actually receive my mail. This allows you to easily leave crappy places that force ads on you or otherwise stuff up your mail. Start advertising your new address now, so that in a year or so when Yahoo pulls some new crap that pisses you off, you have the option of leaving them without any of your friends noticing. I also recommend setting up a bunch of IM accounts, then using an ad-free all-in-one IM client like Miranda IM and move away from email in general.

An alternative to TMM (and a precursor to other disposable-address-and-delivering-to-your-mail) : http://www.spamgourmet.com/

For sites that block mailinator, you can try out a Swedish site (use with moderation, please): http://www.slaskpost.se/
(it's in Swedish, but you should be able to get by as it is quite similar to mailinator except for the captcha)

Christ people, http://www.spamgourmet.com/ has been doing this for over 6 fucking years!

Sure a 6 month or a 1 year dupe is possible, but over half a fucking decade?
Is Slashdot going to re-annouce the release of Windows 2000?

Fuckety shit fuck!

Ok I feel better now...

1. Gives you a list of keywords that you've used previously
2. If people appear to know your system for choosing address names, you can change it
3. You can send email from one of the disposable addresses
4. You can use other domain names as well (e.g. neverbox.com)

Yep, I was going to point out that Spam Gourmet has been doing this for years. Granted this is a different slat where the addresses expire in some period of time instead of some number of messages but they are roughly equivalent.

I use Spamgourmet and I'm really happy with it. It's kept my real email address protected for years.

I know of at least two different sites which give out disposable e-mail addresses so I don't really understand why this is newsworthy.

http://www.spamgourmet.com/
You create an account and spamgourmet will bounce the mail to you. The syntax is: [word].[number of mails].[username]@spamgourmet.com. When the alloted number of e-mails has been used the mails will bounce unless you allow more through.

http://www.mailinator.com/
You just make up a string of letters and use those letters to view the account at mailinator. This is a truly disposable mail address since the inbox is open to anyone who chooses to look at the account. If the information is semiimportant you should choose a pretty random mail address.

I have been using SpamGourmet http://www.spamgourmet.com/ for a while. It works great and is more flexible. This is going to run into the same problem other services like this do. Sites will simply stop accepting emails from that domain name.