Slashdot Mirror
Where Do Dummy Email Addresses Go?
ajain writes "Maybe a year and a half back or so, I started using someone@somewhere.com as a dummy email id in online blogs, guestboks, forums, and sundry pages. But then I started wondering what if someone actually tried to email me on that email address. I was sure that it would bounce because I assumed that there wouldn't be an actual email address like that. In any case, just for fun, I decided to google on someone@somewhere.com. And lo behold, there are some 4090 results! I have written a small article at my blog and a reader says NoOne@NoWhere.com is another contender. Do you use some common dummy email IDs too, to get around the privacy problem online? Isn't there a potential for malicious misuse of someone's email ID in this way?"
how many people fill out bill.g@microsoft.com (or something similar)
the answer is "yes", move along.
-- 'The' Lord and Master Bitman On High, Master Of All
I usually use support@microsoft.com
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
I usually use no@no.com. Never checked if it exists.
Error 404 - Sig Not Found
sadfd@afds.com
Poor owner of that address. These days, though, I use @example.com wherever possible because I know it won't go anywhere at all. It's not a bad idea for other people to use it when they can, either.
I always use asdf@asdf.com
seems I'm not alone:
http://www.asdf.com/asdfemail.html
http://www.asdf.com/whatisasdf.html
Strangely enough, somewhere.com offers anti-spam services as well as other consulting things. Could it be that they have set up someone@somewhere.com as a black hole to track spammers? That sure would rock. There is always some misuse when you post your email address online. Don't do it. Simply code a form for contacting you via email and let PHP or whatever send it to you behind the scenes. This halts any kind of email harvesting, and results in the use of faked email addresses, or obvious ones, like admin@DOMAIN.com or whatever. If you have a catchall, you should disable it and let them all bounce. When enough email bounces, someone somewhere will figure out something to solve the problem of spam, or run of the mill spammers will just give up.
The dangers of knowledge trigger emotional distress in human beings.
I always used root@localhost as the replyto when I posted to usenet, let the spambots pick that one up...
At the bottom of the endless pile of paper work which characterizes all regulation lies a gun.
Alan Greenspan
I used to use the ones you describe, as well as "fatchance@nospam.com." Then, I discovered Mailinator. This is pretty handy. You make up an address @mailinator.com. Mail can go there, and the address is "created" on the fly. Later, if you are really interested (say, a registration for a newspaper site), you can pick up the mail. After a few hours, the account is deleted.
Back in the day there was a web site, anti-social.com that gave out free email @anti-social.com. So I grabbed letthemdie@anti-social.com and used that whenever I had to give an address to something I didn't want to give an address to, just to be an ass.
The original Anti-social.com faded away in the mid-90's. It's rather interesting to note that now, when I point my browser to anti-social.com it redirects me to the offical Bush-Cheney '04 blog. How bizzare. What's up with that?
I usually use webmaster@, and I check all of the "Email me adverts for all this shit!" boxes, too. Let that teach 'em to harvest emails for spam!
I usually sign up with the adress of people I hate. Right now it's that smelly boy in 5th grade who never would shut up about his baseball card collection.
The domain "example.com" is reserved for exactly this purpose.
However, I find that for cases where you can be reasonably certain your address is NEVER going to be used for legitimate purposes (such as cases like this where the context implies the address is useless and it will only be treated as real by harvesters), you can skip the middle man by using uce@ftc.gov
A pizza of radius z and thickness a has a volume of pi z z a
Most programs and sites happily take -@-.- which isnt even valid.
This comment does not represent the views or opinions of the user.
If you go to example.com (or .org, .net) it'll tell you that it was set up as a dummy domain in some RFC for the express purpose of being used as an example: "so then you point your browser to example.com" that wouldn't be abusable. So go right ahead and use example.[com|org|net].
There are plenty of places you can safely point to. It's fair to assume that mailboxes at example.{com|net|org} are unmonitored. There's also me@privacy.net which bounces email with a polite notice that you don't want email from the sender. Spamcop provides the conspicuous nobody@devnull.spamcop.net, originally provided for users of their newsgroups but open to all and of course you can just use fake tlds like nobody@fake.invalid which will always be rejected before the email even leaves the spammer's servers.
If you do want to recieve email but only, say, once from a company then you'll be looking at SpamGourmet which provides simple, free, fowarding addresses that expire after X hits.
... i still have to ask a guy named Donald working for Disney and a guy named Dubya working at the whitehouse, if they ever received any mail for me.
karma police: arrest this man, he talks in maths; he buzzes like a fridge, he's like a detuned radio. [radiohead]
Once Upon A Time, a friend of mine had a domain that spelled a major ISPs name backwards (he registered it on purpose, and joked that he was the "anti-big vendor" and gave shell accounts to friends, friends of friends, etc.
Then, someone started posting to usenet a lot, who was a customer of Big Vendor , and he 'spam-proofed' his address by ever so cleverly spelling it backwards.
Suddenly dozens if not hundreds of undeliverable messages started landing on Mike's server for some clown over at ReallyBigISP.
So, like any good sysadmin, he corrected this oversight, adding a sendmail rule to deliver mail for jrluser@psigib.com to jrluser@bigisp.com.
The moral of the story: Do not create harm for some innocent third party with your spam evasion techniques. It may come back to haunt you.
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
Right, posting about your mail bombing exploits to innocent AOL customers is the perfect way to get respct and karma around here. Let alone you did it in VB.
Maybe a year and a half back or so, I started using someone@somewhere.com as a dummy email id in online blogs, guestboks, forums, and sundry pages. But then I started wondering what if someone actually tried to email me on that email address.
So.... you're the jackass who clogged up my mailbox with all this crap. Thanks alot, pal!
These days, I just use Mailinator. They offer throw-away email addresses for free and automatically delete any mail the account receives after a few hours. That way, I can actually confirm registrations and the like but don't have to worry about spam. And I do not bother innocent third parties, such as the nowhere.com domain owners.
RFC 2606 reserves domain names like example.com, so you can safely use those without hitting existing email addresses.
using another person as your dummy adress is pure EVIL. i was forced to abandon my main email adress because some moron used very extensivelly as a dummy address. and it was no coincidence, the address was too complex. before bayesian filtering, i had no other option than change my email and it is not an easy task if you have used for long time, you have printed ona various dead trees and so on
SHE does throw dice.
I usually use the email of an ex-boss that I hate.
-
ping -f 255.255.255.255 # if only
Use a domain less than 3 chars - can't exist, according to standards, so you won't be abusing anyone. If that's not allowed, use example.com (or .org, or .net), which was set up as a dummy domain to be used in examples.
The best way I've found, though, is mailinator.com. Every @mailinator.com account "exists" (is created as needed), and other than (perhaps) root, abuse, etc., they aren't passworded. So you don't even have to set up a junk account, just make up the address on the fly. Be sure to delete any emails with passwords in 'em ASAP, of course.
I own a domain that relates to a popular TV show -- many people use characters' email addresses when polluting registration databases (instead of using BugMeNot) and I get that email.
I also set up an AOL screenname "ignoreallemail@aol.com" and I use it when I'm polluting a database myself. I don't think that one can be killed. AOL dumps the inbox for me as it fills, but since I don't read any email there, I don't care.
Why spend time typing nonsense emails like someone@somewhere.com and noone@nowhere.com when you can just type 1@2.com?
example.com was reserved by the IETF so that dummy email addresses could be used in examples. See www.example.com/
is a pretty common one here in england....
by and large (eg with the proviso that only non existent domains are used for this) I applaud such things as the best way to fight all these loons building ever larger and ever more interconnected databases of internet users and profiling and tracking and analysing them is by filling those databases with as much junk as possible...
I will commonly complete you-must-register-to-get-access forms with;
a nonsensical name, eg mickey_moose_99
a DOB circa 1900
the wrong sex
an unlikely city and country, such as Krasnyy, Iran
a 90210 area code
an 0898 696969 telephone number
It would be nice to hear from someone with access to a large database, eg online newspaper, what proportion of registration data is bogus.
http://slashdot.org/~GuyFawkes/journal
The most miserable admin on the planet surely lives here.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
One I have used for years. I am sure Mr. Irvin Tsnot at Real Networks is wondering why he gets so much junk Email...
What post? The one you're carrying inside your rusty innards!
You can actually retrieve stuff from that address later, if you need it. According to the site, "Jablome.com is a publicly accessible inbox for heywood@jablome.com.
"Use this email address any time you just need a quick, disposable place to send stuff. Get the info you want and never be bothered by the resulting torrent of spam and/or other weird stuff."
I always use
o urbusiness.com
fuck@you.com
eat@me.com
blow@me.com
noneof@y
MarketingWeasels@suck.com (Sorry admin@suck.com!)
The somewhere.com domain is registered by Speakeasy. I checked and found that there is currently no mailserver associated with somewhere.com, so in this case you lucked out and didn't hurt anyone with your misguided efforts. People using random email addresses are very much like people randoming shooting guns. The example.com, example.org, and example.net domains are safe to use for this purpose, see RFC 2606, Section 3.
or else you get aoeu, which is the row on a dvorak keyboard
1 - you are falsifying your identity with intent to deceive.
2 - you are assuming the identity of someone else, again with intent.
3 - improperly using others resources, or causing harm to others resources..
Doubt anyone would ever be tried and convicted under the law, but in this day and age, when people are jailed just for speaking, and the government will monitor what books you read, anything is possible..
---- Booth was a patriot ----
is to use any LHS @example.com. This, by RFC, is guaranteed to belong to nobody.
example.com is set up for exactly thie purpose. See RFC 2606. .test .invalid .localhost are also mentioned in RFC 2606. .localhost may cause more fun when somone tries to mail spam to it.
JimBob Jumpback 1313 Mockingbird Ln. Anywhere, CA 90210 jimbob@jumpback.com 555-123-4567 Please feel free to use this for yourself.
"I usually use webmaster@ ..."
I prefer postmaster@[site]. Internet standards require postmaster be a working mailbox (not everyone follows the standards, but many/most do). I also find webmaster@[any-domain] tends to gets tons of dictionary-attack spam, thus making it more likely to be filtered already. Most (not all!) spammers filter out postmaster@[all-domains] (spammers may be stupid, but they're not *that* stupid). Finnally, postmaster@ is, I suspect, more likely to be read by people who care (sysadmins rather then marketing weenies).
"...and I check all of the "Email me adverts for all this shit!" boxes, too."
I never do that. I also check off whatever "opt-out" options the form offers. That way, they are encouraged to adhere to their own policies. If they do not spam unless you ask them to, then postmaster@ will not be spammed. If they send stuff without asking, then postmaster@ gets it.
Alas, more and more registration forms check for obvious things like a domain the organization already operates.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
In the UK, 1 is only illegal when you use a false identity for fraudulent purposes. You are not doing 2 if you use an @example.com address - there is no person at that address to impersonate. And 3 doesn't apply if the organisation in question doesn't send you an email. If you don't request that they send an email, then they are using their resources on their own initiative and you aren't misusing anything.
What you are probably doing is violating a EULA, but their legal standing is very questionable, especially when you aren't actually paying for the service.
So, at least in the UK you aren't going to get busted for using a fake account if you do it right. Using support@microsoft.com is a different matter, you could probably claim it's stalking or something.
IANAL...
someone@somewhere.com VS none@none.com
4090 to 6660
Round 1 goes to None@None.com
[Fuck Beta]
o0t!
For this, Mailinator is perfect.
http://wsulug.org
Maybe an address at networksolutions.com or netsol.com would be more appropriate, after all they want to be the destination for traffic to nonexistent domain names with their sitefinder crap.
I have my dummy addresses point to a particular mailbox that is periodically dumped over to spam-assassin's auto-learn script.
Muhhahaha.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Heh. I actually registered that to put up a parody/protest about sitefinder. The domain turns out to get a lot of spam; some stuff from people who obviously just typed it into a form, but also however from people who had their mail systems configured to divert their spam/bad mail to nonexistentuser@nonexistentdomain.com (or some variant). All were happy to stop when asked, but if you must configure your mail like this, possibly better use an *impossible* domain (I did get a fair bit of private email bounced on to me by badly configured mail systems).
sales@real.com :D
I've always used user@host.com but lately it seems validators are disallowing this option.
Somewhere.com is a domain that was registered by a friend of mine long long ago back before spam and web sites and all that crap ruined the beauty that was the Old Internet. (I'm being ironic here, by the way). I think he registered it because he thought it was kind of funny, but unfortunately he pointed it at his mail server.
:'}
It turns out that as the internet became more and more popular, more and more people started using someone@somewhere.com as the address they'd put into email when they didn't want the originator of the email to be known. For example, forwarded mail where you don't want the person who forwarded it to get mad at you for publishing their email address.
So he started getting a lot of crank email to somewhere.com - people complaining that he shouldn't send them mail about Jesus' third coming in a UFO, and stuff like that. For a while he tried sending mail to these people to clue them in, but of course they were un-cluable.
Eventially, it got to the point where he was mostly getting the kind of stuff you get when you've been joe-jobbed - angry replies to actual spam of the kind to which we've sadly become accustomed. It was then that he started analyzing the responses, and I'm pretty sure this is what inspired his anti-spam work.
Messagefire, the anti-spam service he started, really rocks. It's too bad that they've stopped accepting new customers. Sigh. Because I know him, I got in on the ground floor, and am still using it to filter my spam. It's wildly successful, and I'm very grateful to him for setting it up. I hope at some point they start selling service again.
i use this alot.. but i mix it up by also putting abuse@(the domain asking for my email) and then i sign up for every newsletter they have... i figure it saves me alot of time by just letting them report the spam to themselves... 8)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Check out spamdam. It does that but forwards them your main account so you can disable addresses that are no longer useful. It has a nice web interface for managing aliases. I use it all the time and it's great. [/plug]
Please don't be rude to people who own real domains by using them, even if they're cute-sounding domains like no.com or nowhere.com, many of which are owned by old internet hackers who got the names when you could still get cool names like foo.com. It's fine to use example.com, which was set up specifically for that purpose. If you use domains that actually don't exist, you'll be hitting the TLD name servers, which really don't need that abuse either.
If you do want to be rude and pick an existing domain, at least pick somebody who's got the resources to handle it. President@whitehouse.gov, billg@microsoft.com, uce@ftc.gov. Alternatively, pick a service like mailinator.com or dodgeit.com that accept email for anybody, put it on a web page where you can retrieve it (with no password, so don't use it for anything real private), and garbage-collect old space after a while.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
foo@bar.com. It's a classic. Also, sometimes I use a@b.c, but some sites don't allow it.
"If at first you don't succeed, lower your standards."
Oh dear... I can see this already.
Microsoft Knowledge Base Article - 555666
Are we satisfied with the length of our penis?
Symptoms: You are unsure if we at Microsoft Support are satisfied with the length of our collective penis.
Resolution: To solve the problem:
Status: Microsoft has confirmed that this is a problem in the internet e-mail system, which thanks to our insecure e-mail apps and OSses, has gotten a lot worse than it should. Also, stupid users are to blame.
The information in this article applies to: Yourself you good for nothing spammer, Clippy.
I've used john@doe.com for the longest time
works for me :)
No encryption can withstand the power of the Lucky Guess.
I use god@heaven.com in cc: lines for the corporate email responses when someone adds everybody remotely related to the 'issue' to an email. When anyone does a ReplyAll, they get back an undeliverable message from god@heaven.com. In other words, HE doesn't want to hear you whining. The humour is lost on a lot of people.
When we find you, we will KICK YOUR ASS!!!!!
Sincerely,
Show me on the doll where his noodly appendage touched you.
I registered somewhere.com in 1995 (hey, it was free :-). After I sold my first consulting company, I named the next one after the domain. Somewhere.Com, LLC.
Spam didn't exist at the time. The first warning signs were when we'd occasionally get email bounces. Some versions of 'mail' on Unix, when unable to figure out who to return a bounce to, would send it to somewhere!name-of-the-user. Sendmail would helpfully turn that into somewhere.com, and we'd get the email.
When spam started, we started getting bounce backs. Spammers were using it as a "fake" domain. In those days somewhere's mail system was a Mac 8500 on a cable modem. Life would get very interesting when all of AOL's mail servers started throwing bounces at me as fast as they could. I had originally been bouncing messages back with messages asking people to stop--that had to change to straight rejections.
As a result of the time I was spending handling somewhere's email problems, I got into the anti-spam business. Initially writing tools to track spammers (http://www.spamwatcher.com/ is still up, although I don't know how well the spam analysis stuff is working). Later I co-founded Messagefire, an end-user anti-spam service.
In the meantime somewhere's email flow continued to climb. It's doubled every year. Hoaxes like the one about "wormalert@somewhere.com" (put it in your address book, and the fact that it's fake will cause viruses to die) didn't help. Nor did Microsoft FrontPage shipping with webmaster@somewhere.com as the default address in its templates. Axis shipped an internet enabled video camera that that (if you turned on the email feature) defaulted to sending all your security pictures to somewhere.com. (They've fixed it, but there are still cameras out there sending us a picture every 5-10 seconds.). Viruses that picked up all the references to somewhere.com off of people's address book and web caches started to account for more than a third of the email. People signing up for things with "fake" addresses accounted for a lot as well. (Why anyone would use an email address at a domain and not check to see if the domain existed first, I have no clue. Neither, apparently, do a lot of people who enter fake email addresses.) By last year we were rejecting 100,000 messages a day, of which close to 40,000 were going to someone@somewhere.com. I upgraded my DSL line to 768k just to handle the flow, and I had to limit my mail server to 100 simultaneous connections at a time.
This year we sold Messagefire to a Seattle company called MessageGate, and I now work for them. We use somewhere.com to stress test our enterprise anti-spam and compliance software. That happened only just in time; my router was starting to fail frequently under the load. Now the mail's on a high-bandwidth connection with multiple machines to handle the load--I just pick up the legitimate addresses after the spam has been filtered out.
I haven't looked in on it in several months, but we did let the email run unthrottled once early this year. After a few hours we were looking at enough bandwidth saturate several T1's, and volume of at least one million messages a day.
A couple things in summary.
1. Don't use fake email addresses. If you don't trust the site you are giving your email address too, then why are you doing business with them? If you're afraid of spam because you're posting your address publicly; then buy some anti-spam software. If I can manage to use legitimate email accounts on somewhere.com and not worry about spam, then obviously there's some out there that works well. I've been posting on usenet and the web using nazgul@somewhere.com for the past 9 years. The spammers definitely have my address. So what?
2. If you're going to make up a domain name, then *check* first to see if it's real! Better yet, don't. Just because it's not real now doesn't mean it won't be later. Use example.{com,net,org} if you must.
3. I see a number of people here s