Slashdot Mirror
Where Do Dummy Email Addresses Go?
ajain writes "Maybe a year and a half back or so, I started using someone@somewhere.com as a dummy email id in online blogs, guestboks, forums, and sundry pages. But then I started wondering what if someone actually tried to email me on that email address. I was sure that it would bounce because I assumed that there wouldn't be an actual email address like that. In any case, just for fun, I decided to google on someone@somewhere.com. And lo behold, there are some 4090 results! I have written a small article at my blog and a reader says NoOne@NoWhere.com is another contender. Do you use some common dummy email IDs too, to get around the privacy problem online? Isn't there a potential for malicious misuse of someone's email ID in this way?"
how many people fill out bill.g@microsoft.com (or something similar)
the answer is "yes", move along.
-- 'The' Lord and Master Bitman On High, Master Of All
I always use asdf@asdf.com
seems I'm not alone:
http://www.asdf.com/asdfemail.html
http://www.asdf.com/whatisasdf.html
The domain "example.com" is reserved for exactly this purpose.
However, I find that for cases where you can be reasonably certain your address is NEVER going to be used for legitimate purposes (such as cases like this where the context implies the address is useless and it will only be treated as real by harvesters), you can skip the middle man by using uce@ftc.gov
A pizza of radius z and thickness a has a volume of pi z z a
If you go to example.com (or .org, .net) it'll tell you that it was set up as a dummy domain in some RFC for the express purpose of being used as an example: "so then you point your browser to example.com" that wouldn't be abusable. So go right ahead and use example.[com|org|net].
There are plenty of places you can safely point to. It's fair to assume that mailboxes at example.{com|net|org} are unmonitored. There's also me@privacy.net which bounces email with a polite notice that you don't want email from the sender. Spamcop provides the conspicuous nobody@devnull.spamcop.net, originally provided for users of their newsgroups but open to all and of course you can just use fake tlds like nobody@fake.invalid which will always be rejected before the email even leaves the spammer's servers.
If you do want to recieve email but only, say, once from a company then you'll be looking at SpamGourmet which provides simple, free, fowarding addresses that expire after X hits.
Once Upon A Time, a friend of mine had a domain that spelled a major ISPs name backwards (he registered it on purpose, and joked that he was the "anti-big vendor" and gave shell accounts to friends, friends of friends, etc.
Then, someone started posting to usenet a lot, who was a customer of Big Vendor , and he 'spam-proofed' his address by ever so cleverly spelling it backwards.
Suddenly dozens if not hundreds of undeliverable messages started landing on Mike's server for some clown over at ReallyBigISP.
So, like any good sysadmin, he corrected this oversight, adding a sendmail rule to deliver mail for jrluser@psigib.com to jrluser@bigisp.com.
The moral of the story: Do not create harm for some innocent third party with your spam evasion techniques. It may come back to haunt you.
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
using another person as your dummy adress is pure EVIL. i was forced to abandon my main email adress because some moron used very extensivelly as a dummy address. and it was no coincidence, the address was too complex. before bayesian filtering, i had no other option than change my email and it is not an easy task if you have used for long time, you have printed ona various dead trees and so on
SHE does throw dice.
Use a domain less than 3 chars - can't exist, according to standards, so you won't be abusing anyone. If that's not allowed, use example.com (or .org, or .net), which was set up as a dummy domain to be used in examples.
The best way I've found, though, is mailinator.com. Every @mailinator.com account "exists" (is created as needed), and other than (perhaps) root, abuse, etc., they aren't passworded. So you don't even have to set up a junk account, just make up the address on the fly. Be sure to delete any emails with passwords in 'em ASAP, of course.
Even better, don't use a fake email. I use me@privacy.net. If you send mail there, you get an auto-reply that says the submitter likes their privacy and you generally suck for being an email harvester. Go ahead, send me@privacy.net an email and see what I mean...
the From: header can be easily forged and these privacy.net guys are just adding to the misuse of net traffic by replying.
spam should go to one of 2 places... an authority who can fine the sender, or /dev/null (preferably the mail server will reject the spam before even collecting it, such as grey listing does)
For this, Mailinator is perfect.
http://wsulug.org
Maybe an address at networksolutions.com or netsol.com would be more appropriate, after all they want to be the destination for traffic to nonexistent domain names with their sitefinder crap.
hmmmm...all this bandwidth being wasted.
I feel it's my duty to the internet to point these clowns to h4wh4w@127.0.0.1.
You'd be suprised how many sites will actually allow this, since the regular expressions that check them usually allow for identifier@sub.dns.com.country, with each allowing [a-zA-Z0-9].
Funny, I didn't know "email address" was synonymous with "identity."
When somebody asks for your email address, they're asking for a way to contact you--like a phone number. They're not asking for you to uniquely identify yourself as you would with a driver's license or passport, they're only asking how they can reach you.
Email is not identity, and using a dummy email address is not illegal.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
I registered somewhere.com in 1995 (hey, it was free :-). After I sold my first consulting company, I named the next one after the domain. Somewhere.Com, LLC.
Spam didn't exist at the time. The first warning signs were when we'd occasionally get email bounces. Some versions of 'mail' on Unix, when unable to figure out who to return a bounce to, would send it to somewhere!name-of-the-user. Sendmail would helpfully turn that into somewhere.com, and we'd get the email.
When spam started, we started getting bounce backs. Spammers were using it as a "fake" domain. In those days somewhere's mail system was a Mac 8500 on a cable modem. Life would get very interesting when all of AOL's mail servers started throwing bounces at me as fast as they could. I had originally been bouncing messages back with messages asking people to stop--that had to change to straight rejections.
As a result of the time I was spending handling somewhere's email problems, I got into the anti-spam business. Initially writing tools to track spammers (http://www.spamwatcher.com/ is still up, although I don't know how well the spam analysis stuff is working). Later I co-founded Messagefire, an end-user anti-spam service.
In the meantime somewhere's email flow continued to climb. It's doubled every year. Hoaxes like the one about "wormalert@somewhere.com" (put it in your address book, and the fact that it's fake will cause viruses to die) didn't help. Nor did Microsoft FrontPage shipping with webmaster@somewhere.com as the default address in its templates. Axis shipped an internet enabled video camera that that (if you turned on the email feature) defaulted to sending all your security pictures to somewhere.com. (They've fixed it, but there are still cameras out there sending us a picture every 5-10 seconds.). Viruses that picked up all the references to somewhere.com off of people's address book and web caches started to account for more than a third of the email. People signing up for things with "fake" addresses accounted for a lot as well. (Why anyone would use an email address at a domain and not check to see if the domain existed first, I have no clue. Neither, apparently, do a lot of people who enter fake email addresses.) By last year we were rejecting 100,000 messages a day, of which close to 40,000 were going to someone@somewhere.com. I upgraded my DSL line to 768k just to handle the flow, and I had to limit my mail server to 100 simultaneous connections at a time.
This year we sold Messagefire to a Seattle company called MessageGate, and I now work for them. We use somewhere.com to stress test our enterprise anti-spam and compliance software. That happened only just in time; my router was starting to fail frequently under the load. Now the mail's on a high-bandwidth connection with multiple machines to handle the load--I just pick up the legitimate addresses after the spam has been filtered out.
I haven't looked in on it in several months, but we did let the email run unthrottled once early this year. After a few hours we were looking at enough bandwidth saturate several T1's, and volume of at least one million messages a day.
A couple things in summary.
1. Don't use fake email addresses. If you don't trust the site you are giving your email address too, then why are you doing business with them? If you're afraid of spam because you're posting your address publicly; then buy some anti-spam software. If I can manage to use legitimate email accounts on somewhere.com and not worry about spam, then obviously there's some out there that works well. I've been posting on usenet and the web using nazgul@somewhere.com for the past 9 years. The spammers definitely have my address. So what?
2. If you're going to make up a domain name, then *check* first to see if it's real! Better yet, don't. Just because it's not real now doesn't mean it won't be later. Use example.{com,net,org} if you must.
3. I see a number of people here s