Easy Throw-Away Email Addresses

netbuzz writes, "A fellow teaching himself Seam has come up with a clever Web app called 10 Minute Mail. It gives you a valid e-mail address — instantly — for use in registering at Web sites. Ten minutes later (more if you ask), it's gone. You can read mail and reply to it from the page where you create the throw-away address. Limited utility, yes, but easy and free."

Vs. Mailinator

[P(0)(!P(k)+P(k+1))]

I was curious as to how TMM stacked up against mailinator, my anonymous email of choice; mailinator has a time-limit of several hours, and its interface is slightly more elegant.

Re:Vs. Mailinator

[hclyff]

One would say this "article" is just a not-so-subtle advertisment for Redhat's JBoss/Seam.

Re:Vs. Mailinator

Mailinator is a great and possibly better alternative to TMM. It appears that the email address TMM generates does expire in such a way that it rejects email to the address you are given after a period of time (10 minutes). With mailinator, the email address never expires, but mail that is delivered tends to be purged after a few hours. Mailinator works so well that I have found some sites don't let you use mailinator addresses in the sign up process. Luckily they have set up alternative domains that point their mail to mailinator's servers allowing you to use alternative domain names in your temporarily email address.

Re:Vs. Mailinator

[superpulpsicle]

I once used an anonymous mail program some "many" years ago and got busted by a sys admin. But I didn't go through the mail server, and to this day I don't know how I got caught. Is Mailinator any better? I did it as a prank to a friend and it backfired on me the worst way and haven't tried this stuff ever since.

Re:Vs. Mailinator

[plover]

I've been using Mailinator for throw-away web page signups for years, but I use Sneakemail for the purchasing sites where I'd like to be notified about shipments, etc.

I have to say I like the idea of a 10 minute window. Several hours means I can't really use it to have them send me passwords, as I frequently have name collisions at Mailinator.

In the same vein, I dislike the lack of a "roll-your-own" email address that Mailinator offers. With Mailinator, I can simply type john@mailinator.com and not worry about visiting Mailinator's site first. With TMM, I have to hit their site to get the randomly generated mail40367@10minutemail.com address (and yes, they're slashdotted at the moment.)

Re:Vs. Mailinator

[ziggyzig]

One of the big differences I noticed was that you can reply to emails using TMM, which may make it more useful to some. On a side note: throw-away-emails + bugmenot = lots of good no-registration sites.

Re:Vs. Mailinator

You cannot send emails through mailinator, anonymous mailing isn't part of their service offering. It is designed strictly for recieving email you don't want.

Re:Vs. Mailinator

[Khabok]

How about Vs. GMail? Ever heard of plus-addressing? I've been using it lately with great results.

myemail+anythingelse@gmail.com always goes straight to myemail@gmail.com, BUT with a distinct TO address. That way you know which service sold you to spammers, and you can prop up a filter to faithfully dispose of them.

Of course, like any of these services, it only works until the big baddies find out...

Re:Vs. Mailinator

[whoever57]

How about Vs. GMail? Ever heard of plus-addressing? I've been using it lately with great results.
myemail+anythingelse@gmail.com always goes straight to myemail@gmail.com, BUT with a distinct TO address.

I also use this whenever possible. Unfortunately, many web developers think that a "+" in an email address is not valid, even if used before the "@". Or maybe they are too lazy to develop rules that apply different checks for the part before the "@" and the part after, or whatever. The unfortunate fact is that many website registration systems simply won't accept emails like "myemail+anythingelse@gmail.com".

Re:Vs. Mailinator

[Mad+Marlin]

I think it was the Sims 2 that wouldn't recognize the dash "-" in my email address, which is valid on both the left and on the right.

Re:Vs. Mailinator

[spacecowboy420]

My favorite is to just have a catchall on my domain. Then when I signup for something, I use a descriptive address plus my domain. This allows me to not only get all the mail, I know who I gave it to, and who is selling/spamming. If they start to spam, I just turn it off or dev/null all mail to that address.

Re:Vs. Mailinator

[caseih]

unfortunately a log of web sites have brain-dead e-mail validation logic that claims "word+word@fqdn" is not a valid e-mail address. Comcast.com is one of these brain-dead sites.

Re:Vs. Mailinator

[puppers]

Is that a feature that you can count on working indefinitely? Like, will Google continue to support this practice?
--
I'm lovin' it

Re:Vs. Mailinator

[Jaime2]

No one would ever figure out to strip everything after the plus before selling it to spammers. That would be far too difficult and wouldn't work for a large number of accounts.

The + address just lets you catch the ones that are accidentally leaking your address. Anyone being aggressive will have your real address. That way you won't have any of the spam that is periferally related to things that you are actually interested in, but you will get tons of Viagra and porn spam. Yay!!!

Re:Vs. Mailinator

I prefer http://www.mailzilla.com/ which allows me to create disposable email addresses (randomly or personalized) that have an expiration time and/or incoming message limit. I can also send replies from Mailzilla.com's site. Very clean interface and quite useful. They also have some other nifty features like multiple redirects, etc...

Re:Vs. Mailinator

Indeed. Very, VERY frustrating. I'm looking at you, Auntie BBC. I'd love it if gmail supported an alternative to '+', like, say '..' or '.zz.' (eg noname.nospam..slashdot@gmail.com). I suspect this would work for most of the rejecters.

Re:Vs. Mailinator

[SeaFox]

It is designed strictly for recieving email you don't want.

I know that description is correct, but it just reads really funny.

Re:Vs. Mailinator

[Teppic_52]

That's what I do, works better if you add the aliases instead of using catch all though, then you don't get the 'Returned Mail' spam too.

Re:Vs. Mailinator

[kefler]

I agree and use that as well. Of course, I live in fear of the spam bomb.

The day when a spammer for some reason decides to spam EVERYTHING at my domain, my mail server will melt.

Re:Vs. Mailinator

[dosquatch]

Is that a feature that you can count on working indefinitely?

To the extent that Google supports standards, yes.

RFC2822 allows A-Z,a-z (case insensitive, 0-9, the chars ! # $ % & ' * + - / = ? ^ _ ` { | } ~ and . (assuming the period is not the first or last char) Any server that rejects an email address for containing one or more of the above characters is in violation of RFC2822, and should be considered broken. Hotmail and Exchange are both broken in this regard, though they are far from alone.

Many servers implement "plus addressing" as gmail does by convention, though it is not explicitly required.

Re:Vs. Mailinator

[zollman]

It gets worse. Recently a spammer used my domain as their From address, with a randomly generated username part.

For the three days the spam went on, I was getting upwards of 100 emails an hour, mostly bounces and out-of-office messages. Very hard to separate out the real messages.

Be careful with the catchall, and make sure you've got a separate mailbox for important stuff.

Re:Vs. Mailinator

[petitgars]

Is that a feature that you can count on working indefinitely?

To the extent that Google supports standards, yes.

RFC2822 allows A-Z,a-z (case insensitive, 0-9, the chars ! # $ % & ' * + - / = ? ^ _ ` { | } ~ and . (assuming the period is not the first or last char) Any server that rejects an email address for containing one or more of the above characters is in violation of RFC2822, and should be considered broken.

Gmail is also broken, then: it does not support - nor _ in email addresses. That really sucks.

Re:Vs. Mailinator

[emurphy42]

Why wouldn't the spammers just auto-convert a+b@c.d to a@c.d, thus denying you the knowledge of who they bought your address from? Would this lose them a significant group of recipients?

Re:Vs. Mailinator

[matthewcraig]

Caution! I tried this many years ago, on a suggestion from a slashdot comment, no less. Feeling impervious to spam, I used descriptive email addresses + my domain on web forms everywhere. It wasn't long before the spam started piling up... big time. 100s of spam messages a day, including dictionary attacks against the domain. I started using spam-assassin tools. The tools worked well, blocking ~95% of the spam, however, by that time I was approaching 1000 spam messages a day. I was still getting ~50 spam messages each day... and rising. Eventually, the domain was getting hit with nearly 1500 spam messages a day, and I shut down my mail server service. For every 1 legitimate email, I was deleting over 100 spam messages. It has been down for a year, and I can only wonder if the endless waves of spam are attacking it. Thankfully, I was using co-located server hosting, so my personal network was not effected.

Re:Vs. Mailinator

[trjonescp]

How about Vs. GMail? Ever heard of plus-addressing? I've been using it lately with great results.

You can also sprinkle your GMail username with dots like m.y.user.n.a.m.e@gmail.com and GMail will ignore the dots and interpret the address as myusername@gmail.com

Re:Vs. Mailinator

[robogun]

The unfortunate fact is that many website registration systems simply won't accept emails like "myemail+anythingelse@gmail.com".

Turn off yer javascript to defeat server-side checking.

You can also do this to stuff 500kb-long 'valid' email addresses and responses into spammer's forms - don't go over 1mb total in case their Hotmail rejects it.

Re:Vs. Mailinator

[wayneo13]

Don't you mean to defeat client-side checking?

Re:Vs. Mailinator

[JazzLad]

Akin to this I use my personal domain (not the one on my /. acct). It is set up so that *@[my domain] delivers to my gmail acct anyway, so my amazon email address is amazon@[my domain], and all other sites I visit are [their address]@[my domain]

When spam starts hitting one (ex: efax likes to spam me), I simply create a filter or redirect that particular address elsewhere.

Redirect it to their abuse@ & have fun with them :)

Re:Vs. Mailinator

[1point618]

This is very true, and the trick I use to get around it is the fact that gmail treats foobar@gmail.com the same as foo.bar@gmail.com or f.o.o.b.a.r@gmail.com. For sites I don't trust completely and who insist that + isn't valid, I use a different dot pattern, and if I start getting junk, I set up a filter. Works great.

Re:Vs. Mailinator

[BrynM]

Eventually, the domain was getting hit with nearly 1500 spam messages a day, and I shut down my mail server service.

Greylisting could clear that up in a jiffy. My server was getting a few thousand spams a day (peaked at over 2000 in an hour at one point). It was getting so that the machine was constanly churning spamassassin and not much else could get CPU. Worse: my filters/learning were getting poisoned. I installed greylisting and the problems all went away. If you aren't running your server ask your provider for it. Most server apps have a plugin or something similar for it nowadays.

Re:Vs. Mailinator

[robogun]

Good catch, while we're on the topic, defeating any server side checking is a little tougher. Though when it's there they mainly use it to limit repeated attempts (form-bombing) & you can proxy to deliver more responses & anyway the ip ban usually times out in one hour or less.

I've seen some spammer's forms (mortgage, mostly) so thick with javascript it's amazing they get any responses at all. Sometimes you have to save the form locally to replace a javascript submit button with a normal one in order to do the trick.

Re:Vs. Mailinator

Several hours means I can't really use it to have them send me passwords, as I frequently have name collisions at Mailinator.

Then you're not being creative enough with your names, plover.

email me at 'go_fuck_your_fat_aunt_salley_on_tuesday@mailinato r.com' and I'll send you some suggestions.

Re:Vs. Mailinator

[plover]

Your name was too long. Mailinator has a length limit.

BTW, your Aunt Salley called, and she sounded right pissed.

Re:Vs. Mailinator

[DarthMAD]

I've always used Spamhole and I've never been disappointed. The interface is pretty simple, but it works, and frankly, that's all that matters.

Re:Vs. Mailinator

[taedog]

I just use the alias spamiam@ in front of my domain. Set a filter to toss that send straight to the delete file.

Re:Vs. Mailinator

Your name was too long. Mailinator has a length limit

It's a good thing your Aunt Salley doesn't...

Re:Vs. Mailinator

Oh snap.

Re:Vs. Mailinator

[houjenming]

Even better is Yahoo Address Plus (only for subscribers). You choose a new moniker (which is necessarily different from your yahoo ID), and then add a dash-whatever after the new ID. This way, you don't have to expose your actual yahoo ID to spammers. A smart spammer could look at a gmail+ address and immediately remove the '+' and then you're back to square one. With the yahoo address plus, you can just delete the temporary address and not worry about it anymore.

Re:Vs. Mailinator

[dcam]

And this is just another example of how spam breaks email.

The immediate response to this (for me) was to train my spam filter junk bounces. Which means there is no way to find out if an email arrived at its destination.

Re:Vs. Mailinator

[xenocide2]

They may not think its invalid so much as refuse to use it the same way some sites refuse mailinator or hotmail accounts.

Re:Vs. Mailinator

[mattwarden]

This is what I do, and it worked great until spammers and worms started sending emails to random usernames at my domain, e.g. john@mydomain.com (my name ain't john), sue@mydomain.com (ain't sue either), etc.

Re:Vs. Mailinator

[charlieman]

Good thing about mailinator is that you don't have to create the account, just use any-thing@mailinator.com and enter later. Bad thing is you can not send mails from mailinator itself.

Re:Vs. Mailinator

[TheGrinningFool]

I've seen some spammer's forms (mortgage, mostly) so thick with javascript it's amazing they get any responses at all. Sometimes you have to save the form locally to replace a javascript submit button with a normal one in order to do the trick.

Wow. I hope I'm never that desperate for a mortgage.

Re:Vs. Mailinator

[moresheth]

This happened to me as well.

I ended up setting up a forward for all mail that didn't specifically have a known account. So, I just made the *@mydomain.com to go to mybounces@hotmail.com at the DNS (zoneedit.com).

I haven't checked that account in a long time, so I'm not sure if it's still being used for spam reply addresses.

Re:Vs. Mailinator

[larytet]

or mytrashmail.com which creates e-mail account on the fly (upon receiving an e-mail ?) and apparently keep the e-mail accounts forever. Both password protected and not protected accounts are available

Re:Vs. Mailinator

[larytet]

mytrashmail.com allows sending "anonymous" e-mails

Re:Vs. Mailinator

[arivanov]

Propping a filter is the wrong idea. IMO the best use is to feed them as a spambait for autogenerated dynamic blacklists. Unfortunately this means running your mail server so gmail is out of the question.

Essentially, the idea is that you keep a list of addresses that are no longer in use (or known to be compromised) and any host sending mail to them is set to a "DENY ALL" status for 24-48 hours. If you overlay this on top of greylisting, the efficiency of is as good as Spamhus XBL-SBL. In total these block 99.5% of incoming SPAM. Unfortunately XBL-SBL and dynamic blacklisting give only minimal further improvement when used together. The reason is that blacklisting has nearly 99% correlation with Spamhaus as far as what it would deny. This is not surprising, considering that Spamhaus uses spambaiting as the primary means to populate its database.

Re:Vs. Mailinator

I tried that too. It worked great for a few months, then I suddenly got 40-50 mails per hour. Had to turn it off and had to make a lot of aliases for my existing news letters and stuff...

Re:Vs. Mailinator

[MichaelSmith]

They must use write only memory

Re:Vs. Mailinator

[Apotekaren]

Well, I prefer the Swedish http://slaskpost.se/ which creates the inbox for any incoming mail.

So you only have to make up a name when you register for some site, say random@slaskpost.se and then

just go to the slaskpost website, fill in the e-mail you made up, fill in the captcha and there you go,

the registering e-mail is right there. Any e-mail received by their servers are kept for 24 hours.

Hell, it's so easy to use, you don't even have to know Swedish!

Re:Vs. Mailinator

[jamesh]

A big 'me too' to that! I have had to turn greylisting down to everything with a spamassassin score >= 0.0 though. I tried 5.0 and too much got through, then 2.0 and I was still getting 10 or so a day. Now, nothing!

Greylisting works for two main reasons:

1. A lot of spam is sent by very dumb automated mailers. A short time ago they could be fooled because they didn't even wait for server prompts, so you could just reject anything that sent a HELO before you'd identified yourself. Now they are smart enough to get around that, but if you send a 'busy, try again later' message they don't bother trying again.

2. The 1 hour or so that you greylist senders for is enough time for them to get onto blacklists, so by the time that you'd let them through they've been blacklisted.

greylist stats on my primary email server are that 98.4% of email that was greylisted never made it to the whilelist (eg gave up or was rejected before it cleared), and on the secondary it's 99.9% (if the primary is up, then anything that hits the secondary is spam anyway).

so, until the spammers find a decent way around it (and I can't think of one, when used in conjunction with blacklists!), this seems like a pretty bulletproof solution.

Re:Vs. Mailinator

[dekkerdreyer]

Throw an SPF entry in your DNS zone record, that helps keep spammers from using your domain as a FROM address. Worked for one of my domains.

Re:Vs. Mailinator

[ohtani]

While using a catchall can be nice, it also opens up an additional spamming hole, one that can get quite annoying:

Some spammers will start blindly sending e-mails to $foo@example.com where $foo is set by a list of common names. So imagine them bombarding you with tom@example.com, joe@example.com, kevin@example.com, etc.

Re:Vs. Mailinator

[zollman]

Thanks; eventually did -- maybe that's why the spam only lasted 3 days and not longer.

For the lurkers -- the SPF wizard they have at openspf.org (recommended by parent) is a fantastic tool; very easy to use if you don't have time to read the specs.

Re:Vs. Mailinator

[nblender]

Yes, I too regret having chosen "+" as my recipient_delimiter in postfix. Now I have lots of legitimate mail coming in with "+" in it... Postfix doesn't support multiple recipient_delimiter's so you basically lose.

Here's one way to work around the problem, with postfix http://archives.neohapsis.com/archives/postfix/200 4-01/1944.html

Re:Vs. Mailinator

[bogado]

My favorite is to just have a catchall on my domain. Then when I signup for something, I use a descriptive address plus my domain. This allows me to not only get all the mail, I know who I gave it to, and who is selling/spamming. If they start to spam, I just turn it off or dev/null all mail to that address.What I do it that I create a new email for each service, it redirects to my account and if they sell this email or start spamming me I simply delete the redirection. It is good to be able to delete a "to" instead of filtering a "from" that is easily changeable.

Re:Vs. Mailinator

[bill_mcgonigle]

This is a huge problem - see my .sig.

What gets me is why they feel the need to reinvent the wheel when they can just use code that's already done and free.

Also, postfix lets you change the + to another character, say - .

Sounds a lot like

[tessaiga]

what Mailinator has been providing for years.

Re:Sounds a lot like

Sounds a lot like what Mailinator [mailinator.com] has been providing for years.

Yeah, but the Slash-vertisement has it beat in seniority.

Re:Sounds a lot like

[coldtone]

Both Java apps, is Java king of temp e-mail apps?

As an aside, if this app makes it to the front page, then why not cl1p?

Re:Sounds a lot like

[Gyppo]

The big problem with mailinator now is that many sites are rejecting mailinator email addresses at the form validation level - so I've been using Yahoo mail's junk email feature. This allows you to create any number of junk email addresses that forward to your regular Yahoo email address. You can continue to use it through the time that you receive the shipment then delete the address to prevent future spam.

Re:Sounds a lot like

[Psykosys]

and dodgeit.com...

Re:Sounds a lot like

[Iron+Condor]

...and mailexpire.com ...

Re:Sounds a lot like

[biffta]

and pookmail.com...

I just use spam.la

[__aavhli5779]

There's no privacy (everyone can view everyone else's mail) but it's perfect for throwaway registrations where your only concern is reading whatever content some site has to offer.

Re:I just use spam.la

[gilesparsons]

there is an odd privacy from spam.la, the privacy of crowds, much as there is a privacy you get from being on cctv at every step in a crowded city of millions that you do not get from being in a village. any message sent can be read by anyone; so although everyone can read your email, because it could be sent to anybody, it is, in a different way, private.

it is very exciting that at the same time london police want microphones on street corners to complement cctv, i can set up an anonymous email address within seconds. technology does not necessarily make lives less private; it just changes the rules of the game.

Re:I just use spam.la

Nothing on the internet is anonymous or private.

Re:I just use spam.la

Can we please cut it off and say that these services are good for getting free porn passwords and not for anonymity? Thanks.

How is this better than dodgeit.com?

[hemp]

Dodgeit.com is free and allows to you to specify any email address@dodgeit.com and read the emails that arrive.
http://www.dodgeit.com/

Re:How is this better than dodgeit.com?

Dodgeit seems like the best, the others depend on cookies (which my Firefox empties on browser close). Thanks for the link. =)

Re:How is this better than dodgeit.com?

[feed_me_cereal]

I've been using dodgeit for a long time. It rocks!

Re:How is this better than dodgeit.com?

[g1zmo]

I was interested in your website, being that I'm from Fort Worth, but it doesn't seem to be valid.

Re:How is this better than dodgeit.com?

[bkhl]

I guess it's the same, but in the interest of limiting the /. effect a little, here's a couple more:

http://mailinator.net/

http://trashmail.net/

Re:How is this better than dodgeit.com?

[brassman]

And like mailinator, as of today you won't be using it to sign up on the boards I admin.

I just went through our database looking for the various mailinator domains, and found 72 signups going back to 2004. Without exception, every one of them fit into three categories: never completed the signup; never bothered to make a single post; made one post and then expired due to lack of activity.

Why waste our resources on someone when their choice of email makes it obvious that they have no intention of becoming a participating member?

Re:How is this better than dodgeit.com?

That's not entirely true. I use dodgeit addresses even if I have the intention of becoming a member simply to test if your site starts sending me spam (not unheard of from the best boards). If I find it acceptable, I'll edit my info and change the adress. I do agree in blocking these sites though, in principle;

Re:How is this better than dodgeit.com?

[dubonbacon]

Maybe they are now members with their real address.
Indeed I never returned to a board I couldn't sign up on with dodgeit, but that doesn't mean I didn't want to join the board in the first place.

Re:How is this better than dodgeit.com?

[bit01]

Why waste our resources on someone when their choice of email makes it obvious that they have no intention of becoming a participating member?

You probably wasted far more resources blocking them than they will ever cost you. People use throwaway email addresses with good reason. Not trusting some anonymous website on the net not to spam until they've proven themselves is one.

---

Don't be a programmer-bureaucrat; someone who substitutes marketing buzzwords and software bloat for verifiable improvements.

Brick stores need your email address!

[Desert_Scarecrow]

But now what will all of the brick and mortar stores do? When you place an online order and they require you to create an "account" using your e-mail, where will all the spam go? Will it, having nowhere to go, return upon itself, imploding into a spamularity, sucking all nearby email inside forever? The humanity!

Re:Brick stores need your email address!

[wiredlogic]

Yahoo provides throwaway addresses (addressguard) to paying subscribers. They last indefinitely and provide useful delivery options. I use this feature for sites I don't trust and for usenet to make it easier to sort out their spam. The old Yahoo mail interface would color code mail sent to different addressguard adresses. This isn't yet in the new interface unfortunately.

Re:Brick stores need your email address!

What is the advantage of using that over say an email address by your ISP provider? Example: I have an account as myrealaccount@verizon.net. I create a myjunkaccount01@verizon.net for a temporary period of time, then delete whenever I feel like it. I can use it once or leave it there for any period of time. If I configure my email client to receive mail, I can easily setup filters to move email to a junk box based on the recipient or even better, create a rule that overrides that if the email comes from a known sender (i.e. the site I registered for). While this is a little bit of work, it really seems that the alternative is too. Now if I were trying to do anything where I wanted to remain a bit more anonymous, then maybe these sites would offer some benefit, but who can say if they store your IP address?

Jim

Re:Brick stores need your email address!

No, no, you don't understand. You see, the Internet, it's a series of tubes...

Re:Brick stores need your email address!

[JPriest]

You can create these under your gmail account also. If you are user@gmail.com you can add an alias for user+slashdot@gmail.com and you can flag/move it on the way into your inbox.

Re:Brick stores need your email address!

[bohemian72]

My Yahoo! email address IS my throwaway email address. It's so full of spam that the only time I use it is to register for places I don't want knowing my real email.

What's the point?

[DoorFrame]

What's the point of having an email address that's only around for a few minutes when you could just use a single throwaway email address for all of your registration needs. It doesn't expire, but since you only use it for registrations, it doesn't matter how much spam/cruft it accumulates.

Re:What's the point?

[TheRealMindChild]

I have one of those... currently I get 3k emails a day of spam. Does that clear things up?

And yes, Ive only used it for web ordering.

Re:What's the point?

[krotkruton]

Here's one point. Let's assume you use one email address for all of your registration needs, including forums (and shopping if you really want to drive this point home). Over time, that email address will be linked to a variety of sites, which together can be used to identify you. Of course, depending on how you use the sites connected to the email address, there may be nothing that can be used to get your actual identity or you may have used your name on a couple which leads people to you (or you might use your credit card on a shopping site). Now you, or your identity depending on how you want to look at it, is linked to that email. This probably isn't a big deal for most people. Now let's pretend you want to sign up on an Anarchists website, which is something I wouldn't recommend in the US right now, so now that email is linked to you and linked to anarchy. That might not be something you want. That example doesn't work for you? How about signing up for a porn site that requires email but no credit card? What about a torrent site? An email address that lasts only 10-minutes should make it harder for people to link things that you do back to you.

(Before anyone jumps down my throat, I said it "should make it harder" not impossible, and I didn't say that it makes it hard because I don't know the difficulty of doing such a thing. I just said it would be harder than using one email address for everything.)

Re:What's the point?

[wowbagger]

If the site needs to mail you something to complete the registration, you have to be able to read the email address - and having one address that collects a ton of crap makes it hard to read the email address and get that one mail you care about to complete the registration.

Yes, if the site wants an email address, but you don't need to receive any emails from the site to continue, give it "i_dont_want_spam@localhost", or "i_dont_want_spam@example.org"

Re:What's the point?

The same with mine,... until I moved the mail server behind a graylisting firewall that also used RBLs. Now I get like 5 a day in it.

Re:What's the point?

[misleb]

Or you could just use some decent spam filtering and not worry about it at all.

-matthew

Re:What's the point?

[Anonymous+Crowhead]

What's the point of having an email address that's only around for a few minutes when you could just use a single throwaway email address for all of your registration needs.

One throwaway is the best way to go. What if you forget your password for one of the many sites you registered at? The 'I lost my password' function is worthless if there is no longer an address to retrieve it at.

Re:What's the point?

[Jello+B.]

That's not good enough. Give it the good ol' "bgates@msn.com".

Re:What's the point?

[misleb]

Add in Spamassassin and you can get that down to less than 1 a day. I use the same address for everything without any trouble. I hardly get any spam. Greylisting alone is surprisingly powerful.

-matthew

Re:What's the point?

I guess it addresses the concern that multiple sites sharing data with each other could figure out the habits of your spam@spam.net address.

Re:What's the point?

[Kreigaffe]

... I've had the same YAHOO email address for 8-9 years, now. I've used it to register for a plethoria of boards, for buying stuff online, for any games that require registration..

I get maybe 20-40 hunks of spam a day, and 90% of them go right into Mr. Spamfolder. It's up a bit recently I think because of some recent online purchases, but what can you do.

I do have a seperate email address that I use for other registrations, though. For when I don't want people to know it's me, or for when I don't want anyone to be able to follow my trail. That one, actually, doesn't get *any* spam, and it's just a junky mail.com address.

Re:What's the point?

pssst. hey, dude - email me at tin_foil_hats_for_sale@10minuteemail.com. But hurry up! Time is of the essence!

Re:What's the point?

[Goeland86]

Sooner or later he's going to have to enforce some sort of IP address logging, like most services of that type do.
For instance, www.jetable.org, a french site along the lines of mailinator forwards given emaisl to your account for the specified duration, but it logs your IP address and the time you were on, in case it becomes essential to know who was whom in a legal case.
With that info, it's *still* possible that a 10 minute email will lead back to you. Not just an email account, but an ISP account this time, which is even more identifiable, imo.

Re:What's the point?

[ad0gg]

I had a catholic.org email address i used for registration to sites that required email validation. It became unusable after 2 years. Its just nonstop spam to the point its hard to find the verification emails. Now i just use throw away gmail accounts.

Re:What's the point?

[Deagol]

What if you forget your password for one of the many sites you registered at? The 'I lost my password' function is worthless if there is no longer an address to retrieve it at.

Ummm.... how about not forgetting it? This truly is a non-issue. Use a password manager, USB fob backup, hard copy, or something.

I have a GPG-encrypted file with all my web site passwords. All of those passwords are unique, as I use the largest value for x supported by each web site in the following: "ps waux | md5 | cut -c 1-x". So, for example, the actual password I have for one of the sites I've purchased from is "48750be49b0cb2d6ad9469d54".

So for backup, I email myself this symmetrically-encrypted, ascii-armoured file to my gmail account. Otherwise, I open up a shell and type "gpg -d /home/foo/internet_passwords.asc", cut-n-paste, and I'm good to go.

Of course, these are important sites/passwords. I use a small handful of easily-memorized passwords for sites like this one.

Re:What's the point?

[Osiris+Ani]

I get maybe 20-40 hunks of spam a day, and 90% of them go right into Mr. Spamfolder. It's up a bit recently I think because of some recent online purchases, but what can you do.

Well, you could try doing something... or rather, anything other than your current method. That's the primary point of this discussion, after all.

For various registrations, I simply create aliases to my mail account that are specific to each new vendor so I can keep track of the origins of most spam that hits my server. That allows me to respond accordingly, and it's a thirty-second solution (which would be faster if I were a faster typist, alas). But of course, I control my own mail server.

Re:What's the point?

[DoorFrame]

Wow, that's a big hassle. I'll take the risk that someone at Slashdot figure out how to hack into my gmail account based on my non hex based passwords.

Re:What's the point?

let's pretend you want to sign up on an Anarchists website, which is something I wouldn't recommend in the US right now

I agree, however note the irony: true anarchists (meaning people who don't believe in a special "right" to employ coercion against others, i.e. government) are among the most peaceful human beings this planet has ever known. The reason government doesn't like anarchists isn't because they pose a threat to you and me, "the people" -- it's because they pose a threat to the power elite.

Don't take it from me, though. Why not ask the Amish? They have survived centuries of harrassment and threats from organized coercion (i.e. government), despite being some of the most respectful and non-violent human beings living on "US soil".

Re:What's the point?

[Deagol]

I don't give it a second thought. Doesn't seem much like a hassle to me. To each their own.

Re:What's the point?

[mavenguy]

That's exactly what I've done, and it works well. I set one up on yahoo, then visited a whole bunch of porn sites (errr, just for research purposes, of course) and gave out this address, just to see what kind of spam I get. Sometimes I have to remember to visit the account to make sure It doesn't go stale. I just visited it for the the first time in over a month and the bulk mail folder had over 800 messages.

Interestingly, most of the spam I get is not pr0n or dick enlarging stuff, penny stock scams, but very mundane crap like discounts at well know retailers and the like. In contrast, my more mainstream accounts get the drug, penny stock and pr0n stuff. It's almost like I'm getting the "wrong" kind of spam in all cases.

Re:What's the point?

[Kreigaffe]

Er, true. But it's not a problem to the extent that the drawbacks to using an email address I check regularly outweigh the benefits -- namely, re: online purchases, the ability to store confirmation numbers and tracking numbers and such and easily access them in the future if need be. or easily recover lost passwords from registration.. that sort of thing.

I just really wonder what people are buying online that results in 3k spams a day. Then again, I've not tried to buy Viagra online yet, so maybe I don't know what I'm talking about :D

Re:What's the point?

[Osiris+Ani]

Are you implying that the only way to conveniently have "the ability to store confirmation numbers and tracking numbers and such and easily access them in the future if need be" or to "easily recover lost passwords from registration" is to give miscellaneous vendors your primary email address?

I ask because I want you to know that that's not actually true.

Re:What's the point?

[TCM]

How about an algorithm that doesn't let you forget it?

echo "user:domain:iteration:mastersecret" | md5

You only have to remember one secret and you can store the other triplets in the clear. Also, the entropy of your passwords is quite low with only 16 possibilities per character. How about having the hash in binary and piping it through base64? This way you'd have 62 possibilities per char.

Re:What's the point?

[Kreigaffe]

Obviously not...

except, you see. I'm EXTRAODINARILY lazy.

besides, the only vendors who've got it have been newegg, amazon, blizz, mythic, guildwars, and valve. and that kind nigerian fellow -- but that's an investment, not a vendor. a sure bet, he tells me!

Re:What's the point?

[exp(pi*sqrt(163))]

Hmmm...this sounds like a fun game. I'll see if I can beat 3k.

Re:What's the point?

[trewornan]

On many linux distros you'd need:

echo "user:domain:iteration:mastersecret" | md5sum

Re:What's the point?

[TCM]

Sure, I was just conveying the general idea. Optimally, you'd use something like openssl dgst -sha512 -binary and base64-encode the output, then take 16 or more chars from it.

This way, you'll increase entropy per character from 4 to almost 6 bits.

Re:What's the point?

[Anonymous+Crowhead]

To each their own.

Thanks for affording me such condsideration, asshole.

This won't stop my mom from sending me e-postcards

[el+QuesoGrande]

Most of the people I know already keep a secondary address on gmail/hotmail, etc for this purpose.

This works, but things such as invites, forwards, e-cards that your friends send you with good intentions still mess things up. I had a good clean 3-year run with my last address, but lately it's just spiraled out of control.

pr0n

[User+956]

A fellow teaching himself Seam has come up with a clever Web app called 10 Minute Mail

Their slogan... "JBoss Seam: For when you need more seam in your web experience."

Re:pr0n

[KermodeBear]

And here I am thinking that people want seamless features in their applications.

Re:pr0n

[KingKiki217]

Beat me to it.

Dodgeit.com does the same thing

[tokengeekgrrl]

Receive only free email that automatically gets deleted every 7 days unless you make a donation, then you get to password protect and own the email address (as I do).

http://dodgeit.com/faq.html

- tokengeekgrrl

SpamGourmet seems better...

[Tamerz]

I have been using SpamGourmet http://www.spamgourmet.com/ for a while. It works great and is more flexible. This is going to run into the same problem other services like this do. Sites will simply stop accepting emails from that domain name.

Re:SpamGourmet seems better...

[khedron+the+jester]

The owner of SpamGourmet was in the red with the service last time I checked the forums. This makes the service precarious, although I still use it.

willhackforfood.biz

willhackforfood.biz provided this service for a long time--seems to be down recently--i think someone from binrev.com started it--just so everyone's aware this isnt that new.

Just buy a domain.

[Ikeya]

I have my own domain and I can create an unlimited number of throwaway addresses. If they behave, I keep it active. If it starts getting spam, I know which business I can't trust and I direct it to /dev/null/

For example, if I were to register with slashdot, I could just use slashdot@mydomain.com

I can keep it around for as short or as long as I want.

Re:Just buy a domain.

[Ant+P.]

And you don't even need a domain - GMail lets you use +slashdot@gmail for the same effect.

Re:Just buy a domain.

For example, if I were to register with slashdot, I could just use slashdot@mydomain.com

You could, but spammers are aware of such tricks. Check through your logs and I am sure you will see all kinds of mail sent to your domain for accounts which have never existed (amazon@mydomain.com is very popular). You may be penalizing businesses who are not involved in spam or the sale of personal information. At least add something unique to the address (e.g. your initials and shoe size) to definitively connect the address to the site in question.

Re:Just buy a domain.

[misleb]

If you have your own domain (and I assume you control the mail server) you can just implement spam filtering and not bother juggling addresses. Start with Greylisting. I use the same address for everything and I barely get one spam a week.

-matthew

Re:Just buy a domain.

[Zarel]

The problem with that strategy is that sooner or later, companies will realize that particular feature of GMail, remove everything between the + and the @, and bam! It doesn't work any more.

Re:Just buy a domain.

[izomiac]

There are also free mail forwarders for subdomains. I use http://www.cjb.net/ personally. When I register for a site I use sitename@mysubdomain.cjb.net and have that forward to my Gmail.

Re:Just buy a domain.

[Kelson]

Well, it's a standard feature of sendmail, so there are a lot of other sites for which username+tag@domain will work.

One drawback, though, is that you can run into insufficient email address validation. I've tried using that scheme on some sites which then complained that the address was invalid, beause their regex didn't take into account + as a valid character for the LHS.

On a related note, I've found with seeding spamtrap addresses that, more often than not, harvesting bots will see the + as a boundary, miss the username part, and pick up tag@domain.com.

Re:Just buy a domain.

warning, cjp is pop-up window city!

Re:Just buy a domain.

[Dark+Coder]

NOT SO!!!

If the mail provider allows account holder to just only REJECT the localname having NO TAG (the beginning part of the email up to the '+' or '-' sign) so that only

joe@doe.com

gets rejected...

BAM!

Instant selective email address to the following:

• joe+friends@doe.com
  
• joe+family@doe.com
  
• joe+slashdot@doe.com
  
• joe+spammer@doe.com

This forces the spammers to even perform MORE dictionary attacks against a SINGLE email address. The longer the +tag, the harder the guessing attack will succeed!.

Re:Just buy a domain.

[Evro]

Most email verification functions consider + an illegal character; quite annoying for the above use. You can also intersperse '.' in your gmail username wherever you want; that does work everywhere.

Re:Just buy a domain.

[AVonGauss]

You are correct, but unfortunately that's just not how the service works and hence the original poster is correct.

Re:Just buy a domain.

[Ant+P.]

It can still work, you just need to blacklist the default address as a spamtrap from the start and only give out custom ones.

Re:Just buy a domain.

they are called email forwarders; I currently have over 65 of them (each company registration gets its own email address--if they sell the account for spam, I'll know about it), and yet I only check two actual email accounts. forwarders simply dump mail into another account. the nice thing, its controlled via the server, no amount of end user manipulation can reveal the ultimate destination address (unless you reply to the email but why would you do that with spam?) it works beautifully. two of the email addresses referenced on my site were getting progressively more and more spam. they were forwarders, so I simply deleted the forwarders, created two new ones with different account names, changed the links on the site to point at the new forwarders and whola, no more spam and new customers can contact me normally. every 6 - 12 months the accounts will get 'rolled.' regular customers know my 'private' accounts so they can continue to communciate.

Re:Just buy a domain.

[element-o.p.]

I do this too, and it's not a bad idea if all you want to do is create a throw-away account for blocking spam. But like another poster said a few comments earlier, if you are trying to make it more difficult for others to trace your on-line identity back to yourself, owning your own domain may not help much unless you lied about your identity when registering the domain name.

For example, even though I'm using a pseudonym on /. and I've opted to hide my e-mail address, anyone who cares could research my domain name to find out who I really am.

Re:Just buy a domain.

Try signing up for a yahoo group with a email address that is username.spam@gmail.com. Yahoo will strip the ".spam" part and send all mail to just username@gmail.com. Rather frustrating, especially if you don't own the mail account that doesn't have the ".spam" part.

Re:Just buy a domain.

[ProfessionalCookie]

okthisoneismyrealemailaddress+myname@gmail.com

Re:Just buy a domain.

[sparkz]

Yes, GMail do allow you to do this, but so do many MTAs. eg: http://www.faqs.org/faqs/mail/addressing/ (dated 1998) This is not a feature created by GMail.

Re:Just buy a domain.

[GWBasic]

Sig under construction. Please check back when Duke Nukem Forever ships and/or Windows Vista is released.

Does being able to download Vista count? There's a link here, assuming MS didn't stick a funky cookie that tells them I'm an MSDN subscriber.

Nice

[DrMaJ]

For all those sites you wanna sign up for, without the spam :)

Cheers.

Allows more spambotting

[madhatter256]

Won't this actually help spammers? Email addresses that are thrown away thus they can't be completely stopped spamming a specific forum or inboxes.

Re:Allows more spambotting

wot?

Re:Allows more spambotting

[Rui+del-Negro]

Exactly. Any sane forum admin will block this immediately.

This /. "article" is just advertising for yet another ad-supported site...

RMN
~~~

Re:Allows more spambotting

madhatter256,

Spammers don't create accounts to send spam, i guess the run there own mail servers on dynamic addresses (to avoid black lists) or abuse improperly configured mail servers belonging to other people.

Re:Allows more spambotting

[Goaway]

Admins who don't like getting users, you mean. Requiring registration to post is already far too big a step for me to bother in most cases, and in the few where I do, I'd never give out a real email address. Mailinator and the like are godsends for users who actually want to use forums run by paranoid, user-hating admins.

Re:Allows more spambotting

[Erwin_D]

No, admins who don't like spammers. You try administrating your own forum sometime... Without registration and blocking these throw-away domains, your forum will be guaranteed to have 99% spam.

Re:Allows more spambotting

[Goaway]

I do. I write forum software. And I don't even support registration, because I think it's a waste of time and lowers the value of a board.

And I know there are many other tricks that block spam just as well, without harassing the users. If your script requires you to force people to register just to avoid spam, it's your script that sucks.

/etc/aliases

[pbrammer]

echo "newsite: spam_account" >> /etc/aliases
newaliases

Where "spam_account" is an actual user account.

That's it. I can turn it on and off whenever I want.

Re:/etc/aliases

[pbrammer]

'Course you need to have your own domain name and an unfiltered SMTP port to make it work... :)

Re:/etc/aliases

[19thNervousBreakdown]

echo 'myreal@dre.ss' > .qmail-spammysite

Because qmail is hardcore.

Every site gets its own address. Not only do I not get spammed, but I know where it's coming from. I started it out expecting to catch some "reputable" site selling my e-mail address, but you know what? Most sites out there are very careful with your address, and take you off their list as soon as you tell them to. The only addresses I've had to delete are for porn sites.

Diskeeper, however ... fuck those guys. Seriously, it's a shitty defrag program, why in the HELL do I need 4 messages about it (minimum!) a week?

Wow, even on Slashdot

[Bemmu]

This service shows how effectively promoting your service can really make a difference. While Mailinator has been around for a long time, somehow this 10minutemail has managed to get lots of exposure. I wonder did they really get all these mentions around the net just organically, or was there heavy promotion involved? If the success came organically, perhaps it's because 10minutemail is easier to understand. Just from the domain name it's easy to guess what the service is for.

Unnescessary but nice with more options

[Kattspya]

I know of at least two different sites which give out disposable e-mail addresses so I don't really understand why this is newsworthy.

http://www.spamgourmet.com/
You create an account and spamgourmet will bounce the mail to you. The syntax is: [word].[number of mails].[username]@spamgourmet.com. When the alloted number of e-mails has been used the mails will bounce unless you allow more through.

http://www.mailinator.com/
You just make up a string of letters and use those letters to view the account at mailinator. This is a truly disposable mail address since the inbox is open to anyone who chooses to look at the account. If the information is semiimportant you should choose a pretty random mail address.

Re:Unnescessary but nice with more options

[BenFranske]

Yep, I was going to point out that Spam Gourmet has been doing this for years. Granted this is a different slat where the addresses expire in some period of time instead of some number of messages but they are roughly equivalent.

Re:Unnescessary but nice with more options

[Jugalator]

Yeah, I really like SpamGourmet's twist on this problem...

It's very convenient to use your regular mail client to read your "risky" mail, but still restrict it to e.g 3 mails for account verification.

There's an extra curiosity with it as well -- it can be used to detect which sites sell your address. Set it to cap at 5 mails, and if it keeps trickling in beyond the 1-2 mails, you know exactly which company originally sold it.

Re:Unnescessary but nice with more options

[Macgyver7017]

Actually, spamgourmet doesn't bounce the messages once the address expires, it just silently discards them. This is nice since it doesn't tip off the site that your address was/is invalid.
-Jon

Re:Unnescessary but nice with more options

[larytet]

and another two

mytrashmail.com

bloglines.com (part of the service is ability to create/delete e-mail accounts by exactly two mouse clicks)

Re:Unnescessary but nice with more options

[Inda]

I like the way it's blocked 812 emails to my slash address this year. Bots crawling this site... how stupid is that? Or maybe Taco is selling... no, that couldn't be true. ;)

I only show it above for the fun of it.

Other spam-fighting mail services

[overbored]

First, there are tons of other services that do this already. However, I personally am not very interested in expiring addresses; I frequently want to keep receiving mail at that address into the future (and some services simply don't allow you to update your email address, in which case you're screwed).

Up until last year I've been using the popular (and open-source) Spamgourmet. It caps you at a max of 20 messages, though, so if you want to keep receiving mail at that address, you need to continually reset the message count (and a burst of mail exceeding the limit will result in lost messages). Furthermore, a lot of spammers have been targeting it lately, generating email address like blah1.yourusername@spamgourmet.com or blah2.yourusername@spamgourmet.com. Yes, you can solve this by requiring watchwords, but then you need to remember to add that substring into all your future email addresses.

Another one that I've been using a bunch is mailnull.com, which lets you explicitly create addresses in the form of yourusername.ebay@mailnull.com. A disadvantage is that you cannot use it as an outgoing proxy for sending mail.

Finally, there's sneakemail.com, which is like mailnull, except you work with completely mangled names (aw4jo48esaf9@sneakemail.com), and it does proxy outgoing mail (so I use it when signing up for things where I may want to reply, i.e. mailing lists). At first, the sneakemail site is a complete turn-off, but the service is probably the closest to what I'd want to use.

Re:Other spam-fighting mail services

[overbored]

I guess I should add that a disadvantage of the latter two services is that explicit address creation is higher maintenance than Spamgourmet, with which one can create addresses on the fly. So even though bookmarklets make this pretty quick and painless, should you simply *forget* to create the inbox before submitting the form, you're screwed (you've lost that first message). From this perspective, watchwords seem like a simple-enough solution to the problem, meaning Spamgourmet's disadvantage is just its message cap.

Re:Other spam-fighting mail services

Actually Sneakemail offers that too - I can have an 'auto address key' so that email to mylabel-mykey@sneakemail.com will be automatically sent to me, and the mylabel is the unique label I give to this site. (Your GP post is slightly wrong in that you don't have to work with completely mangled names, although that is still the usual way and guarentees there's no chance of a rogue website making off with your key.)

I believe this is a subscription feature through.

Re:Other spam-fighting mail services

[$pace6host]

Finally, there's sneakemail.com, which is like mailnull, except you work with completely mangled names (aw4jo48esaf9@sneakemail.com), and it does proxy outgoing mail (so I use it when signing up for things where I may want to reply, i.e. mailing lists). At first, the sneakemail site is a complete turn-off, but the service is probably the closest to what I'd want to use.

I used sneakemail for free for years - the web interface is ugly, but I only use it for a few seconds, and you can probably do 99% of your activity from the login page (create a new address or find an existing one). I finally started paying for the service (heh, after a few years and a few hundred disposable addresses, I figured I'd try the pay features) and now I get the ability to create intelligible throwaways with a keyword. You give sneakemail a keyword (first come, first served, like logins) and all you have to do from then on is send email to <arbitrary>-keyword@sneakemail.com (e.g. slashdot-keyword@sneakemail.com), and it will create the email address on the fly when the first message is received. Free accounts have a fairly low bandwidth cap, though I suppose you could create several of them if you really wanted to. I haven't hit the cap on the pay account yet. Another cool feature I use sometimes (and it's available in the free account) is to have sneakemail forward the inbound messages to multiple addresses (like when I'm looking for an important message, and I don't know if it will come when I'm at work, where they won't let me access my home email, or at home, where I can't get to my work email).

Spamgourmet

[neosake]

I personally find Spamgourmet to be more interesting...

You sign up (yeah, I know, you have to trust them) and give out email addresses like
madeupkeyword.X.yourusername@spamgourmet.org
where X is the number of messages (up to 20) that you want to allow for a particular word. Spamgourmet forwards X number of messages to your email, and then quietly destroys any further messages.

Re:Spamgourmet

[machineghost]

I just want to second the parent post: spamgourmet is awesome!

Re:Spamgourmet

[gringer]

I find spamgourmet useful for other additional reasons:

1. Gives you a list of keywords that you've used previously
2. If people appear to know your system for choosing address names, you can change it
3. You can send email from one of the disposable addresses
4. You can use other domain names as well (e.g. neverbox.com)

A good service, provided that you're willing to trust giving them one of your current email addresses.
http://www.spamgourmet.com/disposableemail.pl?prin tpage=faq.html

Re:Spamgourmet

[Aladrin]

I've used spamgourmet for years. I'm surprised nobody has mentioned the negative bits:

Horrid interface. (Luckily, you only have to use it when you need to change things, not add them.)
Slow. Sometimes my mail has been delayed for hours for no apparent reason.
No safeguard. If it eats some SPAM, it's gone. Forever. No retrieval, even if you catch it within seconds.

I still use it a LOT, but with GMail's spam filter, I just don't worry so much now. I have a 10+ yr old email address that was signed up for everything under the sun back then. I recently moved that domain to GMail's corporate apps and check that address directly. It has passed about 15-20 spam out of around 4500-5000 that have come in. That's a LOT better than Thunderbird has done for me, even after months of tuning.

In short, I use spamgourmet, but not nearly as much as I used to.

Re:Spamgourmet

[Frogbert]

I love spamgourmet. What I like to do is actually include the name of the site as the keyword. It gives you a great idea of who is selling your addresses.

Even more easy

I use mytrashmail.com

yet another recommend: bugmenot.com

[muel]

http://www.bugmenot.com/ -- for when you need a username/pass to log into a particular free site (New York Times, AllMusic, etc.) but don't want to bother registering. Assumedly, this site will knock out half of your reasons to use these various quickie e-mail services. Enjoy!

spamhole

[Inmatarian]

This isn't that new of a concept, Spamhole has been doing this for years now. Though, some of the major server-side spam blockers will filter out spamhole before it ever reaches your inbox.

Re:Spamhole

[bonezed]

spamhole.com is great

I've been using it regularly for years

Banned

[Dan+East]

Thanks for the heads up slashdot - I've updated my forums' email ban list. It's joined the likes of mailinator.com and its alias domains (fakeinformation.com and sogetthis.com).

Dan East

Re:Banned

[b0s0z0ku]

Thanks for the heads up slashdot - I've updated my forums' email ban list.

I'd suspect that most actual spammers go through the likes of hotmail and gmail since the accounts last longer than 10 minutes, so they can use a single account to attack a lot of forums.

-b.

Re:Banned

You've also banned hotmail.com, yahoo.com, fastmail.fm, and similar, I presume? Because the probably most common way of "generating" throwaway email addresses is to simply create them now and then on services people actually use for email. Since such throwaway addresses are indistinguishable from real addresses registered on free services, you would have to alienate a lot of potential community members just to alienate the few that you were, err, trying to alienate. (Explain to me again what possible purpose that could serve?)

Re:Banned

Thanks for being such a huge fucking faggot, bitch!

Re:Banned

Here you go Danny Boy, chew on this. Today's domain is ajaxislame.com. Be sure to check every other day.

Re:Banned

I second that.
 
God knows how many spam bot get past the almost-useless phpbb authen. and spam in my forum. My mods have a list of banned domains that cover (last time I checked) over 50 domains.
 
  I get more than 5 bots / days if I don't activate various addins.
 
Oh yeah, another thing - phpbb fix/upgrade your gawd damn capeta. I don't want to use third party addins that become obsolete whenever you decide to have a "security upgrade".

Re:Banned

[Kelson]

I'd suspect that most actual spammers go through the likes of hotmail and gmail since the accounts last longer than 10 minutes, so they can use a single account to attack a lot of forums.

Not familiar with the GP's site, but I can imagine something like this would be useful for trolls. Also, TFA mentions that you can choose to make the address last longer than 10 minutes if you want.

Re:Banned

[troicstar]

Cool thanks for that. Is 48 hours enough though ? They'll soon be looking at correlations in whois info. Shame they can't randomize those.

Re:Banned

[Ant+P.]

I've avoided email for any sort of authorization at all. I've considered using OpenID but the spec's gibberish to me.

So I've come up with my own registration system. New users get put into a queue and aren't allowed to use their account for a day or so. That alone kills 95% of spambots. After that, they can login and manually activate the account by clicking a button. If they leave it unused, it gets purged after a few days.
You might think it sounds like a pain in the ass, but here's the clever bit: it lets already-registered users click the button for them so they can skip the queue. And if someone tries to make a million accounts and activate them himself... that's what cascading deletes are for.

Re:Banned

[Superfarstucker]

I doubt there is anything more to completely defeating this then a 5 line wget / sed script for those so inclined. You could

Re:Banned

[Snaller]

But there are registars which offer anonymity, now millions of more sites to ban. Wouldn't it be easier to get of the internet?

Re:Banned

[Jugalator]

Thanks for the heads up slashdot - I've updated my forums' email ban list. It's joined the likes of mailinator.com and its alias domains (fakeinformation.com and sogetthis.com).

Dan East

If your customers use services to avoid submitting personal information, they will just keep using alternative ones OR actual hosts, but with bogus information. You don't really win anything on doing this.

Re:Banned

[Jugalator]

^-- Btw, maybe I should clarify although I doubt it's necessary to anyone with a brain. :-) With "bogus information" I mean real addresses where people can check their data, but only registered for registration feedback and not monitored otherwise. The problem isn't really your users picking bad ways of registering, but the spam threat and privacy.

Re:Banned

[Petrushka]

2prong is nice. No clicks required: going to the site auto-generates a random e-mail address (which the web page checks as long as you're on it) and at the same time dumps the e-mail address into your clipboard, so you don't even need to copy-and-paste. I like.

Re:Banned

[mgblst]

Still waiting on my registration code...

Just kidding, what a fun forum, who wouldn't want to join.

2Prong Mailinator 10 Minute Mail

[shawnmchorse]

I use these throwaway e-mail addresses quite a lot in testing various web applications (which often require unique e-mail addresses for each registration or whatever). A lot of people have already mentioned Mailinator, so I'll also mention 2Prong. I came across it one day when Mailinator was down for whatever reason. It has a couple of things in its favor. First, it only uses a domain for two days before moving on to a different domain for throwaway e-mail addresses. So the likelihood of you ever finding the domain blocked is essentially nil. Second, it works completely automatically. All you do is copy/paste the e-mail address, use it, and then the page auto-refreshes when it gets the confirmation e-mail or whatever it is you're looking for. Nice and clean.

Direct Link to the site

If you want to go to the site directly, go here:

10MinuteMail.com

They will get banned just like bugmenot

[VGfort]

It will just be a matter of time before people that write forms make these email addresses not available to be registered with. I've seen some apps that already block some of the other fake email generators.

Re:They will get banned just like bugmenot

[Jugalator]

So if I have an extra user on a legit host just for throwaway reasons (like looking for board registration feedback), what should they do then?

I have a hotmail.com address for this and know many others that do; surely they can't block all of those?

They'll never really be able to defeat people not wishing to give away actual contact information, so I wonder why they even bother.

Been using spamgourmet.com for a while

[Kris_J]

I use Spamgourmet and I'm really happy with it. It's kept my real email address protected for years.

yet another boring Demo launch.

[KeyThing]

And yet another domain to add to my list of blocked domains... that much is appreciated.

If people are so concerned with their emails "getting out", then use a 1/2 way acceptable disposable email service (gmail comes to mind) and just use it to subscribe to things.

There are too many applications out there for email protection. My favorite is Hide My Email. It's simple, fast, and free. If someone REALLY wants to get your email, they can. To me, that's the valid part... I'm not preventing anyone from contacting me... I'm just making them prove that the contact is worth the effort.

Just my .02 cents...

Re:yet another boring Demo launch.

I really can't see the point in HideMyEmail.net

1) you enter your real email addy (bob@sample.com)
2) it generates a url: http://www.hidemyemail.net/index.php?d=Ym9iQHNhbXB sZS5jb20= which you can post on forums with
3) anyone clicking that url sees your email address in plain text

I can see what it's trying to achieve, I just don't think it will work.

A generic email address harvestor will just follow the link and see you email in plain text. Flawed protection is worse than no protection at all. Lets not even think about the spammer actively targetting hidemyemail.net (google, find links to hidemyemail.net, follow each link)

If hidemyemail.net displayed your real email as an (obscured) image I could see the point, but as it is, I'd rather stick with spambob.com

Adsense TOS

[Joebert]

Great, yet another hole for spammers to slip through to aggrevate administrators.

"Anyhow, I'm proud," he writes. "Check it out, click on a Google ad or two if you would, and let me know what you think!"

They're going to be pretty pissed if Google cancels their account because of that little jewel.

I have special insight on this issue.

[ScentCone]

Just write to me at... oh, wait, it expired. OK, just did a new one. Shoot me a note at... damn. Hold on. OK, ready. Hit me at... damn! Never mind.

Nothing new

http://en.wikipedia.org/wiki/Disposable_e-mail_add ress

http://www.mailinator.com/
http://www.pookmail.com/

slashdot@mydomain.com

[Tim+Ward]

Yeah, I've got one of those.

As 100% of emails to that address were spam it now silently deletes anything sent to it.

Why use a throwaway email?

[AnalogDiehard]

I use "abuse@whatever.com" to sign up. Gets the message through loud and clear.

Re:2Prong Mailinator 10 Minute Mail

[ottothecow]

seconded.

2Prong is great (except it crashes my firefox 1.5 on ubuntu but who knows...probobly not their fault)

"You currently have 1 messages."

[mars_rover]

Oh good. I have 1 messages. I also have 1 computers, 1 kid(s) and 1 cars at home. FFS people, how hard is it to write a few extra lines of code that append an "s" to the word "message" only if you have MORE than one message???

A Question

[Physician]

What is to keep the domains of these services from being blacklisted for use? There are already many websites that require you to use the primary e-mail address of your ISP like a comcast.net or aol.com.

Vs Gmail

[Threni]

Just get (another) gmail account and use that. Or am I missing something?

Re:Vs Gmail

[Flashbck]

I agree with this logic. I have my normal gmail address as well as a throwaway. I just sign up for junk with the throwaway addy. I can check it and don't care how much junk goes there. No need to remember myname667847736292347865623785623459465@whatever.c om. flashbcksjunk@gmail.com works great for me. that is not my throwaway btw.

Re: yourcompany@mydomain.com

[Dan+B.]

That's almost the same as my strategy. I get everything at my domiain that is not destined for an existing user, so I sign up to each and every web service that requires an email address with @mydomain.com

Again, you can see almost immediately where dodgy email is coming from if they decide to do a little bit of a sell, or they have poor security around their email databases. I find however that 99.9% of the span I get (well, block - greylist milter FTW), the address is sourced from other people who have my real email address, and don't protect their systems well enough. Trojans et al are very good at harvesting email addresses of home PCs these days.

that's what I thought Hotmail was for

[BroadbandBradley]

1. Sign up
2. enter on the website in question
3. go to hotmail and sift through junk until you find the verification email.

Let me add another suggestion:

[StarfishOne]

http://www.mytrashmail.com/

Very handy temporary email accounts.

is this really news ?

[testednegative]

yawn, others provide this already. not going to talk about mailinator or spamgourmet but i will mention www.spam.la as no one has yet. thats my discardable email of choice, sure all the emails arriving @spam.la are visible on there but you can filter. simple and straighforward. and no signingup required. enjoy.

What aboyut Gmail?

[houghi]

I just use a gmail adress for that. Login to the site and eneter my gmailadress houghi.spam@gmail.com, go to gmail and see if it already there. If not do a refresh.

No need for me to fill out some adress I have to look up or activate first. I also don't care how much spam I recieve on that adress, as long as I can see the mail arriving. If spam is so much active, I can just make a new gmail adress.

been there done that

[JustNiz]

check out temporaryinbox.com

DIY Onetime Addresses

[Doc+Ruby]

I wish there were a bot like Majordomo which would take a remote email address, generate a hash from it, create a new mailbox alias with the hash as its name, and send a message to the remote address notifying it of the new mailbox. With a note attached, either a default or one I specify when I trigger the process.

Then I could generate addresses for each remote party with whom I correspond, and delete them. I could control whether an address bounces or just consumes mail later. I could expire the mailboxes after a time period, or a message count, or both.

And I could track how the remote parties disclose my address to one another, by watching which addresses receive messages from new remote parties, without the new remote sender even seeing that the addres they used contained the ID of the party to which I originally sent it.

That app would be very useful since I manage my own mailboxes. But it would work just as well for anyone using mailboxes I manage, as long as they trust me to keep the hash lookups. They're trusting me to handle their mail, so that seems OK. So webmail providers could use it, too.

I used to do this manually, editing my /etc/aliases file. I'm disappointed it's not fully automated by now. Maybe a Slashdotter will surprise me, and tell me where the installer package can be grabbed.

Re:DIY Onetime Addresses

[chromatic]

Perhaps Mail::TempAddress might work for you.

Re:DIY Onetime Addresses

[Doc+Ruby]

Perl: still the best :). Slashdot: sometimes still the best ;).

Another alternative

[dkasak]

Spambox is yet another disposable email address service with one notable difference; it doesn't give you access to the box but rather forwards mail to some other address of choice. You can also adjust the time period of the validity of the address.

Already here

[Tylerious]

Spambob.org provides a similar service already.

Similar in concept

[isnoop]

I wrote up a simple webapp for similar purposes a while ago:
http://dodgemail.com/

The main difference is that you get a javascript snippet that creates time-sensitive email aliases that forward to you. They are only good for an hour or so, so they are spam proof to all email spiders except those with immediate turnaround.

Brian Livingston did a much more comprehensive writeup on it here:
http://itmanagement.earthweb.com/columns/executive _tech/print.php/3596436

I'm waitin for the diosposable credit card

[EmbeddedJanitor]

Make a new one and when the balance starts looking ugly, throw it away and make a fresh new shiny one!

Another list

[h3]

Here's another list:

http://www.listible.com/list/disposable-email-serv ices

I also don't know why this 10minutemail site is getting the attention it is. I like jetable and shortmail myself (option to forward).

Re:Another list

[mudeth]

Seriously, how does 10minutemail even merit an article? Everyone knows about mailinator and 2prong, right?

Yahoo has been doing this for years

[jamonterrell]

At least on my SBC Yahoo account I've been able to do so... you click the button and it creates a fake e-mail address that forwards to your real one and lets you send on behalf of it.. just delete it when you're done.

Grammatical number and localizability

[tepples]

how hard is it to write a few extra lines of code that append an "s" to the word "message" only if you have MORE than one message???

This can be very hard if you want to expand your market beyond anglophone world, especially to users who speak languages that have ways of forming plurals other than something like the s-suffixation used in English. For instance, some nouns in English, German, Hebrew, Arabic, and Sindarin use what has been called an infix or a simulfix: goose > geese. Worse, languages may have more than two categories of grammatical number. Categories attested in some languages other than English include nullar, dual, paucal, and distributive plural.

Re:Grammatical number and localizability

Sindarin? Like, elves-in-Tolkin Sindarin?

There are reasons to think that pluralizing in code is hard, but Sindarin is not one of them.

Re:2Prong Mailinator 10 Minute Mail

Disadvantage: seems to need Javascript - doesn't work for me.

Also, if it catches on, blocker scripts could quite easily add the new domains to their block lists regularly by simply sending a request to the site and parsing the generated email address.

Digital Condom?

[rhkenji]

So its like a digital condom whenever we're going to register our something on a website.

It has an extra step....

Forgetmail.com has been doing this for years....but without the need to register beforehand. Also, it has a nice clean and slick(ajax) interface.

Does this mean....

[gemada]

that i will now get all my emails in under 10 minutes? why, just the other day my staff sent me some emails along with my internets

Gmail, + - and how to use related addy's forever.

[arete]

Mod parent up - the "+" is quite unreliable. qmail uses a "-" for the mostly-same purpose.

For those who think this strategy well-and-truly evaporates when companies realize it, think again.

Let me back up a step: There are three reasons to use such a strategy: Tracking (eg, to prevent them realizing that the same person registered at two sites when they control both) spam ( to prevent spam) and spam-tracking (to track who SENT you spam.)

The tracking requirement is only met with very unique addresses - ideally at different such services from different IPs, perhaps using TOR - or using TOR sometimes. Gmail w/ plus isn't really good enough for this if companies figure it out, but it isn't really good enough anyway, personally.

The other two requirements it IS good enough for. Even if spam companies figure out to strip back to the plus, that only gives them access to the main account. Since the main account isn't secret, simply don't use it as your "private" account - let it get filtered like all the other semi-spam. If you want some mail to have a "nospam" priority do something like "me+secretworkemail@gmail.com" where you're ADDING more/different stuff after the plus.

Re:Vs. Mailinator BEWARE + HELP!

[andyatkinson]

BEWARE of the "+" addressing of Gmail feature. I signed up for a MySpace account (bad idea) with my email "+signup" so I could immediately send all the ensuing crap to the garbage. A month later when I went to delete my MySpace account, they informed me they would send send me an email to confirm my delete. After doing this about 10 times, I realized I was never going to get the mail and I wondered why. I DUG IN a little and guess what I found out? ....there stupid code was sending an email to "myemail signup@gmail.com"!! A white space character! So my conclusion was that when I registered, their client side string validation parsed out the "+" character and they stored my email in the database as "myemail signup@gmail.com" which of course is not valid. After about 40 million emails to MySpace explaining this I've given up on canceling my account and settled for obfuscation.

BEWARE: bonehead sites might parse out the plus sign
HELP: Anyone know any way I can get MySpace to delete my account? (I've tried changing my email address but guess what: you have to confirm it by email to your original address first!)

BAAAGGGHHH!

Re:2Prong Mailinator 10 Minute Mail

[troicstar]

If it catches on, and it starts getting blocked, there will be other ways. Which came first, throwaway email addresses or email-hoarding / pointless-registrations ? I think its a justified reaction, and will remain so for the forseable.

Favorite method, also easy, also free

[winomonkey]

There is this service out there ... I believe that it is called Hotmail or something. It is free and easy to use. You sign up for an account (maybe MySpamAccountForOnlineStuffandThings@hotmail.com), and then use it exclusively for online accounts, etc etc. Will it get flooded by SPAM? Absolutely. But who cares, it's your SPAM account.

Or Gmail.
Or Yahoo.
Or any of the free services.

This is easy stuff, folks, and you don't need a temporary address that will eventually be blocked by the majority of the verification systems to take care of it. One account for work, one for personal life (or two, because your 10-year old hotmail account is too full of V1@grA! adds), and one for junk. Not exactly hard to do, folks.

call beans

You can read them, click on links, and even reply to them.

i will NOT use my isp email address, i use it for family business but for others i always create an email at yahoo and gmail for use then forgot the email, so i say fuckgetted and just use a temp email address at mailinator or dispoasbable mail.. that is if your using it to sign up for newsletters, porNOs, and forums

ya nah wha ima sayin' daqies?

what a waste of time

[geekoid]

oh noes! you banned a tempory email site!

This will do nothing to help you in any way. people will stil use some yahoo/gmail/hotmail account.
Or they'll have an extra email account they get from their ISP as a dumping ground.

the only thing you ahve done is allienate people who might be interested in your forum, but don't know you enough to trust you with an actual email account.

Re:what a waste of time

[trawg]

Unless, of course, you block yahoo/gmail/hotmail - which is what we do. Granted that's not for everyone but we're only interested in users that have a 'legitimate' ISP email address.

Re:what a waste of time

[dballanc]

And I'm only interested in services who do not need my email address at all. Fortunately the net is big enough we can both have what we want.

Re:what a waste of time

[MotorMachineMercenar]

Why? I haven't used a "legitimate" ISP email address in 10+ years, except for school stuff as they don't like to forward to my webmail.

Yahoo Addressguard

[HeadlessNotAHorseman]

Yahoo provides throwaway addresses (addressguard) to paying subscribers

I am not a paying subscriber and I have access to Addressguard. I love it, I use it for everything I register for. It's also not linked to your actual account in any way. The addresses are in the format "basename-something@yahoo.com". The basename is common to all of your addressguard addresses (mine is "azilanen"), and the part following the dash can be anything you want. My yahoo ID is something totally different, and I only give that out to friends.

It's interesting because it allows you to have unlimited addresses so you can see which forums/sites the spammers are getting your email address from.

the real question is.....

[3seas]

how do I filter the spam being sent me thru such utilities?

This is great! I used it for Slashdot!

I don't want Big Brother netizens at slashdot having my real e-mail address.

So I used this service and a throwaway address just to register.

I highly recommend it. AAA+++ would use again

posted as Anonymous cos I can't remember my password.

Re:Vs. Mailinator BEWARE + HELP!

Change your profile picture to a picture of a penis. In my experience, your account will be deleted within 48 hours.

mod parent up

[Umbrae]

As terrible as that is, that's brilliant.

Excellent Review of Top 10 DEA Services

[CheapScott]

Review: http://email.about.com/cs/dispaddrrevs/tp/disposab le.htm

Personally, I use http://www.emailias.com/, which has worked great for me. It also lets me use my own domains, and seems to have just about all the other options others are mentioning.

God, you're a moron.

No, what he's done is ban a service that will undoubtedly be abused to spam his forums.

"LOL GMAIL YAHOO PERMANANCE!"

Erm, idiots, are you all? You report a spamming account to Yahoo/Gmail/Hotmail, it gets shut down. Much like having a hacked system spewing spam for long enough, it gets shut down.

SPAMMERS DO NOT GO FOR PERMANANCE - NOR DO THEY HAVE TO. The only thing they are concerned with is delivering a shitload of mail and getting the hell out so they can spam from somewhere else.

Spam from web sites is not that common.

[the_REAL_sam]

I made a spam catcher email address years ago just to register with websites. I thought I might be receiving all kinds of junk email at that email address, but I've received less on that one than from my normal email address.

On the other hand, the 10 minute email address sounds great for asking ransom for kidnap victims and stuff. LOL.

Craigslist...

[Evro]

I just use Craigslist. Create a fake ad looking to buy a 2007 BMW for $100, Craigslist issues you an anon redirect email address, expires after a couple of weeks. Voila.

Re:Craigslist...

[ScottSCY]

But then Craig knows all the websites you are going to.

If you own your own domain...

[aaaurgh]

...you can do it just as easily.

I configure one e-mail address per site/usage for my domain, named accordingly but with an 'anti-guess' element e.g. slashdot-123@... This way, if I start to get spam on any address, I can simply reconfigure that single address on my domain and change the address at the one site (or delete it altogether if I no longer require it) and, voila, no more spam or unwanted mail.

It adds about two minutes extra to the registration process for a site, but it's worth it. Of course, using an I.S.P. with good spam/virus/etc. filtering helps too!

Re:If you own your own domain...

[rHBa]

using an I.S.P. with good spam/virus/etc filtering

I've been using the same email address/domain for 5+ years and I don't receive more than 5 spam emails a WEEK. I can't remember which spam filter system we use but all mail from public smtp servers is bounced and it uses a blacklist of other smtp servers as well.

Re:Vs. Mailinator BEWARE + HELP!

[Kyro]

Why don't you read the myspace terms and conditions etc and try and break every single one in a post on your myspace page. Put something nasty about Rupert Murdoch and Fox in there just to make sure.

Then send an email to myspace saying john doe has offensive material etc on their page. It felt great when I deleted my myspace and friendster accounts.

If you don't trust spamgourmet.com run your own

[MCRocker]

You sign up (yeah, I know, you have to trust them) and give out email addresses like

If you don't trust spamgourmet.com with even one email address, then you can always get the source and run it on your own server.

P.S. I'm a big fan of spamgourmet and have been using it for years. I recommend it to everyone who asks about spam or registration web pages that require valid email addresses. I've even done a little work toward creating a servlet/filter that generates timestamped and requester IP address encoded mailto links so that any harvested email addresses that are subsequently used for spamming can be linked back to the harvester when reporting abuse.

Well spammer

[Snaller]

You are wasting your time, every country has tons of free email addresses. Might as well give up now.

This is not news

[quakeroatz]

Christ people, http://www.spamgourmet.com/ has been doing this for over 6 fucking years!

Sure a 6 month or a 1 year dupe is possible, but over half a fucking decade?
Is Slashdot going to re-annouce the release of Windows 2000?

Fuckety shit fuck!

Ok I feel better now...

Sneakemail.com

[RobinH]

I prefer Sneakemail.com. It lets me keep the "temporary" address for as long as I want. I have a different address for every single web service. If one of them starts spamming me, then I can permanently delete that address.

What ever happened to accountability?

[FliesLikeABrick]

As the owner of numerous sites, I have to say that it is a problem to have so many free e-mail sites that allow users to just sign up and throw away the account. There is a reason that sites require valid e-mail addresses to register.... for accountability and need-of-contact situations. If a site requires a valid e-mail address and has an activation system and all... please take a clue and realize that maybe there's a reason for this.

Now, if you're going around signing up for free X-box and iPod pyramid schemes... the problem isn't that you need a toss-away e-mail account to do this with, but rather you need a new hobby.

The last thing that legit online forum and chat mediums need are more smurfs and trolls. I (and I'm sure others) wish that the internet would evolve slightly such that people have a main e-mail account and don't go around being a pain in the ass or being overly paranoid about receiving spam from signing up everywhere.

The solution to dodging spam is to go after the spammers, not dodge their spam.

Re:What ever happened to accountability?

[nolife]

If a site requires a valid e-mail address and has an activation system and all... please take a clue and realize that maybe there's a reason for this.

I will provide a valid email address for specific web sites if the site is worth it to me (meaning that it provides a measurable benefit to me) and I determine that I might need to be contacted by an alternate means for specific issues with that site. By my own determination, if both of those conditions do not exist, I will use a fake address. If a large percentage of your sites visitors are using fake information, you are not providing enough of a benefit that people think it is worth providing real information for. Regardless of wether you or any site owner think this information is important, the user base may not.

The solution to dodging spam is to go after the spammers, not dodge their spam
Let me know how that plan works out for you.
I agree but in the real world, that method is by no means even remotely effective as a method to prevent spam.

Where Do Spammers Get Addresses From.....?

[IHC+Navistar]

The guy who posted below me, the one who says he is the 'owner' of several sites, claims that thy need the info for contact issues. Hmmmmm..... One has to ask, though, where exactly the spammers get their supply of email addresses FROM..... sites just like his. Yeah, we believe you.....

Spam-And-Eggers like him are the hosts that the spammers feed off of, and most likely pay off in return for massive lists of email addresses that they can add to their already massive lists of email targets.

The main reason that site owners don't like disappearing email lists is that the emails are non-existant by the time they try to sell the lists to spammers. Additioanlly, no spammer is going to want to do business with someone who is supplying them with non-existant email addresses. Now that spammers have become wary of disappearing addresses, the value for such lists will go down, since it can now be expected that more and more of the addresses on the list are non-existant.

Re:Vs. Mailinator BEWARE + HELP!

[k1t10]

The easiest way to delete your myspace account is to just fill it with porn and then report it ;P

Hmm, actually gmail does allow this

[xant]

Gmail lets you filter on basically anything you want. To implement the GP's suggestion, you would:

Give out your "real people" email address as xant+hello@gmail.com

Give out your "websites" email address as xant+thinkgeek_is_a_damn_spammer@gmail.com (for example)

Set gmail to allow xant+hello to pass through the Inbox.

Set gmail to drop xant@gmail.com and xant+*@gmail.com into the spambox.

Re:Hmm, actually gmail does allow this

[AVonGauss]

My apologies Dark Coder, I was wrong - thanks for correction Xant.

Mailing lists, too

[xant]

It occurs to me that you could even have a REALLY public email address that passed through gmail's filters properly.

The problem I have in mind is that I participate in (not just lurk on) several mailing lists. When I post, my email address is out there for spammers to find, eventually: gmane.org, among others, is a great place to harvest emails. What can I do about this? I actually want to get email on that address (the list itself) but I don't want spam to get through.

The solution:

- implement the post I just made, above.

- Sign up on the mailing list as xant+mailinglist@gmail.com (you may want to get more specific about which mailing list, but it's not really necessary)

- Set gmail to keep (or label and move) email matching To:xant+mailinglist@gmail.com AND From:(the real mailing list address)

- Set gmail to spambucket To:xant+mailinglist@gmail.com that isn't from the real mailing list.

True, it's possible to for a spammer to forge the From address, but that doesn't seem to happen very often. At least, in the lists where I participate.

Well that sucks.

[raehl]

It is designed strictly for recieving email you don't want.

Is there any service strictly designed for not receiving the email I don't want?

Re:Well that sucks.

[Firehed]

For $10 plus travel expenses, I'll come down to your house and yank the cord associated with your internet connection. I think that should take care of the problem fairly well. No promises on receiving the mail you do want though.

Re:Well that sucks.

[ThJ]

On a site I run, we've had constant problems with saboteurs using these kind of services for creating accounts in order to spam some paint chat rooms we've set up. We've been forced to restrict access to new users, and other measures. To sum it up: It's good that e-mail addresses are easy to create, but it's bad that e-mail addresses are easy to create.

Re:Well that sucks.

[MCraigW]

You need to have a confirmation system set up, and not allow users access until they reply to, or click on a link in, an email sent to their address. Maybe that is what you're now doing -- how are you handling it?

Re:Well that sucks.

[Thansal]

The problem is that I can create an email address in a coupple of seconds to a coupple of mins, submit that, click the link, and I have authed with out ever giving my real email. And with the services like 10mm and mailinator, it is incredibly quick and easy. Admitedly I always just create junk GMail accounts (ussed to make junk hotmail accounts, but gmail is much faster). The part that I actualy like about making junk gmail accounts is that I just name them using a standard (for me) meathod, and if I ever need to check mail from the same place, it is all still there (for instance, Thansal.newsday@gmail.com, Thansal.JonsBlog@gmail.com, Thansal.slashdot@gmail.com). So, unless you want to block all free email services, you are SOL.

Re:Well that sucks.

[ThJ]

Like everyone else, I have an e-mail confirmation system. The article above is about convenient ways of creating fake e-mail addresses. This renders e-mail confirmation useless. I did start blocking all fake e-mail services (Spamgourmet, Mailinator, a heap of others) a while back and that did help some, but you can't fix Hotmail and Gmail.

Re:Well that sucks.

[ThJ]

Precisely.

Similar to Mailshell

[reedk]

Mailshell http://www.mailshell.com/, a commerical offering, has in the past offered limited (10MB) accounts with throwaway e-mail addresses. It will accept any e-mail to whatever@yourname.mailshell.com, and you can approve or reject any such e-mails. I've been using it for years very effectively. I don;t get anything for the plug; it's just a very nice service.

Ignoring a problem

[ipooptoomuch]

Although the idea for these type of emails is good, I think that it is ignoring a problem. ANYBODY that ever gets your email should NEVER give away that email unless they let you know. A possible solution to offenders would be a $1 million dollar fine, being tarred and feathered, then having all of the offenders personal information available to the general public for lifetime :D

Throwaway Addresses = Hotmail/Yahoo

[Ka+D'Argo]

That's basically what they've been for, for many years now. Back in the day hotmail was alright but not it's just a nice web based spambucket for website registration.

Sure, alot of sites have started to "not allow" public email sites like hotmail or yahoo to be used for registration. generally the rule of thumb for those sites is A) they are just too uptight about registration in the first place so going out-of-your-way to sign up must be really really worth it or a waste of time and B) that site that requires that tends to be plagued with people signing up tons of dummy accounts for any number of reasons (spamming, abusing the number of registrations per user, etc). While the second is more forgivable, the first is just the webmaster being lazy. I'm not going to use my ISP email for your basic web forum registration, nor am I using my Gmail account for most things like that either.

Worst comes to worst, you start Googling web mail services till you find one thats obscure, has been around a while and won't be going anywhere anytime soon, so you can register for sites anonymously and still have the email there later for password reminder if needed.

Postfix?

[woolio]

I do the same....

Except I configured a recipent blacklist in Postfix for blacklisting certain addresses...

The REGEX textfile database is really powerful... I use regular expressions to define acceptable or blacklisted recipents. For example, I can allow all catchall-recipents sent to "NOSPAM_xxx@mydomain.com" [Recently did this to filter out the bounce messages from spammers who use random characters before the @]

You can also define a personalized rejection message for each address....

You might find this useful if you use spamassassin.... I was getting several hundred spams per hour recently... With spamassassin this was a bit taxing.

Not Easy?

[Ashcrow]

Since when were throw away email addresses hard?

Or...

[one_red_eye]

Just use Gmail and invite yourself to Gmail whenever you need a new email address.

not even a mouse on a wheel

[splict]

No! No, no, not 9! I said 10. Nobody's comin' up with 9. Who gets mail in 9 minutes? You won't even get your instant message, not even a mouse on a wheel.

Re:This won't stop my mom from sending me e-postca

[larytet]

another option is bloglines.com - they allow you to create an e-mail account in single click. The e-mail will look like username.[6-8 digits]@bloglines.com

bloglines aggregates all incoming e-mails in separate RSS feeds, removes attachments and shows them accordingly

Yep, except...

[patio11]

... the RFC lets your mail server do whatever the heck it wants to the stuff after the + part. In GMail's case, if you strip off the +whatever you end up with the base mail address. In my case, if you strip off the +whatever you just got /dev/nulled (trashaccount+trustedmailer@mydomain.com gets redirected to my inbox, trashaccount@mydomain.com does not) I really hope GMail keeps doing it their way because mydomain.com receives a heck of a lot less email than they do and if the spammers ignore me to focus on their bigger fish, yay. Anyhow, my GMail address doesn't get any spam and I don't see that changing as I take care to protect it.

Sidenote: does.this.screw.people.up.or.what@gmail.com Honestly, its like they can't write regular expressions which will process a period in the user name. That isn't my real address, incidentally.

Re:2Prong Mailinator 10 Minute Mail

[slizz]

2prong actually puts the new email address in your clipboard (copies it) automatically - all you have to do is paste it.

Re:This won't stop my mom from sending me e-postca

[Ziwcam]

Most of the people I know already keep a secondary address on gmail/hotmail, etc for this purpose.

This works, but things such as invites, forwards, e-cards that your friends send you with good intentions still mess things up. I had a good clean 3-year run with my last address, but lately it's just spiraled out of control.

That's why I don't give my friends my e-mail address. They couldn't understand why forwards and evites and e-cards were BAD, so I had to change my e-mail address and cut them out of my circle.

Spambob

[Genocaust]

I've always used spambob.org for things like this. They have plenty of different addresses and domains to choose from depending on exactly -how- disposable of an email address you want.

Firefox extension

[UrKHeH]

I wonder why nobody mentioned the following Firefox extension: Temporary inbox (https://addons.mozilla.org/firefox/2650/). It allows to work with disposable emails in one mouse click from the toolbar (well, maybe, two: one for email generation and one for checking).

When I feel bored

[goldcd]

I just log into mailinator with random usernames - always fun to see what people signed up to without wanting to leave an email trail.

Alternative sites

An alternative to TMM (and a precursor to other disposable-address-and-delivering-to-your-mail) : http://www.spamgourmet.com/

For sites that block mailinator, you can try out a Swedish site (use with moderation, please): http://www.slaskpost.se/
(it's in Swedish, but you should be able to get by as it is quite similar to mailinator except for the captcha)

That's a great method

[Dion]

I've also used it with great luck on sourceforge.

I had a project up there that I really didn't want to let live (it was old, ugly and I was selling a competing version), but sourceforge doesn't remove projects, ever.

Well, the solution turned out to be to complain that the project wasn't open source (it had lots of files that didn't contain the GPL header, it they weren't technically covered by the GPL).

That project was gone in 30 minutes:)

Re: How did this make /.

[EddyPearson]

Hows did this make the "news" section?

Mailinator?
Dodgeit.com?
Mytrashmail.com?
Mailexpire.com?
Spamhole.com?

These are the ones i can think of off the top of my head. Why not write a nice article about DRM or "[Some Product] killer!"

Re:2Prong Mailinator 10 Minute Mail

[tjcrowder]

From 2Prong's main page (warning, don't click that):

By simply visiting this site the above address has already been saved to your clipboard.

Oh, thank you, thank you so much for mucking about with my clipboard without my permission.

I have one of these.

[crhylove]

I've had one of these since 1996. It's called Hotmail. I know /. submissions have gotten lax lately, but jesus, this is decades old news.

rhY

Re:This won't stop my mom from sending me e-postca

[ezzzD55J]

who mails you then, your enemies? or maybe the joke was too subtle for me ;)

Spamhole

[tsunamiiii]

Or you could use spamhole who came up with this idea years ago and not download anything and setup is only about 1 min rahter then 10.

Plus-Addressing

[sparkz]

I stumbled upon a site recently suggesting that plus-addressing is somehow a feature of GMail.

It is a feature of email, and although some web designers tell their forms not to accept "+" as part of an email address (doubtless due to a lack of ability to read the RFCs). It is not specific to GMail.

Re:Plus-Addressing

[@madeus]

I belive that as both + and - characters (also used for this sort of thing) are valid in the local part (as per RFC2822) they could equally be used to identify entirely seperate mailboxes, belonging to different users.

It's certainly not unique to GMail, but it seems valid to refer to it as a feature of GMail (as it's certainly not supported by all providers and to knowleage there is no overwhelming school of thought or indeed RFC that says mail servers ought to behave that way).

Personally I prefer the @username.domain.com approach, but YMMV.

whats so special

I have a domain name just for emails. I just create names on the fly and use the catchall. This way I find out whose sharing my address. for example, I have amazon@domain, cafepress@domain, slashdot@domain, etc. If I find one thats being used by spammers, all spam will be forwarded to the specific customer service email address for a few days before I delete the domain and auto delete all email to that address. Its solved alot of problems.

spammotel

I tink spammotel gives you a better service...
in 2 words, spammotel is a simple service that lets you create all the emails you want, and all these fake-email will be forwarded to your real-mailbox.
the fake-mail will look something like this: ABCDEFGHIJKL@spammotel.com for example... you register to a service with spammotel-email, then decide it is not what you were looking for, and you just delete your spammotel-email, so you don't leave any trace, and you don't have to worry of spam... when a mail gets spam, you delete it and create a new one... easy.
the only problem is that you can't send mail with the spammotel account... well, unless you configure a bit your mail client or send mailk with some "anonimous" service on the web, which permits to specify the sender...

TemporaryInbox

TemporaryInbox does the same thing, and comes with a Firefox extension to haste the matter.

First on Reddit, then Digg now...

[mogabog]

I swear first I see a story up on Reddit. Next day it is on Digg. Then like 3-4 days later it shows up on Slashdot.

Explains why I visit this site so much less now.

-A

Spamex does this

[tgeller]

Spamex has done this quite well for years.

Yahoo! Mail

[numbsafari]

Yahoo! Mail let's you do this.

I see people talking about gmail's similar solution. The difference is that with Yahoo! Mail the prefix MUST be different than your regular email address... which means that, unless they can tie both emails together through other means, they can't just strip away the suffix portion.

Unique Email Addresses are a good idea in general, but don't fool yourself in thinking that a web site operator can't tie you back to your IP or based on the physical address or other information you give them in order to know that you are using multiple email addresses that all point back to you.

Problem with dummy address?

[l0cust]

I am really not clear about the problem with having a spare address on Gmail/yahoo/whatever just for registration. Someone asked the same thing somewhere above and was told it would get out of control very fast. I have been using three dummy addresses (2 yahoo and one lycos) for all the stupid registrations, for 4 years now. Never had a problem with any of them. I can get back to them if I really need to read a mail (e.g if I forget the password to some forum account).

If you do not check the account for a long time (~3 months in yahoo and similar in lots of others) then they just suspend your account till you reactivate it (all your mails are deleted but then they were not important to begin with) Moreover, if you forgot a password to some forum/board, you can just get it to mail you at that same address after reactivation so the risk factor is zero. Most of the mail provider (except hotmail) use decent spam filters so the inbox is decently readable even when you have to hunt for some particular mail.

Someone said that people can sniff your surfing/purchasing habits if you use a single mail id on all of them. First of all, do you really provide real personal information when creating email addresses? Who cares if someone can gather all that info and tie it to a person who does not exists. Secondly, if you are really paranoid, why would you use a single mail address for surfing and purchasing contact addresses ?

Am I missing something obvious here or people are just excited about disposable addresses because they don't like registering different accounts on webmail providers? I did not even have to create a different dummy Gmail account when Gmail came on to the scene and I totally shifted to it for webmails, because the old three worked so well for me.

American shouldn't create webapps... :)

[Heddahenrik]

Nice that you actually can email nice letters like ÅÄÖ and (OK, Slashdot can't handle Russian characters? What is this? 1994?), but if you answer with stuff that isn't English letters, they become messed up.

So this is a good example of: USE UTF-8 DAMN IT! How hard can it be?

By the way: "10minutemail.com" is of course banned to use as an email-address on my sites now.

this should be reposted so others can see it again

10 minute email is the best thing I've seen in a long time. I've only used it a couple of times but I'm sold. I think a service like this is valuable enough to warrant a reasonable subscription fee. I was just poking around the site hoping to find a way to late them know what I think of their idea. I hope they see this on /.