Hotmail Launches Accounts You Can Throw Away

suraj.sun writes with this excerpt from CNET: "Today, Hotmail is getting a new feature aimed at 'e-mail enthusiasts,' which lets anyone create multiple e-mail accounts that can be read, replied to, and managed from their everyday e-mail inbox. These additional e-mail addresses can be had in the same manner as signing up for new accounts, but they require no extra log-ins or upkeep. ... The idea is to give users a safe way to provide third parties with an e-mail address, without giving up the address they've provided to family and friends, which, if compromised, can end the usefulness of that particular account. Each user will be able to create up to five aliases, any of which can be deleted and replaced with another at any time. Over time, Microsoft will increase that limit to 15 aliases per account, making it so that the true heavy users won't need to juggle between two or more Hotmail accounts."

Cool idea

[trollertron3000]

I've used it elsewhere but integrated into a client like hotmail is a good idea. Besides, I already use hotmail for my spam address. Now Google, steal this please.

Re:Cool idea

[Abstrackt]

While not exactly an implementation of a throwaway address, you can use plus sign addressing (subaddressing, i.e. name+slashdot@gmail.com) with Google. I use it for every site I sign up on so I can see who gives out my email address so I can filter everything from that alias into the trash.

Re:Cool idea

[Cinder6]

Gmail does have it, but you have to be using a custom domain to get the feature. I use it; it's nice. I'm not sure why it hasn't been integrated into the Gmail proper; usually, feature lag goes the other direction.

Re:Cool idea

[Manfre]

I've encountered several sites that do not allow a + in the email address, or come even remotely close to implementing the RFC.

This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx

Re:Cool idea

[Graff]

I've used it elsewhere but integrated into a client like hotmail is a good idea. Besides, I already use hotmail for my spam address. Now Google, steal this please.

Gmail already has had this feature for a long time. it's called plus-addressing. You take your e-mail address, put a plus sign at the end of it and then add a phrase. For example:

foobar@google.com
foobar+slashdot@google.com
foobar+amazon@google.com

All of these will get sent to foobar@google.com and you can create a filter on each term (eg: filter on +slashdot) to send them into their own mailbox.

Re:Cool idea

[shutdown+-p+now]

Unfortunately, it still exposes your primary address. Whereas it seems that the reasoning behind this Hotmail feature is primarily privacy.

Re:Cool idea

[shutdown+-p+now]

And as soon as I see your email in this format, I strip away the "+" part and have your original address which I can merrily spam.

Re:Cool idea

[Anonymusing]

There is actually a patent on something like this. AT&T developed it a long time ago, sat on it for a decade, then sold the patent to Zoemail (a now-defunct Internet startup) in the early 2000s, which then sold the patent to someone else. The advantage of the Zoemail/AT&T approach was that the "keyed" addresses would be created to each recipient you sent to, and they would know you by that keyed e-mail, but you could turn those off whenever you wanted. Or give them expiration dates. The keyed address would be listed in your address book with each recipient.

It was a beautiful concept, frankly, but could have been implemented better.

Re:Cool idea

[vux984]

All of these will get sent to foobar@google.com and you can create a filter on each term (eg: filter on +slashdot) to send them into their own mailbox.

Yes, I'm sure no one would ever think to actually strip out the +component out to get the real address, especially since its a documented feature.

The hotmail alias system is more useful, because the real address can't be harvested trivially from address you give out.

Re:Cool idea

[CreamyG31337]

or just add dots, your.email@gmail or yo.urem.ail@gmail.com goes to you , and i do this all the time when i sign up at questionable places. if they start spamming me, i can just set up a filter to 'skip inbox' and delete.

Re:Cool idea

[farnsworth]

This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx

This is the regex that Mail::RFC2822::Address uses, which seems to be the most comprehensive: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

I have no idea how that was authored...

In any case, probably the only 100% way to validate an email address is to accept any string and try to send an email with an "is-valid" link in it.

Re:Cool idea

Do you mean the catchall? If so, yeah I do it too and love it.

You get *@yourdomain forwarded to your inbox. Then you just make one rule in your filters. In the "has the words" box for filter creation, you put deliveredto:({[one],[two],[three],[four]})

One, two, three, and four being @yourdomain "accounts" that are abandoned due to spam. Just tell gmail to send those directly to the trash, which keeps your spambox empty.

It doesn't get any better than that. No need to create new email addresses, they all already exist. Just filter out the ones that start causing you trouble.

Re:Cool idea

I've done this for years and years on my personal email server. It's a great way to find out exactly which website "leaked" my email I told them to keep private.

Re:Cool idea

[Obfuscant]

Yes, I'm sure no one would ever think to actually strip out the +component out to get the real address, especially since its a documented feature.

And I'm sure that no one would ever think to use a +-form address as his main one and bit-bucket anything that doesn't have the + in it? Spam away at foo@example.com, my filter accepts email only to foo+something@example.com.

The hotmail alias system is more useful, because the real address can't be harvested trivially from address you give out.

I have no idea why this new hotmail thing is important, since I've never had any trouble creating throw-away hotmail addresses when I want them. They are so completely throw-away that I simply walk away from one when I no longer want it. I never see it again.

Re:Cool idea

[garcia]

I worked for a college and coded around those filters to get at the real address. I'm sure any intelligent marketer would too.

Re:Cool idea

[msauve]

There is actually a patent on something like this. AT&T developed it a long time ago, sat on it for a decade, then sold the patent to Zoemail (a now-defunct Internet startup) in the early 2000s, which then sold the patent to someone else.

Then, there's no patent on it, or won't be very soon. Patent terms from that period were 17 years. "Early 2000s" should mean 2004 or before, so that's at least 10+7 (minus some number of month?) = expired.

Re:Cool idea

[Patoski]

While not exactly an implementation of a throwaway address, you can use plus sign addressing (subaddressing, i.e. name+slashdot@gmail.com) with Google. I use it for every site I sign up on so I can see who gives out my email address so I can filter everything from that alias into the trash.

Additionally you can also place a period anywhere in the user portion of your email address and gmail will route it to your address.

For instance, if your email address is "bufordpusser@gmail.com", you can also give out "buford.pusser@gmail.com", "b.u.ford.pusser@gmail.com", etc. and all of them will route to your original address.

Re:Cool idea

[Graff]

And as soon as I see your email in this format, I strip away the "+" part and have your original address which I can merrily spam.

Spam away on it, the original, no "+" address is to a spam mailbox.

Only addresses with the "+" part go to actual mailboxes that I read. I never hand out the bare address to anyone.

Re:Cool idea

Too bad that is in TFA and debunked for both a) exposing your real address and b) not being universally supported at sites due to special characters

Re:Cool idea

[icebraining]

Many websites don't accept the plus in the email address field.

Personally, I used to use mailinator, now I have a catch-all in my domain.

Re:Cool idea

[shutdown+-p+now]

A neat trick for sure. But now your "real" address (i.e. the one you give out to actual people) has a plus in it, making it slightly less readable, and possibly confusing people (or badly written apps that they use to email you).

Re:Cool idea

[vux984]

And I'm sure that no one would ever think to use a +-form address as his main one

Oh I'm sure someone thought of it, and then promptly got frustrated at all the places it didn't work and/or got rejected.

(Also, have you looked at the hassles involved in sending from a gmail plus address...)

Re:Cool idea

[icebike]

Spam away on it, the original, no "+" address is to a spam mailbox.

Only addresses with the "+" part go to actual mailboxes that I read. I never hand out the bare address to anyone.

Spam on Gmail?
I get virtually NO spam on Gmail that is not automatically detected and routed to the spam box.
It is astoundingly accurate, and false positives are so vanishingly small I never bother to check the spam mailbox.

I don't need to reserve the root name for a spam catch.

Re:Cool idea

[Obfuscant]

Many websites don't accept the plus in the email address field.

At which point I determine if my dealing with that website is valuable enough TO ME to open up my unplussed address for the short period of time it takes to deal with whatever email they are sending, or valuable enough to them that a complaint about their defective website will get around that error (if you call customer service, many times they can bypass the web nazi).

Most of the stupid ones I deal with are demanding an email address so they an verify my registration, after which any email from them truly is spam and can be tossed without care. Those aren't worth the effort to complain, but sometimes are worth a few minutes of unfiltering.

Personally, I used to use mailinator, now I have a catch-all in my domain.

I got tired of the dictionary spam I got at the catch-all, which made it worse than simply giving out my real address.

Re:Cool idea

[Graff]

I didn't say it was perfect, just that GMail had a version of throwaway email for a while now!

If Hotmail one-ups Google then that's all the better for the users because that's how services get better, through competition.

Re:Cool idea

[chunkyasparagus]

or just add dots, your.email@gmail or yo.urem.ail@gmail.com goes to you , and i do this all the time when i sign up at questionable places. if they start spamming me, i can just set up a filter to 'skip inbox' and delete.

Unfortunately when spammers realise that this is possible, they can just strip the dots off any gmail address and be left with the correct address.

Re:Cool idea

[Magic5Ball]

Then would you say that you are nonplussed about this feature?

Re:Cool idea

[CreamyG31337]

true, but spammers aren't too smart. they *could* get real jobs and not go to jail, but that doesn't seem to happen...

Re:Cool idea

[Graff]

I get virtually NO spam on Gmail that is not automatically detected and routed to the spam box.

Oh sure, this is just overboard paranoia-type stuff. I only do this on my "commercial" e-mail account. I have a separate e-mail account that is for friends and family where I don't bother with any of these kinds of tricks.

Re:Cool idea

[snookiex]

I'm just curious, who have you discovered giving out your personal information? You can skip the porn sites.

Re:Cool idea

While still not 100% the same, Google has actually had this for a while. You can make variations of your email with the plus sign and then use filters to sort them.

For example, if your email was billy@gmail.com and you signed up for slashdot you could use billy+slashdot@gmail.com. If that email got out to others you would also know who shared your email address with spammers.

More info:
http://gmailblog.blogspot.com/2008/03/2-hidden-ways-to-get-more-from-your.html

Re:Cool idea

That's why you filter against the real address, and use a + variant as your primary. :-)

Re:Cool idea

[icebike]

Actually Plus Addressing seems intermittently broken on Gmail of late.

It seems if you access your Gmail from IMAP all bets are off with regard to the message actually ending up in any folder other than the inbox. Even message sent via gmail to gmail seem to fail the Plus Addressing for me.

Re:Cool idea

[catmistake]

bah... no mod points... loaning you my karma is all,
thx for posting

Re:Cool idea

A computer could easily detect and remove that, defeating the purpose. In fact, it could then turn around and send your email address on to third parties and you wouldn't be able to tell. Also, anyone could easily grief another company with it. It's nice, but not as good as the proposed solution for hotmail. Hopefully gmail implements it soon because I'm not switching back to hotmail.

Re:Cool idea

That's why I prefer inserting periods in my gmail address. Easy to filtyer on and some hosts require them.

Re:Cool idea

[1u3hr]

I'm just curious, who have you discovered giving out your personal information? You can skip the porn sites.

I use Sneakemail which gives me an unlimited number of alias emails. So I create one for every forum or site that requires an email confirmation. If I get spam, I know exactly who leaked it. I've actually had very few. spams though. Just started to get spam from opensubtitles.org, so I just deleted that address. I have very few porn sites that I register with, but but none of them have spammed me.

Re:Cool idea

(adjusts sunglasses)
YEEEEEEaaaaaaaaaaahhhhhhhhHH!!!!!!

Re:Cool idea

[jedwidz]

Thanks for that tip, I'd been using unique '+'-addresses when dishing out email addresses, but bad email address validation comes up all too frequently.

A couple of things to add here:

• Gmail can filter based on where all the periods are (I checked)
• Leading, trailing and consecutive periods may be problematic, best to avoid (gmail accepts these fine, but Exchange for one may refuse to send)
• '+'-addresses work fine in conjunction with periods (not that you'd need to use them together)
• Best to have at least one period in your 'real' email address, so that spammers can't guess it by simply stripping periods

Re:Cool idea

[timeOday]

To make it work, you have to give a different email address to every website, every friend, every family member, so you could cut any of them off individually.

I used separate throw-away (though functional) addresses for each website, but a single "real" one for all friends and family. Eventually, a friend's hotmail account was compromised, his address list scanned, and my "real" address was open to spam forevermore.

Re:Cool idea

No problem. I am the person you are replying to, and oddly enough have mod points myself, but can't mod myself up even though it was posted anonymously. I'll mod you up as a thank you for reading low enough to see AC posts and responding to them!

Re:Cool idea

[akeeneye]

Damn cool, I didn't know this, thanks. It's not enough to compel me to give up spamgourmet or e4ward.com but it's something new to add to the arsenal.

Re:Cool idea

[catmistake]

Ha! I do that all the time (post AC, then mod parent up... doesn't work if you mod before you post).
;-)

Re:Cool idea

[Imrik]

And any emails received without dots go directly to the trash.

Re:Cool idea

[Graff]

I used separate throw-away (though functional) addresses for each website, but a single "real" one for all friends and family. Eventually, a friend's hotmail account was compromised, his address list scanned, and my "real" address was open to spam forevermore.

Yeah, you basically need to choose a balance between complete security and ease-of-use. I generally create categories of addresses and take the risk that one of the categories might get compromised. If that happens then I deal with it as best as possible by creating a new address for that category or just living with spam filtering on the old one.

Re:Cool idea

I've noticed my Funcom (Anarchy Online, Age of Conan) only email address getting Blizzard phishing spam. Also, many marketers will not give up an email address, even if you try to unsubscribe.

Re:Cool idea

[mysidia]

Google already has something like this.

username+TAG@gmail.com

You can even set e-mail filtering rules to attach different labels based on what TAG the message was sent to, or discard messages if a suitable TAG is not present.

Re:Cool idea

[mysidia]

I've encountered several sites that do not allow a + in the email address, or come even remotely close to implementing the RFC.

Those (several) sites then are clearly broken; clear violation of the robustness principal as well.

Basically, (anything)@example.com

Is valid; providing the contents of (Anything) are recognized by (example.com) SMTP servers.

There may be some quoting of special characters such as spaces required in (anything), required when using the e-mail address over SMTP; however, the web server's SMTP client should take care of adding any quoting special characters required for SMTP protocol, if the user did not provide it.

Re:Cool idea

[mysidia]

Unfortunately, it still exposes your primary address. Whereas it seems that the reasoning behind this Hotmail feature is primarily privacy.

So make the primary address a quick trip to /dev/null or a rarely read junk folder

Only set mail filtering rules to accept messages sent to +addresses you want

Re:Cool idea

[mysidia]

Many websites don't accept the plus in the email address field.

Phone / e-mail the webmaster to complain about that.

Special characters in the user portion of e-mail addresses are perfectly valid. Websites have no business deciding what usernames are acceptable, only your e-mail provider does.

Re:Cool idea

[shutdown+-p+now]

I don't want an email address with "+".

Re:Cool idea

[kiddygrinder]

i believe you can use a hash in your gmail to categorise the email, ie you can sign up to something with say ign#myemail@gmail.com and if it ever gets spammy just move email from that address to the bin

Re:Cool idea

[sxeraverx]

Except spammers are too lazy to implement this (for now). Any email address can be found and spammed, unless it's completely unused. The only way to prevent spam is to exploit spammers' laziness. As long as the majority of email addresses they buy don't use the '+' exploit, they won't notice, and even if they do, it will be cost-ineffective for them to strip out the '+' addresses.

This is not a method to safeguard your privacy. It's a method to reduce your spam.

Re:Cool idea

[im_thatoneguy]

Wait... do you mean my email address, which has a dot in it, is technically dot free?

Re:Cool idea

[Plasmoid2000ad]

Because no one tries to spam Domains with emails by just guessing at common local parts to the email address.

Re:Cool idea

i believe you can use a hash in your gmail to categorise the email, ie you can sign up to something with say ign#myemail@gmail.com and if it ever gets spammy just move email from that address to the bin

There are some differences. One is that with the GMail solution you do always reveal your real email adress that the alias is linked to, with the Hotmail solution you don't. And with the GMail solution you'll keep having to run rules to deal with them after use, instead of having them completely disappear. I actually think Hotmail have the better solution here (and hell freeze over and all that).

Re:Cool idea

[mcvos]

I've encountered several sites that do not allow a + in the email address, or come even remotely close to implementing the RFC.

Those (several) sites then are clearly broken; clear violation of the robustness principal as well.

They are, but it's still dreadfully common. Same with passwords. My bank (of all things!) doesn't accept non-alphanumeric characters in passwords. It's completely retarded and makes me wonder whether they might be completely incompetent when it comes to preventing SQL-injection. Or any kind of security, for that matter. And for banks, that's kind of serious.

Re:Cool idea

I've used it elsewhere but integrated into a client like hotmail is a good idea. Besides, I already use hotmail for my spam address. Now Google, steal this please.

Gmail already has had this feature for a long time. it's called plus-addressing. You take your e-mail address, put a plus sign at the end of it and then add a phrase. For example:

foobar@google.com foobar+slashdot@google.com foobar+amazon@google.com

All of these will get sent to foobar@google.com and you can create a filter on each term (eg: filter on +slashdot) to send them into their own mailbox.

This is not the same at all. You still reveal your real email adress, while Hotmail give you a completely separate and anonymous alias. And you will keep getting the Google mail, even though you can filter it, while on Hotmail it will completely stop when you disable the alias. Much better solution.

Re:Cool idea

So when your receive e-mails addressed to name+266ec7188@gmail.com, where the plus-value is randomised by the spam engine for each campaign, how do you adapt?

Re:Cool idea

Thanks for posting my email address you insensitive clod.

Re:Cool idea

[Zaiff+Urgulbunger]

This is useful, although as another post notes, there are a few sites that don't accept that as a valid address... including the UK Government Gateway!

Re:Cool idea

[maxwell+demon]

It's really something I've got for years. Apart from the main email address, I can easily set up a quite large number of others (with different domain parts, even!) and delete those again if I don't want or don't need it any more. And all get into the same inbox (and filter rules allow them to be sorted into separate folders). I currently have three mail addresses, with two different domain parts.

Re:Cool idea

[maxwell+demon]

Oops, I just noted my post can be misunderstood. I don't have my mail account at hotmail, obviously, but at another provider (web.de).

Re:Cool idea

[initialE]

So what is to stop spammers from automatically removing the period from email addresses?

Re:Cool idea

I'm totally with you guys! No spammer is ever going to figure that one out!!!11!!

Seriously, that may have worked 5 years ago, but that is pretty much useless right now...

Re:Cool idea

Don't forget about:

n.ame@gmail.com, n.a.me@gmail.com, n.a.m.e@gmail.com,n..a.m.e@gmail.com, etc..

But, yeah, still not the same feature.

Re:Cool idea

[Builder]

Vmware definitely give out addresses.

Re:Cool idea

[Builder]

Good luck getting hold of someone at Microsoft who cares (their xbox side of things refuses +). TomTom _used_ to accept + accounts, then changed it and now accounts with purchases attached can't login until they get TomTom to manually verify them and change them to a new mail address. My O2 (cellular provider) bill goes to o2.are.dumbshits @ a domain because they also stopped refusing +.

You have _no chance_ of getting someone like that change and it's not really worth the effort.

Re:Cool idea

[garcia]

Periods are meaningless for GMail accounts--just like the +. So I'm not sure what your point is?

Re:Cool idea

[MyDixieWrecked]

apple's mobileme has had this since at least 2003. It was the one feature (but not the only reason) that has kept me from migrating my email over to gmail or other provider. They have an email aliasing feature which allows you to not only create new aliases for your main account, but you can choose what address is in the reply-to field in Mail.app or through the web app.

This has been great since I signed up for MobileMe (then, .Mac) in 2000 when I was 19 and used spike666 as my moniker, and was able to use a more professional name when the time came without needing to create a separate account.

I really wish gmail would add that. There's no way to change my google account's login (according to their faq) and I'm not about to get a new account and lose my entire search history and everything else that's tied to that account.

I would use an email address on one of my domains, but after having the same email address for 11 years, it's kinda hard to switch.

Re:Cool idea

This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx

This is the regex that Mail::RFC2822::Address uses, which seems to be the most comprehensive: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

I have no idea how that was authored...

In any case, probably the only 100% way to validate an email address is to accept any string and try to send an email with an "is-valid" link in it.

astonishing. That is the worst mess of a regexp I have seen in years :) Email addresses are surprisingly hard to validate. I know as I have tried it before (not using regexps)

Re:Cool idea

[trollertron3000]

Thanks for the heads up mate! (I was the original poster all the way at the top mods)

Re:Cool idea

Thats true, but careful! Putting dots in the name can fuck up your gmail forwarding.

For example if you signed up for firstnamelastname@gmail.com, and setup forwarding to your personal nickname happyfeet@gmail.com... Now lets say you started giving out your mail address as firstname.lastname@gmail.com, those emails sent to the account with the dot wouldn't get forwarded to your happyfeet account.

Its just some weird bug in the way gmail handles forwarding. I don't know if the + magic would have a similar effect, I suspect it would.

Re:Cool idea

[Rary]

Sweet merciful crap. That looks like Brainfuck to me.

I like the comment: "Implementing validation with regular expressions somewhat pushes the limits of what it is sensible to do with regular expressions, although Perl copes well".

Re:Cool idea

[Rary]

Wait... do you mean my email address, which has a dot in it, is technically dot free?

It seems the answer is "yes". I did not know that, but I just tested it out. I have a "firstname.lastname@gmail.com" account, so I sent an email to "firstnamelastname@gmail.com", and it arrived as expected.

I learn something new every time I visit Slashdot.

Re:Cool idea

[mysidia]

They are, but it's still dreadfully common. Same with passwords. My bank (of all things!) doesn't accept non-alphanumeric characters in passwords. It's completely retarded and makes me wonder whether they might be completely incompetent when it comes to preventing SQL-injection. Or any kind of security, for that matter. And for banks, that's kind of serious.

I am suddenly reminded of websites that refuse to accept arbitrary octet sequences like "INSERT" "SELECT" "UPDATE" "DELETE" "DROP" "GRANT" "ALTER" "CREATE" "TRUNCATE" "EXEC" "CLUSTER" "VACUUM" "DECLARE" "SET" "--" "/*" "@@" "CURSOR" "FETCH" "BEGIN" "END" "KILL" "OPEN" "TABLE"

As any part of an e-mail address, password, or other profile information.

And think that is the best way to prevent SQL injection.... .... really??

Sites that do it right are sites like Slashdot. No restriction against using those words in a comment (obviously)

Re:Cool idea

[Splab]

As far as I remember, proper validation of email isn't possible in regex. That being said, why do people insist on checking the address is valid? Just check there's exactly one (1) @ and fire the mail at that address with a validation link (as a sibling suggested).

Re:Cool idea

[snookiex]

From the VMW site:

How does VMware use personal information?
VMware will use personal information to provide customers and business partners with information and services and to help us better understand your needs and interests. Specifically, we use your information to help you complete a transaction or order, to communicate with you, to deliver products/services to you, to bill you for products/services you purchased, and to provide ongoing service and support. Occasionally we may use your information to contact you to complete surveys that we use for marketing and quality assurance purposes.

In short: They do it for your own good

Re:Cool idea

[Shompol]

It's funny, but I also use Hotmail for "commercial" emails, because it is notoriously bad at filtering spam, so I keep it as a potential throw-away account. Google did come up with temporary email aliases, but only for stuff bought on Google Shopping. Well, guess it's back to Hotmail for all my shopping needs.

Re:Cool idea

While not exactly an implementation of a throwaway address, you can use plus sign addressing (subaddressing, i.e. name+slashdot@gmail.com) with Google. I use it for every site I sign up on so I can see who gives out my email address so I can filter everything from that alias into the trash.

That's why in thesoftware that builds the email database for external distribution/sale, I strip off anything after and including the plus sign for gmail addresses. My customers only need the base name for gmail to get messages through.

Re:Cool idea

Hotmail supports plus addressing too. In both its Hotmail and Gmail incarnation it's more flexible than this (no limits on the number of email IDs you can have) but it also doesn't work as well (most frequently I see the + isn't accepted by sites as part of a valid email address, and as some have said already it's an obvious thing to strip off if one does intend to spam.)

Re:Cool idea

[asdfghjklqwertyuiop]

Just check there's exactly one (1) @

Case in point, that's wrong. The following is a valid email address (from TFA): "Abc\@def"@example.com

Re:Cool idea

[asdfghjklqwertyuiop]

Magical snake-oil powered application layer firewalls often do that.

Re:Cool idea

[Richy_T]

There's very little point validating an email address anyway. What are you trying to do? There's no way to check that the user is using a *real* email address (Though you can exclude some of the temporary domains if you wish) unless you actually send a validation link and if you're trying to protect the user against typos, they're just as likely to typo a valid address anyway.

Personally, I usually just check that there's something@something.something and call it done (somethings can include @s and .s).

Re:Cool idea

[Joce640k]

If I was a spammer I'd already be trimming any gmail address with a '+' in it.

Re:Cool idea

[eedwardsjr]

GREAT SCOTT!!! I did not know that. You are a freaking genius. I will be moving that dot around a bit more now. :)

Re:Cool idea

[asdfghjklqwertyuiop]

There's very little point validating an email address anyway. What are you trying to do?

Prevent SMTP header injection, possibly: user@example.com\nX-Some-Header: blah or injection in the message body (user@example.com\n\nBlah).

Personally, I usually just check that there's something@something.something and call it done (somethings can include @s and .s).

Also technically wrong. The right hand side doesn't necessarily need to contain a dot (for example, root@localhost).

Re:Cool idea

Hotmail already has + addressing too. The alias feature is in addition, and like others have mentioned actually hides your original address. From the official Hotmail announcement (http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/02/03/hotmail-delivers-aliases-to-help-you-manage-and-secure-your-email-account.aspx#comments):

"Hotmail (and many other email services) already allow you to just add a plus sign (‘+’) and a descriptive word to the first part of your email address...However, with the plus addresses that many services offer, it’s still very easy to determine your actual email address and there are times when you simply don’t want to give out any part of your real email address – that’s where our new alias feature helps you out. Email aliases let you create completely different email addresses that you can use to receive email into your primary account without anyone knowing what your primary email address is."

Re:Cool idea

[mysidia]

Good luck getting hold of someone at Microsoft who cares (their xbox side of things refuses +).

So they accept hotmail generated addresses but refuse other providers' + e-mail addresses?

Sounds like an anti-competitive practice... perhaps the FTC would get involved.

I don't trust the spammers at M$ with my real e-mail address anyways. I use spamgourmet.com to generate throwaway e-mail addresses, which have a benefit of automatic expiration.

Re:Cool idea

This is a feature in Cocoon - with unlimited disposable email addresses, they are easy to create while you browse and are managed outside of your regular email. Full disclosure, I work for them so am more than a bit biased, but I do think the product in general is worth checking out. Cocoon is a proxy add-on for Firefox that hides your identity and has a bunch of other features. It's free to try it out and no credit card is needed to signup. We're a small start-up and value any feedback you have.
www.getCocoon.com Thanks, Kris

 

Re:Cool idea

[Patoski]

Nothing but you could use an email address with periods 'buford.pusser@gmail.com' and send everything without periods 'bufordpusser@gmail.com' to spam. Or if you've already started using the address without periods you can flag certain senders as safe and then filter the rest to spam (while starting to give out your 'new' email address with periods).

Re:Cool idea

[Builder]

Who would have thought that some of their business partners sell viagra though...

Re:Cool idea

[Richy_T]

Header injection is an interesting possibility. You don't really need to do a low-level validation for that though.

The @localhost may be a legal email address but it's never been a valid one for any application I've ever written.

I guess...

[msauve]

this is the first time I've seen a Microsoft focused article after the /. redesign. Bill as Borg doesn't seem right - he's not even in charge any more. Where's Ballmer with a chair (and not sitting on it)?

Re:I guess...

[catmistake]

Also in Microsoft's court, Exchange has no true equal and Active-Directory still rules, and, by reverse proxy I guess, the Bill and Melinda Gates Foundation is amazing. On the otherhand, their flagship OS is still a rotting, broken piece of shit and a security nightmare, and their rabid fanbois equal mac zealots in the uninformed denial of this. (Sure... any OS can be broken or insecure... it's just infinitely easier with Windows.)

Re:I guess...

[kidcharles]

I'm with you on this. Maybe it should just be a flying chair with an implied Ballmer just out of frame.

Let's say it right away!

[DWMorse]

What could possibly go wrong!!

Here.

[MrEricSir]

http://mail.google.com/support/bin/answer.py?hl=en&answer=69570

Re:Here.

Interesting but not quite the same thing. If an account gets really jacked up then you would have to make another gmail account, remove the old one, then add the new one. Kind of a pain in the ass.

With the Hotmail feature you simply delete the old one and make a new one right there. It's much more straightforward and quick.

Re:Here.

[TheLink]

These throwaway hotmail accounts are too little too late for me.

I get so much spam on my hotmail account that it's kind of my throwaway account already. Nowadays I only bother to check it once every few months :).

In contrast my yahoo and gmail accounts don't get even the same magnitude of spam passing the spam filters.

Re:Here.

I have a DynDns subdomain (free) for which I registered a Google Labs account (free) and set up Gmail (free). I get up to 50 Gmail accounts @ my DynDns subdomain. Adding or removing them is easy, and with multiple sign-in, switching between them is easy. Plus I can set them to forward messages to my main e-mail address.

Re:Here.

[nickalh]

Hmmmm, yahoo has had this capability for maybe a decade. For $20 a year, I get up to 500 email addresses. http://antispam.yahoo.com/addressguardtour

Re:Here.

How do I get slashdot to respect line breaks, enter key, return key in a post?

Re:Here.

[lul_wat]

HTML line break

Re:Here.

not even close - gmail's (and google's) multiple account handling is horrific currently - especially because the login's work across all of google's sites (particularly youtube etc) and from a web / content developer standpoint it's a nightmare trying to manage multiple accounts because 'some' of google's sites support multiple accounts, and some don't.

Why is this a problem?

I am a web developer that works on sites for clients that have their own google analytics accounts, youtube accounts etc.

1) I'm in my gmail account looking at the latest info (a video to post for example) that they have sent around.
2) I pop open youtube to post the video
3) i click 'sign in' on youtube, which automatically logs me in with my gmail account
4) 'log out' from youtube
5) log in again, this time using proper client's youtube account details
6) go back to gmail beecause I forgot what title or description they want me to add to the video
7) gmail has a complete fit, barfs out completely and in a not-very-glamorous fashion

This can't even be worked around by using multiple browsers - google sessions are persistent across browsers somehow - i've tried using chrome / firefox in combination to do the above, etc - but google will not allow me to log into multiple accounts at once from the same machine, period.

It's extremely frustrating and annoying.

Re:Here.

[Z00L00K]

Wouldn't this be great for spammers too that needs to provide a verification email account?

I'm just waiting for sites that sets up rule that verification can't be done through hotmail and that that you need to provide another email account.

Those huge sites like hotmail and gmail are great catch-alls for spammers too.

Re:Here.

[kiddygrinder]

i believe stuff going to something#youremail@gmail.com will still get to you, so if you make up your own addresses for each site you can move all emails from that address to the bin if it gets spammy.

Re:Here.

[YoshiDan]

You don't. The idiot slashdot developers expect everybody to know html....

Re:Here.

[rtfa-troll]

Much better is spamgourmet. There are several things which are key and are missing from the hotmail implementation.

1. there is no master address; every address has a code.
2. addresses are unilmited. This means you can use a separate email address for every correspondent. This means you can work out exactly which correspondent gave away your email address
3. addresses last by default for 20 mails; enough for a simple correspondence, but not enough to fill your mailbox before you realise and delete the address
4. you can have per-address permitted senders with no limit.

I guess the hotmail implementation is an advance, I'm sure it's a bit better integrated than spamgourmet, which is a volunteer service, but without the features mentioned above I don't think most people will find the hotmail implementation will give the benefit needed for the extra effort required. You will end up with several commercial correspondents on your main mailbox and you will never know which one it was that sold or leaked your email address to the spammers so you won't be able to do anything about it?

Re:Here.

gmail allow you to create spam address

my.em.a.i.l@gmail.com

or even

myemail+spam@gmail.com

I find this more helpful, personally. Though, generally, I don't use my real email to sign up to things.

Re:Here.

[georgesdev]

Google has had the feature, even if not totally dummy-friendly, for a long time. Also, what is really important is the spam filter. And there, Google rules.

Re:Here.

[mcvos]

With the Hotmail feature you simply delete the old one and make a new one right there. It's much more straightforward and quick.

It is, but my email provider (xs4all.nl) has had that feature since forever. At least 10 years, I think. I have a simple list of all my email aliases, and can add and delete them as I like. It's still not anything new.

Re:Here.

[MartinJW]

I like 10minutemail.com. No signing up, no management - nothing. Just visit the site and immediately get a temporary email address that lasts ten minutes.

Re:Here.

[blackest_k]

I forward my hotmail account to my gmail account thus taking advantage of googles spam filters.
I guess I could use bing for search too ...

Re:Here.

[h4rm0ny]

These throwaway hotmail accounts are too little too late for me. I get so much spam on my hotmail account that it's kind of my throwaway account already. Nowadays I only bother to check it once every few months :). In contrast my yahoo and gmail accounts don't get even the same magnitude of spam passing the spam filters.

Is this a fair comparison? You say you've had the hotmail account longer than the Yahoo and Gmail accounts, which means it is more likely to have made its way onto spam lists. Also, do you use them for different purposes? For example, I have one that I use primarily for forums and Slashdot and it gets hit far, far more than others that I have had for a similar length of time.

Re:Here.

[Lazareth]

There are already much better sites for those kind of purposes. A quick search on "throwaway email" on google gives you a lot of better solutions, all quicker to "set up" since most doesn't even require setting up. Heck, if you have a static IP or, more importantly, access to one, you can temporarily set up an email server and use that.

Re:Here.

[TheLink]

You say you've had the hotmail account longer than the Yahoo and Gmail accounts

Where did I say that?

FWIW, none of those email accounts are my primary email account either. My primary has tons of spam, but since my spam filters are tolerable (not great) I'm sticking to it.

Re:Here.

[maxwell+demon]

Options -> Comment post mode: Plain Old Text.
Contrary to what its name suggests, it actually interprets the supported html tags, but it keeps line breaks.

Re:Here.

[h4rm0ny]

Where did I say that?

I inferred it from you saying that nowadays you just use Gmail and Yahoo, which I took to mean you had left your Hotmail account behind and adopted these ones in its place. Was I incorrect? When did you start using the different accounts and what different purposes do they serve. For example, my old one that I use on multiple forums gets lots of spam. Newer ones that I've been more careful with, even on the same service, get far less spam. I'm therefore wary of drawing conclusions based on comparing different email addresses registered at different times and used for different services.

Re:Here.

[vgerclover]

Just to let people looking into this, it's Google Apps. I'd recommend you have a registered domain before you begin.

Re:Here.

[turtledawn]

How do you do this? I've looked several times and haven't found a way to do so.

Re:Here.

[sglewis100]

Google supports aliases on the fly... see reference. I use it all the time, and once I'm done with one, or start getting spam on one, I create a filter for that alias to go right to my spam folder.

Re:Here.

[Captain+Hook]

The problem with the gmail approach is that your real address is still part of the address, it's not hard for spammers to take that address and strip +whatever off the username section of the email address.

Even worse, although + is a legal character in email address, a hell of a lot of sites and services don't accept it. For example, I don't think facebook allows email addresses with a + character in the name section.

Googles multiple email address into a single account approach is more of a tracking system than an antispam system, i.e. you could create an email such as myemail+dodgycarinsurancequote@gmail.com, if you get spam to that account and Dodgy Car Insurance Company was the only one you gave that address to, you know the source of email leak and can avoid using them again, but your email has already passed on to the spammer.

Re:Here.

[Rary]

That's not an alias, as the link you provided specifically says "Gmail doesn't offer traditional aliases". It is a handy feature, but it's not an alias. For one thing, you can't "throw it away", although you can filter it out. Additionally, although it's useful for automated systems, if you give the email address out to a real person, that person then knows your real email address as well.

Aliases are entirely different, and would be a welcome enhancement to Gmail.

Re:Here.

[sglewis100]

Filtering it out is as good as throwing it away, if it's not my bandwidth being used for the filter. If it's for controlling spam, it works just fine. If you need vanity aliases, GoogleApps is free for up to 50 accounts. Domain name registration required, but that's about as close to free as they come these days.

Re:Here.

[Rary]

Like I said, it is a handy feature (and I do use it, myself), but simply adding alias functionality would be trivial to implement, and would add much value.

I wouldn't at all be surprised if spammers start stripping the "+..." from harvested email addresses. Actually, I'd be quite surprised if none of them have done this already.

Re:Here.

[omglolbah]

I have a domain that forwards *@example.com to my gmail address.

I sign up using the site name as the account-name whenever I have to provide one.

When spam arrives from an email in annoying quantities I add a specific rule to send that email address into a dead account.

Re:Here.

[blackest_k]

the main problem is you need a new gmail account to be allowed to import from hotmail but you can get round this by dumping to an intermediate gmail account. And just set a forward to the one you really want to use.

I have a number of email accounts which i label in gmail so i know where it came from. The only thing i get stuck with is friends with compromised accounts which send porn and viagra links

Another useful thing i found is you can sync contacts from winmobile / outlook to a gmail account.
very handy if you move to android.

facebook contacts can be exported via yahoo to gmail too.

Re:Here.

[rtfa-troll]

I think that's much closer to the hotmail idea; you have an email address but you can only use it for a limited time (in hotmail's case that's because it starts filling with spam). It's obviously more convenient if it auto expires like 10minutemail. However, the spamgourmet idea is much cleverer and you might try it. Instead of having to have an email address which expires you can keep a per-service email address. Now you can stay in touch with a service as long as you like. Maybe one mail, maybe several. You can also delete the mail address wherever you want. You can also do functions almost identical to 10minute mail; in Spamgourmet's case you can just limit the maximum number of mails to one - it isn't even valid for nine more minutes than needed; After that all mails go automatically in the bin. The best thing about this is that you don't even have to go to the page to register the email address. You can encode the limitation straight into the email address you give the service you are signing up for. They even have a neat moto: "The Molotov Cocktail for the war on spam"

Re:Here.

[metamatic]

The benefit of hotmail doing it is that web sites won't be able to block *@hotmail.com the way they block *@spamgourmet.com.

Re:Here.

are you THAT lazy...seriously

Re:Here.

[Pigskin-Referee]

These throwaway hotmail accounts are too little too late for me.
I get so much spam on my hotmail account that it's kind of my throwaway account already. Nowadays I only bother to check it once every few months :).
In contrast my yahoo and gmail accounts don't get even the same magnitude of spam passing the spam filters.

Interesting. I receive a lot of SPAM on my Hotmail account. In fact, I receive loads of SPAM on nearly every e-mail account I have regardless of who is hosting it. I do find that over 95% of all the SPAM I receive on Hotmail is in the JUNK folder. I question whether you have properly configured your SPAM filters, etc on Hotmail. Once properly configured and with a little help on your part to properly categorized received messages, the Hotmail filters are surprisingly effective.

Hrmmm

[WiglyWorm]

Isn't that what people do with their hotmail account anyway? Throw it away?

Re:Hrmmm

Isn't that what people do with their hotmail account anyway? Throw it away?

In other news, AC posts drop dramatically on Slashdot and the user name and numbers blows past 10 million in 2011.

Yours,

Soon to be Anonymous Coward 0000000000000000001.

Re:Hrmmm

[free-poker-cash]

funnily enough i've always had the same hotmail account. 10 years now haha. I've only had that and work addresses.

Re:Hrmmm

[somersault]

True. I use Gmail as my main account now, and any place that I think might pass my details to spammers gets the Hotmail address.

Re:Hrmmm

[somersault]

By the looks of your username and home page, you have many, many work addresses, and you probably need to discard identities regularly to avoid being arrested.

Re:Hrmmm

[Inda]

A non-geek mate recently bought his first netbook. Obviously I had to set it up, free of charge, even though I paid him to lay carpets weeks earlier...

He told me he already had email; had a Hotmail account for years and wouldn't let me get him a gmail account.

After I was done, I sent myself an email so I'd have him email address, as you do.

6 hours later his email landed in my inbox. And people still use Hotmail?

Re:Hrmmm

[DrVxD]

Soon to be Anonymous Coward 0000000000000000001.

Bad call - I'd have picked Anonymous Coward 007.

Great Idea.

I hope Gmail implements something like this. I already have 3 gmail accounts as it is. Personal, Business, Spam.

I only check the spam one when I'm expecting something.

Re:Great Idea.

[hawguy]

Gmail has something that's arguably better -- you can use a plus sign to append any string you like to your address, so you can have "myname@gmail.com' as your main account and give "myname+family@gmail.com" to your family. And when you sign up for a Hormel mailling list, you can use "myname+hormel@gmail.com" so you know when you're getting spammed by Hormel.

Re:Great Idea.

[_merlin]

How's that better? A machine can easily strip the part after the plus sign.

Re:Great Idea.

[hawguy]

It's better because you set "myname+family@gmail.com" to always bypass spam filters (and maybe apply a colorful tag to make it more noticeable.

Then you can treat "myname@gmail.com" as spam since you never give that address to anyone you care about.

So the machine can strip mynam+hormel@gmail.com down to myname@gmail.com, but you don't care since your family sends email to myname+family@gmail.com and your friends sent email to myname+friends@gmail.com.

Re:Great Idea.

[DrVxD]

The + thing is handy when you're giving an email address to someone trustworthy - but it's no protection from spam. You shouldn't be surprised that spammers will happily strip the "+whatever" from gmail addresses that they acquire.

Yopmail and Safe Mail are better?

Is Yopmail's system better?

Yopmail has no scripting, cookie requirements, can Hotmail offer the same? Disposable, but didn't notice any SSL.

What of Safe Mail?

Safe-Mail.net has no scripting, cookie requirements and offers free SSL through complete sessions. Keep your account there or delete it when you're done.

You thought it was hard to name an account before

Now we're going to be emailing grandmacatherineandgrandpajohn1320924delta@hotmail.com

Own domain

[Dan+East]

I've been doing a similar thing with my own domain / webserver for the last decade. I'll make up email addresses right on the spot, usually like "slashdot.org@mydomain.com" or "sprint@mydomain.com", etc. I have a catch all account that receives all emails to non-existent accounts, and I can split any of the addresses off into an actual account whenever needed (or disable it if it becomes inundated with spam). That was always one of the big perks of owning your own domain.

Re:Own domain

[no+known+priors]

I do this too, and have done for, ooh, about a yeah and a half? The only trouble is that you can also get spam sent to addresses which are randomly generated (happens to me about once every couple of months). When I first signed up to my domain and set it up, I got spam to gabriell@domain which was weird (the domain info is the domain registry's anonymous thing, and my name isn't anything like Gabriell).
And actually, I have a couple of domains, one which I have a catch-all address on, which I only use for email. It has nothing on the website (just a "fuck off, there's nothing here"), so that people can't easily find my real email address from that.

The only trouble I have is wanting to reply to people with the address that they email. I use Evolution, and I can't find a way to make it automatically insert the "to" address in the "From" field for the reply email. Ummm...

Re:Own domain

[dch24]

You can configure your SMTP server to reject the email when it is an unknown address -- reject it before closing the connection so there is no chance for a "backscatter attack."

Spammers quickly stop using addresses that either:
1. Hang for a while before responding with a failure and closing the connection -- but that opens you to a huge DDoS problem.
2. Reject and quickly close the connection. No DDoS problem, and the spammer got nothing for the (admittedly miniscule) effort they expended to hit up your server. It's not like they got a 1-in-a-million chance that the email address is legit, because the server doesn't complain on invalid addresses. Nope -- they got a definite rejection right away.

For valid addresses, you can even put in a filter to reject obvious spam, e.g. if it fails DKIM or SPF checks, spamassassin, whatever. Since there are a lot fewer valid addresses, go ahead and put some resources into examining the message right away, before closing the connection.

Be aware that large messages may cause a problem -- but it costs the spammer a lot to send thousands of large messages, so that's really only a DDoS attack vector. I have a size protection line that can kick in before the DKIM/SPF/spamassassin check, but I leave it commented out and have monitoring scripts to alert me if I get hit with an attack. I can quickly respond, enable the size limit, and thus cut off the DDoS.

Too complicated for your average setup? Yes, definitely. But that means it won't become so common spammers really devote themselves to breaking in.

Re:Own domain

[SydShamino]

Yup, I do exactly this for about the same length of time. The only difficulty is when I have to give an address to someone verbally, and they think I'm giving them a fake one since it's yourcompany@mydomain.com. I usually get around this by giving those people randomthreedigits@mydomain.com or similar. As it happens I've only ever lost one address this way to spam, but it was obvious right away who sold my address.

Re:Own domain

Catch-all address handling is a bad idea. Much like open mail relays, once the spammers find it you will get a hundred times more spam than normal.

I currently have a domain that had a catch-all for a while and even now, two years after disabling the catch-all it still gets several thousand spam a day to non-existent addresses. This versus my other domains which get a tiny fraction of that. The catch-all was an extraordinarily bad idea.

Re:Own domain

[no+known+priors]

Not only too complicated, also irrelevant. As I am using a catch-all, there are no "unknown" addresses. When filling out forms that ask me for my address, I'll make up something on the spot @mydomain.

Re:Own domain

All my Hotmail accounts are "throw-away". In an average week, I generate 5 or 10 Hotmail accounts for single use.

Re:Own domain

[sstamps]

Yep.. been doing this for a long time now. It actually made my email use enjoyable again. I simply don't get spammed anymore. If I start seeing spam come in on an address, I "cycle" it and give the person/company it was assigned to a warning. If they do it again, I don't give them another address.

Re:Own domain

[sstamps]

I don't think he means domain default addressing. i.e. @hisdomain.com is not accepted. Only accounts he has created and given out will work.

What I think he means (at least the way I do it) is that all the myriad individually-assigned email addresses he's given out all have a common "catch-all" inbox.

Re:Own domain

[sstamps]

That should read <anything>@hisdomain.com. Silly /.

Re:Own domain

[tlhIngan]

Yeah, I seem to get a bunch of random addresses as well - the best one yet was a bunch of russian-sounding usernames with russian emails.

The oddest ones I've gotten are emails with letters truncated off - that I don't know. E.g., I used to have afpcclog @ mydomain, and I started getting emails of fpcclog, with the missing 'a'.

Quite wierd, really.

Re:Own domain

Strange, I have a true catchall running (everything gets redirected to my main account, except blacklisted recipients), so I can make up addresses on the fly without having to unlock them first. Had it for 6-7 years now and I only get about one spam-mail to addresses I haven't used per month; almost always to defaults like info@mydomain.com.

Re:Own domain

[Rary]

All my Hotmail accounts are "throw-away". In an average week, I generate 5 or 10 Hotmail accounts for single use.

Why would you use Hotmail for that? 10 Minute Mail is much easier than signing up for a Hotmail account.

Re:Own domain

[GuldKalle]

Been doing the same, too. The problem is that every user needs its own domain. Can you do something like this: random@user.example.com ?

Re:Own domain

Same here and it was.... gotomypc.

Beaten to it?

[Firehed]

This seems pretty similar to Gmail's aliasing - append anything after a plus sign to your email address (ex firehed+slashdot@gmail.com) and it goes to your main inbox. If that address is compromised, just filter anything addressed to that account.

Microsoft seems to have a few advantages here, though. First, it's a lot more seamless. Second, there are tons of websites that incorrectly validate email addresses and treat + as an illegal character, which it is not (hell, you can go directly to an IP address instead of a domain, although nobody ever would), so by extension it's harder to use as a throw-away address. And third, it's pretty obvious you've done it, and websites can just s/\+[A-z0-9.-]+@gmail.com/@gmail.com/g it into oblivion.

Of course, in order to get this functionality, you need to use hotmail. Aren't those already throw-away accounts by definition?

Re:Beaten to it?

[WiglyWorm]

That is nice, but I've had experiences with websites that won't allow the + sign as part of an email address. Unfortunately, emails are one of the hardest things to validate with regex, and most implementations get it wrong.

Re:Beaten to it?

[artor3]

Those "few advantages" are the only valuable aspects. Plus addressing is borderline worthless, because it requires you to reveal your real address.

Re:Beaten to it?

This seems pretty similar to Gmail's aliasing - append anything after a plus sign to your email address (ex firehed+slashdot@gmail.com) and it goes to your main inbox. If that address is compromised, just filter anything addressed to that account.

Step 1:
if (email.split('@')[1] == "gmail.com")
          email = email.split('+')[0] + email.split('@')[1]

Step 2: ????
Step 3: Stupid.

Re:Beaten to it?

[dudpixel]

but any human could see that if you remove everything after the +, you get the person's real email address. How long before spammers set up automated servers to do the same?

hotmail's approach uses completely different email addresses, which is much better.

I want this in gmail :)

Re:Beaten to it?

[adamofgreyskull]

From the comment you replied to:

Second, there are tons of websites that incorrectly validate email addresses and treat + as an illegal character, which it is not (...)

Re:Beaten to it?

[Obfuscant]

Plus there is at least one turnkey spam-filtering mail server system that has no clue what a + address is. It simply bounces everything that is not a literal match to a valid username.

People who do not understand the RFCs for email should NOT be selling mail servers.

Re:Beaten to it?

[LO0G]

Mod parent up +1 Funny. After all, if the parent had actually *read* the RFC, they would know that the RFC explicitly states that:

"Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address."

That means that the spam filter is following the RFC. The + address is a convention of a number of email systems but Foo+Bar@domain.com and Foo@domain.com are unrelated email addresses according to RFC2822.

Re:Beaten to it?

[Obfuscant]

What you quote from the RFC has to do with INTERMEDIATE hosts modifying or interpreting the local parts of addresses, not the use of + addresses themselves.

Unless you are maybe arguing that "MUST be interpreted and assigned semantics only by the host specified in the domain part of the address" really means that the "domain part host" is allowed to freely ignore any interpretation assigned by any RFC, since that host would be the only thing that can assign any. That would be a ridiculous interpretation, especially since that interpretation would mean there is, effectively, NO standard for the local part of an email address and it may contain anything the destination host would desire.

No, that part of the RFC deals with things like a system I ran across a very long time ago that attempted to interpret the local part of an email address in MY domain that had the form "usenet.news.groups" (or something like that, I forget the specific naming convention for sending email to a mail to news gateway at the destination server). It intercepted a message I had intended for testing at MY domain and happily posted it for me.

Re:Beaten to it?

[izomiac]

Well, you could setup a filter in GMail to mark anything going to your 'real' address as spam, and only place certain whitelisted plus addresses in the inbox.

Re:Beaten to it?

[Shikaku]

Or: %s/+.*@/@/

Re:Beaten to it?

[Obfuscant]

That means that the spam filter is following the RFC. The + address is a convention of a number of email systems but Foo+Bar@domain.com and Foo@domain.com are unrelated email addresses according to RFC2822.

BUSTED! The text you claim appears in 3.4.1 of RFC2822 does not appear therein, nor does it appear in RFC 5322. RFC5322 says:

Note: A liberal syntax for the domain portion of addr-spec is given here. However, the domain portion contains addressing information specified by and used in other protocols (e.g., [RFC1034], [RFC1035], [RFC1123], [RFC5321]). It is therefore incumbent upon implementations to conform to the syntax of addresses for the context in which they are used.

What you quoted comes from RFC5321 (SMTP protocol) para. 2.3.11, and is preceded by the following sentence:

The standard mailbox naming convention is defined to be "local-part@domain"; contemporary usage permits a much broader set of applications than simple "user names".

In other words, RFC5321 explicitly says that mailboxes (the local part of the email address) are much broader in scope than simple "user names" in contemporary usage. RFC5233 documents the use of + addressing and thus makes it an RFC (proposed) standard item. And none of the RFCs specifies that foo+bar and foo must be or even should be unrelated mailboxes -- except they must be considered as such by intermediate hosts.

Again, what you quoted deals with the actions of intermediate hosts alone. It says only the destination host may assign meaning to the local part, but not that it must assign different meanings to two non-identical local parts.

Re:Beaten to it?

[Anubis+IV]

To get around some of those issues you mention, I actually have two accounts set up: my main one, and my dummy one that I use with the + trick.

The way I have it rigged, I give out my dummy one with a +whatever appended to any site that asks for an address. I have that account configured to forward everything with a +whatever to my main account, while holding indefinitely in limbo anything that lacks the +whatever. That way, if the sites ever do decide to just remove the +whatever and spam me, it'll all go into limbo anyway. And if they keep the +whatever and spam me, I'll simply block the +whatever. Additionally, if the sites incorrectly validates the address, I simply set up a rule for my spam handling account, telling it to accept and forward e-mail from that particular site's domain. Should they spam me, I simply remove the rule and their messages go into limbo.

For sites that validate the address correctly, there's no setup required beyond what I've already done, which makes it quick, easy, and painless to use.

Re:Beaten to it?

[LO0G]

Ok, I'l bite. Where in 5233 does it document the + addressing?

The only text I could find about local-part has:

The local-part portion is a domain-dependent string. In addresses, it is simply interpreted on the particular host as a name of a particular mailbox.

There is text in 5231 about local-part:

"local-part@domain"; contemporary usage permits a much broader set of applications than simple "user names". Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address.

which appears to be really close to the text I quoted in my original answer.

The only use of "+" in RFC 5321 that isn't part of a text diagram is John Klemsin's email address, the only use of + in RFC 5322 is in text diagrams and a discussion of timestamps.

The critical point here is that "+" is *not* a standard or part of a standard. So claiming that the author of the spamwall is ignoring the RFCs is incorrect - the relevent RFCs are mute about the "+" convention.

Re:Beaten to it?

Or worse... use the the e-mail address as an ID added in the URL... the + sign becomes a space if put in the URL :-P
This is why one day, my mother tried to send me 2 ecards for my birthday and I wasn't able to read them...
else, I use both method with my own domain
the + when it works
and just companyname@mydomain.com that goes to a catch-all account when I cannot use the + sign. Then I can add an alias that will forward
companyname@mydomain.com to myemail+companyname@mydomain.com

That way, I found out some companies that sold my domain name or got their address list hacked (or stolen by employees)...

Re:Beaten to it?

[noidentity]

I believe Google also allows periods to be inserted into the username. So if you have a 1-character username, there are 4 possible aliases involving only inserted periods (x, x., .x, and .x.), and 256 aliases if you have a 7-character username.

The problem though is that this assumes a non-malicious entity. If malicious, it can trivially determine your real gmail address and spam that. It's best if the email alias bears no resemblance to your real email address, and ideally is on a site that doesn't just hand out aliases (otherwise they'd just block it).

Re:Beaten to it?

There's another big difference. It would be trivial to code the e-mail harvesting filter to normalize those to your real address, and to use your real e-mail address for spamming and selling.

Re:Beaten to it?

[Obfuscant]

Ok, I'l bite. Where in 5233 does it document the + addressing?

I agree, you do have to read quite a ways into the RFC to find it, and it is hidden deep deep ... wait -- Section 1. Second paragraph.

Typical uses of subaddressing might be: o A message addressed to "ken+sieve@example.org" is delivered into a mailbox called "sieve" belonging to the user "ken".

...which appears to be really close to the text I quoted in my original answer.

That text does not appear in RFC2822, which is where you claimed it came from.

The critical point here is that "+" is *not* a standard or part of a standard.

The critical point here is that you are wrong. The critical point after that is that what you claimed the RFC says is also wrong. There is nothing in any RFC that says that foo and foo+bar are different mailboxes and that the destination host cannot treat them as the same, only that INTERMEDIATE transports may not assume anything about them.

Re:Beaten to it?

[LO0G]

You got me - the text I quoted wasn't in 2822, it was in 2821.

However it's important to realize RFC 5233 is not the spec for either the SMTP protocol or the email format which define internet email. It's an unrelated protocol which defines an extension to RFC 5228 that is *optional*. It's totally possible and reasonable to implement an MTA/MUA combination that just supports 5321 and 5322 without supporting either 5233 or 5228. In fact, I'd bet that most SMTP MTAs don't.

If your turnkey spam gateway advertised support for RFC 5323/RFC 5228 and then didn't follow the RFC, then you'd have a point (more on that in the next paragraph). But don't criticize the spam gateway for ignoring RFCs that aren't required for email delivery. You'll note that RFC 5323/RFC 5228 are not listed as a normative reference for either RFC 5321 or RFC 5322. That means that a server that acts as an MUA/MTA does not have to support RFC 5323 (normative references to a standard define the other protocols which must be implemented in order to successfully implement the standard).

Btw, reading RFC 5323 was interesting. I've been out of the internet email business for a decade (which is why I'm not up on the actual RFC #s) so I wasn't familar with it. It turns out that RFC 5323 doesn't define the + convention except to use it as an example of sub-addressing (as you pointed out). RFC 5323 in fact has very little to do with what is allowed in an email message. Instead it defines a set of extensions to the SIEVE filtering language (RFC 5228) that allow for ":user" and ":detail" sub addressing elements. Now SIEVE is involved in email delivery, it's a post-processor that's applied to email messages. But the SIEVE RFC doesn't define the "+" convention either.

Re:Beaten to it?

[DrVxD]

People who do not understand the RFCs for email should NOT be selling mail servers.

People who don't understand RFCs shouldn't be selling _any_ kind of server - but probably don't realise they don't understand the RFCs (or, more likely, have never even heard of an RFC). Which means that they'll continue to sell servers for as long as other people (who also don't understand RFCs) continue to buy them.

Re:Beaten to it?

[dudpixel]

I'd rather google implement the exact feature. Lets be clear - your suggest would be a workaround, not a fix.

Old idea

Yahoo has been doing this for a very long time

incredibly un-subtle Hotmail PR IMO... way to go /.

?um

[Charliemopps]

What are hotmails?

Re:?um

[murphtall]

i am a hot male

Re:?um

[RoFLKOPTr]

What are hotmails?

The opposite of ComicCon attendees.

Always innovating

[gmuslera]

Always Microsoft realizing last the good internet ideas. Probably they are the last ones left on the world that didnt throwed away their hotmail account yet.

Nice idea. I just use alt e-mails.

I speak of Gmail in that case.
Simple to do, setup 2 accounts, private account, public account (more if wanted, such as business, spam, etc.)
Link the accounts.
Now you can reply and read e-mails from all accounts in one main account.

Would like to see it be more built in though.
Hopefully this will push them and others towards it.
It is always a good idea to have multiple IDs online.
Even split friends up across several accounts, in case you decide to hate one of them for whatever reason. Ditch the account, tell the others the new account, simple.

Re:Nice idea. I just use alt e-mails.

I ditched your mom. She cried for days after I switched to your sister. But she still has my email address, as I like getting the naked pictures she sends me.

I just aliases on mobile me

I think you can have 5 or something like that.

10 minute mail

Used it to create sockpuppet accounts all the time.

Yahoo, yes

[no+known+priors]

Yes, I was going to say. I've been using this with Yahoo for ages. Actually though, I think that if you have a yahoo.com login, you have to pay to get this extra feature (Yahoo Plus). But me, with a .co.uk and a .com.au login*, I have it for free. Plus I have POP access, so I don't even see ads on the Yahoo site any more...

As for all the Google fanbois:

Aliases joins an existing multiple e-mail address feature offered in both Hotmail and Google's Gmail that uses a plus symbol after a user name, but before the @ symbol. Users would then add any word after the plus symbol to create an identifiable address (e.g. Josh+newstip@Hotmail.com). This lets messages get filtered into folders, while also providing a way to see if that retailer you bought something from sold your address to a third party.

However the big problems with that system are that it's easy to see the person's real address, and some sites and forms might not let you use the plus symbol. In this sense, Microsoft's new system promises to offer a higher level of privacy along with compatibility when running across sites that won't let you use special characters.

The biggest difference between the Yahoo and Hotmail systems are that with Yahoo you pick a prefix, and the new emails are created with that prefix and a hyphen. E.g. you might have dandyboy as your prefix, you could then create aliases dandyboy-slashboy@yahoo.com.au or dandyboy-cnetsucks@yahoo.com.au. However, any email to dandyboy@yahoo.com.au will get discarded (unlike with the plus addressing system).

footnote * or maybe because I ticked a box at some stage saying "you can spam me"? -- they send about one email a month to the .com.au which gets deleted unread, and none to the .co.uk

Are tossed-out addresses re-used?

What happens to an address after a user discards it? Is it gone forever, or thrown back into the pool of addresses that others may use?

In other news...

A team of the nation's best Comedyists have unveiled the joke that writes itself.

Great - More Spam boxes . . . .

This is just a method to generate more Spam . . . .

WTF are they thinking?

Re:Great - More Spam boxes . . . .

[Call+Me+Black+Cloud]

Do you really think spammers a) are using webmail accounts to send spam and b) checking those webmail accounts to see what replies they've received? No wonder you posted anonymously.

Spammers use open relays (or spam-friendly hosts) to send e-mails with fake "from" addresses. The e-mails direct the potential victim to either a website or to reply to another e-mail address.

The ease at which new addresses can be created and disposed of in Hotmail is only a good thing.

It's the friends and family that you can't trust!

I did this for several years with gmail; one account for friends and family only, and the other using +tagged addresses for shopping/accounts/other uses. After 2 years of this, I took a close look at my spam boxes and found that the friends and family account was getting close to 200 spam emails a month, and the shopping/other account got about 1-2 a month. Clearly its my friends selling me out with all of their e-card invites and other "share" links, and not the web sites that I sign up with.

Somehow I don't think that throw away accounts for anything other than Pr0n accounts is of any use, unless you give a different email address to each friend and family member and drop the ones that start receiving spam.

Nah.

Meh. Mailinator.com has been doing the work just fine for me.

Re:Nah.

[artor3]

Have you used it in the past few years? Most sites refuse to take emails from any of Malinator's domains.

Re:Nah.

[FireFlie]

Have you tried any of their alternate domains? I find that many sites still take mailinator, and even more take alternates. Refresh their homepage a few times.

Re:Nah.

[osvenskan]

I've used spamgourmet for years and never had the address refused anywhere.

umm

[Master+Moose]

Doesn't everybody already only use hotmail for the junk email? What would I use the others for? Collecting more spam from more email addresses?

BSD

[MrKaos]

I wonder if they are still using the BSD backend that Hotmail originally used?

Re:BSD

[BlortHorc]

I wonder if they are still using the BSD backend that Hotmail originally used?

No dude, not for over a decade: http://technet.microsoft.com/en-us/library/bb496985.aspx

Seems like the credit card number aliases

[perpenso]

This seems like the credit card number aliases that many banks offer, a temporary number that locks to the first merchant to use it. Hopefully it works out as well.

Yahoo

[godIsaDJ]

God, Yahoo had this for years! This is quite lame :S

Re:Yahoo

So, why is this news?
(I know...slashdot, news at 11...)

Yahoo has had this for years

It's called AddressGuard and they call it 'disposable' emial addresses. From their help:

You can create "disposable" email addresses to use whenever you don't want to share your real Yahoo! Mail Plus address. It lets you save your primary email address for people you know and trust and give these disposable ones to others, such as online vendors, mailing lists, and other Internet services. When you use a disposable address to send or reply to a message, your personal name is not included in the sender information.

Congrats hotmail.

I for one...

[diskofish]

I for one, welcome our new throw-away email overlords.

Yeah, only we do it correctly.

[dskoll]

(Blatant plug) Our product has had this for years, only we do it properly. Our feature is called "Locked Addresses" and it works like this:

• The system generates a random email address using a strong random-number generator. The address is unlikely to be guessed.
• Initially, the address is in the "unlocked" state.
• The very first time the system receives a message for the address, it locks to the sending address or domain (your choice.)
• If anyone else tries to use the address (ie, someone other than the locked-to domain or address), they get a "User Unknown" SMTP error.

So not only can you give out your locked address, but it can't be sold or given away.

Re:Yeah, only we do it correctly.

Interesting, but flawed. Neither the sending address nor domain is guaranteed to stay the same over time. Mail providers change, hosting providers change, etc... Suddenly mails you expected to get from user or

Re:Yeah, only we do it correctly.

[dskoll]

Our system allows for this. You can optionally choose to quarantine (rather than outright reject) mail from a mismatched domain. You can also manually add a list of senders and domains that can use the address. We also keep a full audit-trail of events for each locked address so you can track what's going on.

Wow just like Mac mail

[goombah99]

snore.

Re:Wow just like Mac mail

Yeah, and just like everything from Apple, they copied it somewhere else and it costs a fortune.

Sucker.

Re:Wow just like Mac mail

[trollertron3000]

Typical fanboy with no point actually made except "yeah apple apple blah blah blah". Mailinator was created in 2003. That doesn't do shit for Gmail though, which I'm pretty sure a _few_ people use. Oh that's right, in Apple land everything else is lame. And then you fucks wonder why the world hates you.

A server side microsoft office?

I take it that it's only hotmail accounts? what happens when you choose the 5 is that your choices over? I'm presuming you can delete them too?

I've always used hotmail as my throwaway address

If I don't care about an account, I'll give them spamme@hotmail.com. Once I get their "confirmation" email, I can log into the new site and delete whatever other mail is hanging around in the hotmail account. A bonus is if it's not necessarily legal or conforming to the mafiAA's ideas of proper use, Micro$oft gets to deal with the subpoenas.

google apps has this

Google apps has this (for free) and I make good use of it. My primary mailbox has 22 email address aliases right now (including one for /. and several that I've used for amazon prime 'trials' during the holidays), plus I have a handful of entirely separate mailboxes that could in turn have their own set of aliases. For some aliases I have rules set up that automatically delete incoming mail to that address (I could also just remove the alias). AFAIK there's no limit to the number of aliases per 'user account', and I can have 200 user accounts in my 'organization'.

That's nothing.

[dmomo]

I threw away my hotmail account 10 years ago.

Re:That's nothing.

Microsoft took the initiative and threw away my Hotmail account on my behalf when I didn't access it frequently enough for their likings.

It was that

[phmadore]

It was that or somehow steal Gmail's spam-fighting technology. I've given my Gmail address to thousands of services (maybe) in the past six years, and the only spam I get is voluntary or occasional.

Does the chair sit in Ballmer?

I gotta ask, since I haven't seen a picture of the man for a while -- is his ass big enough now that the chair sits in him?

This is 10 years old!

I remember Caramail (French web portal with stupid chats and shit) offered email service, and you could have 5 aliases.
This is nothing new.

Slow news day

[dogsbreath]

What am I missing here? Hotmail accounts are throw away in the first place but what's the big deal about email aliases? My ISP has had this forever.

Throwing forums under the spambus

[Dachannien]

Similar to the "put periods anywhere in your e-mail address" and "put a + followed by anything" features offered by Google, this Hotmail feature will soon be exploited by forum spammers to create a multitude of e-mail addresses without having to solve captchas.

One of the few weapons that forum maintainers have in their anti-spam arsenal is to be able to collaboratively blacklist e-mail addresses, IP addresses, and usernames. This feature would further hinder blacklisting by e-mail address, in a manner even worse than the easily detectable ones that Gmail offers.

Re:Throwing forums under the spambus

What forum admin in their right mind doesn't already blackhole all of hotmail?

Re:Throwing forums under the spambus

[Vekseid]

A forum admin who doesn't want to toss a quarter of his/her users.

Copy this

[mstargard]

Seems a bother to be making a new address for each party you don't trust. I've been using a challenge-response system for many years quite successfully. myprivacy.ca was originally created as a whois harvester buster. It's a mail forwarder but if the sender isn't whitelisted then he gets back an email asking him to prove he's human. All he has to do is reply to do that. Then the system will forward his original email. There's room for 15 whitelisted entries and you can use pattern matching. You also have an option to passthrough all mail. This is the one email I use for anybody I don't trust and it strikes me as a far more efficient method than what hotmail's come up with. Maybe they should copy that. ;-)

Mailinator

[istartedi]

Mailinator has been providing me this service for years. AFAICT they get by on a very unobtrusive banner at the top of their home page, donations, and perhaps some funding from their corporate parent which presumeably also finds the service useful. I guess it doesn't take too much money to run such a service. They're obviously dumping spams into the bitbucket after a timeout, and limiting the size of the messages (most spam is small anyway). The only problem I've had is that a few parties filter them; but most don't. IIRC, they have some alternative domains anyway...

Re:Mailinator

[0xG]

Seconded! And, they have plenty of domain names to choose from for cases where they are filtered.

What?

[okmijnuhb]

Hotmail IS my junk mail account!

Wow

[antifoidulus]

So they've invented a less useful spam gourmet? They have only been doing this for what, 7, 8 years now?

Spamgourmet

[gringer]

And spamgourmet has been doing something like this as well, but better and more anonymously:

1. If you haven't done it yet, create a spamgourmet account. Enter your user name and the email address you want to be protected. You will be asked to identify the word in a picture and pick a password.
2. Spamgourmet will forward to this address all the emails sent to your spamgourmet disposable addresses -- that way you don't have to tell anyone else what it is -- this is why it's called the protected address. Of course, this protected address must exist. That's why you have to confirm it. You'll receive an email asking you to confirm.
3. After you have confirmed your protected address, you can give out self-destructing disposable email addresses whenever you want. The disposable addresses are like 'someword.x.user@spamgourmet.com'

All they need to know is a user name and your email address (because they need something to forward emails to).

Old news

[devnull17]

Hotmail has had accounts you can throw away for years. Just ask every porn site I've ever signed up for.

Sneakemail

[RobinH]

I've been using Sneakemail for years now. The concept is the same, and it really works well. I love being able to delete an email address that someone started spamming, after they got my address by making me sign up just to get a quote for some service I never ended up buying anyway.

Finally, it's about time!

This is pretty much the only thing I've ever done with a Hotmail account anyways, so it is pretty convenient that they now let me use it for a short time and then throw it away as a feature rather than as a rejection of the product.

unintended consequences

In related news, Adultfriendfinder.com posted a sudden spike in new member applications...

And how could this not be abused?

All they did was make this easier, don't you think?

1. Make new email...
2. Send some spam...
3. Discard email...
(Repeat from step 1...)

Introducing disposable Hotmail accounts...

....just like all your other Hotmail accounts...

Eyepatch wearing Google tools

Im staggered at how obvious you Google zealots all *read* like Apple zealots now. You view Hotmail as M$, so its tainted, so any good new feature is bagged by you all in favour of GMails weak +mail@gmail.com solution. Sorry, but it doesnt compare with user creatable/deletable aliases. Oh and yes, its not a new concept - yes if you can manage your domain you can do it yourself - yes yes yes. How come Gmail doesnt have it yet?

Dont get me wrong, I host my own email services and choose not to rely on any third party for email services. I dispise M$ with every tired bone in my nerdy body. But Google is just another M$ in a different cloak, and it staggers me that anyone would think otherwise (such as the number of you commenting on this article, blasting what is on the face of it a useful consumer feature; while bragging about a lesser service from a company just as well known to act like corporate knob-ends),

Open your eyes, those of you that brag about how you only utilise your GMail for 'real work'. Consider that they were caught red handed collecting unsuspecting civilians private information. If you buy the excuse that it was accidental - then you have no idea how a project to collect data for something such as Street View would be implemented technically, and at best are completely gullible. Someone most definately followed the WiFi packet collection from conception to implimentation, there is no other way it could have occured. For you to bag M$ services solely because you hate the M$ way (and we all know what the M$ way is), but yet champion Google is simply retarded.

Just saying.

big picture

ask your self why would Hotmail implement this feature ? It is so they can gather more information about you. They don't want a valuable customer(you) use another web service and lose the ability to tell marketers about the contents of those other emails. Even if those other accounts are only for spam filtering and job hunting, do you really want to trust the data from all aspects of your life with one single company ? Particularly one run by Microsoft ? Or one with a easy access for both marketers and law enforcement to search ?

Only 15 aliases, lame. I have over 50

[purplemecha]

I use Tuffmail for my email part of my domain. They let have as many aliases as I want. What I don't understand is why more people don't have their own domain. With your own domain you can do all sorts of nifty tricks with email. Free web mail blows big time. Stop being stingy and cough up for your own domain and get full email control. Hotmail sucks ass.

Re:Only 15 aliases, lame. I have over 50

[Sparrow1492]

And you can do this cheap. I've been using this concept for years. Anytime I need a disposable address I just go in and add it as an alias using that site's domain name such as theirdomamainname@mydomain.com. This also gives me the added benefit of knowing exactly who gives away my e-mail address when it starts showing up in spam filters.

Re:Only 15 aliases, lame. I have over 50

[purplemecha]

And you can do this cheap. I've been using this concept for years. Anytime I need a disposable address I just go in and add it as an alias using that site's domain name such as theirdomamainname@mydomain.com.

This also gives me the added benefit of knowing exactly who gives away my e-mail address when it starts showing up in spam filters.

Thats exactly how I do it too. As for spam, I've yet to see anybody give away my email address so far. I think a lot of companies are a lot smarter about email these days, but theres plenty of idiot companies still out there.

the've had it for years

[Snaller]

Besides , I thought it was Microsoft who stole ideas

I've done that already

[SpaghettiPattern]

I've done that already the minute Hotmail was bought by Redmond.

Wouldn't want to repeat it.

Why a limit of only 5?!?

[noidentity]

Why such a low limit of aliases? I'd think you'd want to use a separate alias for every service you sign up to, so that if at any point it starts sending you crap and you can't get it to stop, you can kill the alias. I've been using gishpuppy for a few years and love it, though it's not clear whether it's being actively maintained. Unlimited number of aliases that forward to your real email address on whatever service you currently use. You can have them auto-expire after some time period, or manually expire them.

Re:Cool and better idea

Don't you get the point that adding a plus or a dot still leaves your real email address exposed. This feature lets you create a random email address on the fly that you can remove whenever you are donewith it. It's similar to gmail feature but way more convenient.

Sad state of affairs

[Provocateur]

We're not eliminating the root cause here, are we? It sounds like more places or new names for 'Trash bin'.

It's like the terrorists had won

Re:Sad state of affairs

We're not eliminating the root cause here, are we? It sounds like more places or new names for 'Trash bin'.

It's like the terrorists had won

What root cause is that? If I'm looking for a new car, I'd like to sign up to get info and offers for a while from lots of different sources. But when I've bought the car I want it all to stop. With this I can, quick and easy, without bothering to go through unsubscribe processes for a lot of services that may or may not honor it. I could also have created a completely separate account for it, but just adding one temporarily to my existing account seems much more elegant solution.

Mailinator

This is by far the best throw away address when testing or signing up for websites.

        http://mailinator.com

Example of Use:

        slashdot@mailinator.com - can be accessed at - http://slashdot.mailinator.com

Google Apps for your domain?

[RealTime]

Why not just sign up for a free (plus $10/year for the domain name if you don't already have one) Google Apps account? You can create up to 50 real mailboxes (and forward them), multiple aliases to a mailbox, simple "mailing lists", turn the catch-all ON or OFF, etc.

The combination of those features and an easy-to-use dashboard (plus all of the filtering that basic GMail has) make it really easy to manage use-specific and throw-away addresses without running you own mail server.

Re:Google Apps for your domain?

[fredclown]

There is a service called Otherinbox that uses this approach. They give you a domain @yourname.otherinbox.com. Then you turn on the catch all feature and you can create any number of throw away email addresses. Combine that with filters if you get tired of receiving emails from microsoft@blah.otherinbox.com you just create a filter to delete them. I use this for everything that is not a business that I trust.

Gishpuppy. Free. Unlimited. Firefox Add-On

[binsamp]

Get Gishpuppy. It's free, has no limit that I can tell, gives permanent or temporary email addresses, and it works as an add-on in Firefox.

You can get a new email address each time a new site wants one, and the address contains the name of the site so you can tell where it is used. You can sign up here:

http://www.gishpuppy.com/

When you use disposable addresses, it is easy to tell where spam comes from. Just kill the address, and your spam disappears. Pretty soon you won't get any more spam, and you never have to use a spam filter which wastes time and can get confused and trap legitimate emails.

I used to get thousands of spam and wasted a great time trying different types of filters to try to eliminate it. None of them worked perfectly, and I spent a great deal of time going through the messages to make sure they were all spam. It was a huge waste of time until I started using disposable email addresses. Now I am lucky if I get one or two spam per year.

A lot of spam contains malware, which you don't need.
Kill the spam, and you eliminate the viruses and trojans.

A disposable address is the best way to do it, and Gishpuppy is one of the best disposable ones you will find.

Regards,

Mike Monett

They also throw your messages away at random

I'd lost a lot of data when they decide to randomly delete my mail. I lost communication from myself and my wife (when we first met) and a lot of other similar personal stuff. I didn't have a backup, and I never used hotmail again after that.

Now can someone tell me again why I should need/want cloud computing?

Intermec cn3

Intermec Portable Computers - Find New and Refurbished Intermec 2435,Intermec 2415,Intermec 2425,Intermec cn3,Intermec ck3, Intermec CK61 mobile computer,CK31,CK30 handheld computer, 751, 741,6400 ,730 5020 T, 5023, T2485 & T2486 Terminals and REPAIR SERVICES Here At liberty-sys.com

More info:- http://www.liberty-sys.com/mobile-computers/intermec/portable-computers/intermec.htm

Sad

Multiple email accounts.....easier to do....and they all ask why there are no IPV4 left....

HoTMaiL?

[tessellated]

Funny, I threw my then called HoTMail account away when MS bought it...

Yahoo's Version Is Nice

[davidpfarrell]

Yahoo's had this feature for years - You choose a separate prefix (not your actual email) and can configure '-suffix' addresses to create 'prefix-suffix@yahoo.com' temporary addresses.

These are managed from your main email account and you can configure as many as you want, I have more than 100 of them.

You can even configure to send from the address if you like and it shows up in your From dropdown when you create a new message.

Having a prefix separate from your actual email address provides some security.

Also, having to configure them vs creating them on the fly means that if you get a spam that someone truly gave/sold your email address away.

I do wish it were easier to create addresses, like a toolbar widget or a task tray app to quickly create one in when I'm on a website that needs an email.

Better would be no prefix at all and a simple app to generate random addresses and copy to clipboard with one click... Or right-click an input field and have an option to drop an email address.

MS would have an extra piece of information

[dugeen]

The drawback to this is that MS would know that the two aliases were linked. With two separate accounts they might be able to make guesses based on IP address, but they wouldn't know for sure.

In Soviet Russia...

[Coldfinger]

... Hotmail throws you away

Just use Gishpuppy....

[Dr+La]

There in fact already are a number of disposable e-mail generators which allow you to create a personalized address on the fly that forwards to your real e-mail.

Personally I use Gishpuppy (www.gishpuppy.com) for that several years now. They have a handy plugin for a.o. Firefox (http://addons.mozilla.org/nl/firefox/addon/gish-it/). Whenever I have to fill in an e-mail on a web form, it is a matter of right-clicking in the adres box on the form and voila, I can create a customized e-mail address on the fly, that I can either turn off when I want, or set to expire after a certain number of days or weeks.

Vanity domains

[AC-x]

Very nice feature to have, but real nerds would set up a vanity domain and route all mail to themselves.

mainaddress@myvanitydomain.com
somewebsitesignup@myvanitydomain.com
likelytogetspam@myvanitydomain.com

How hot is my mail? Not very.

[MichaelEdits.com]

From: michaeledits@hotmail.com You stink From: michaeledits2@hotmail.com You stink From: michaeledits3@hotmail.com You stink ...... Stop touching me! He's touching me! Will you stop touching me?!

1990 called and it wants its aliases back

[KevinColyer]

WOW did we all share a déja vu moment then?

Must say I like the retro-innovation idea here. Disposable email accounts - it's like an alias to aliases!

MobileMe has these, very useful

[gig]

MobileMe calls these aliases. They are very useful for protecting your main address. You can add the year to your regular address and use that all year for one-offs and then you only hear from the last year's worth of one-off contacts.

One up on gmail

[hesaigo999ca]

For a long time I have thought that this and also the idea of having separate passwords for the same account with different privileges a must. You want to allow one person access to view your stuff but not delete it, you add them as a user to your account and give them a password, then once they have looked at what they need you can delete that user...I guess it would be the same as this except, the content would have to be shared with the other account (a point like in c++?) and then if someone tried to delete the file from the extra account, the original account would keep that file...

Been there, Done that

[JaySSSS]

Earthlink has had that kind of feature for years. They call it "Anonymous E-mail" You log into your regular account, and add anonymous e-mails in sets of 5. The domain is different for the anonymous accounts, and the usernames (left of the @) are randomized. You can give them out to whomever, and read or ignore those accounts via the webmail interface.

Security vs anti-spam

[halcyon1234]

I have to say I like this, not more, but in a different way than gmail's "+" technique. It provides an additional layer of security.

It's trivial for someone to strip the +whatever from a gmail address, and they still have your normal account. They can spam it, or worse, attempt to break into it (as we saw what happened with recent database leaks)

But you cannot log intoHotmail with someotheralias@hotmail.com. So even if someone matches your email address and password together, they cannot log into your account. In fact, what MS should do is pop up a warning dialog of some sorts if someone tries. "Warning: Someone tried to log into your account using the throw away address 'xyx'. They [did/didn't] have your correct password."

Nothing new here...

[MrWin2kMan]

I've been doing this for years with my hosted domain accounts at 1and1.com. A couple of email boxes and a couple hundred aliases.

Re:Nothing new here...

[SpinningCone]

I'd mod you up if i could. Hotmail invents aliases. woo. ive been doing this as well. i have a new alias for everything i sign up on helps mitigate spam and track things I have signed up for.

Googol ought to have this

[minstrelmike]

Google ought to have something like this.
Oh wait a minute, they already do.
Not the plus extension either. Google simply makes your spam disappear regardless. Even if spammers have your email, it doesn't matter to your Google InBox.

So?

[Joce640k]

If I'm a spammer I'll just filter all the dots out of gmail addresses (right after I trim off the part which begins with '+').

Re:So?

[Patoski]

Then I would use an email address with periods and filter any "periodless" emails to spam. The spammers don't know how you're really using your email address (with or without periods). In either case you can still filter them.

Noathing new...

[TemporalBeing]

...Yahoo! has had this for years. So does Gmail. MS is just late to the game in yet another feature.

Nothing new.
Please move on.

Regex

[0xG]

s/\+[^\+]*@gmail.com/gmail.com/

spamgourmet?

How about spamgourmet? sample id:
abc.g.@spamgourmet.com
-- the g says 7 emails allowed
+ has additional domains to use.

elephant in the room - Yahoo

[cavebison]

Has nobody noticed that one can create *unlimited* throw-away addresses in Yahoo?

I've had a Yahoo account - unpaid - for years now, and have over 50 email aliases. I create a new one for every new need. It's awesome and nobody has matched it, ever. What's going on there?

Just create a yahoo.com.au account (Australian) and you can create aliases to your heart's content. A limit of 5, MS? Pathetic!

Not a new idea

GMX http://gmx.com/ has had a very similar feature for a long time. You get to create several extra addresses that all point to your inbox.

Too much like Gmail aliases

I personally prefer using Cocoon's Firefox add-on for spam control http://getcocoon.com - I do not have to manually type in an alias, where Cocoon provides a drop-down (that are called mailslots) so you can make one on-the-fly.

Third attempt at posting a comment here...

[teksquisite]

The hotmail aliases are much like Google aliases. I do not like the concept of having to manually type in an alias (or try to get an alias that is already taken.) My preference is with "Cocoon Mailslots" http://getcocoon.com/ - where you can select either a new email address that is randomly generated (that appends to a Cocoon email address) or select an address (that was previously created) from the dropdown menu (of nicknames that you have already used.) All mailslots are contained within the Cocoon GUI - and if one mailslot gets too much spam - simply delete it and you never have to mess with that email address/nickname again... All mail is sent to your Cocoon inbox. You can allow Cocoon to auto-name the mailslot according to website or you have the option to give the mailslot a nickname that you choose. This is the very best spam solution that I have ever encountered and it 100% works for me. Hoping that this comment will post since the other two apparently did not... Cheers, /Bev (teksquisite on twitter)

Only 5 addresses?

The only purpose I can see this being used for is the same as Mailinator's. In which case it would be useful since a lot of websites don't accept mailinator addresses but would have no choice but to accept Hotmail because of its popularity.

It's not practical to use it as a way of being able to put a block on incoming mail when you get spammed, simply because you're going to register your email address with more than 5 websites. You would have to divide your 5 addresses among the sites you use but if you ever need to 'throw away' one of them, any genuine websites you also gave that address to will be unable to send you emails you actually want to receive.

It's a step in the direction but the only way this is really useful would be to give each use their own sub-domain and unlimited addresses for that sub-domain. I own my own domain and I've been using this system for a decade and I don't even need spam filters. If Hotmail ever implements what I just suggested they will have a huge advantage over Google, spam would be a thing of the past for Hotmail users.