Good vs Bad
This sounds like a good idea. I have had this situation several times and run 3 accounts.
Could it be abused by spammers though? Maybe not as it is linked to your account. Still will not make me use hotmail though :)
Microsoft is introducing throwaway email addresses for Hotmail users. You might have thought that Hotmail was already for chuckaway email addresses, but the software giant will now make it easier to redirect mail to your existing primary address. Hotmail subscribers can already use a +sign and add a word to the first part of …
There are already countless services for doing throwaway email...
http://spamdecoy.net
http://dodgit.com
Also, a trick I use is to create a wildcard subdomain:
*.mydomain.com MX mail.mydomain.com
and then when signing up for a site, use an appropriate subdomain, eg:
myuser@theregister.co.uk.mydomain.com
That way, not only can i stop the flow of unwanted emails should they become a nuisance, but i can also see if someone has sold out or leaked my address to spammers (which has happened a few times)...
When i've had enough of the junk from a particular source, i can just create an MX record specifically for that subdomain which will override the wildcard. I tend to redirect junk back to where it came from.
I just use disposable addresses whenever I register somewhere where they require an email address for validation even though I don't want to give it to them.
End result is similar toy your tactic, except I don't bother about getting/checking/tracking spam at all. TBH, if you are prepared to spend so much time just knowing why you get spam and who from, you're effectively wasting more time than if you just bent over and took it, with a high probability that your email account would filter it for you anyway.
Besides, your trick is blatantly obvious, and any slightly dedicated spammer with half a brain can bulk clean your subdomain from their database with a simple filter/macro, thus increasing your chance to eventually get "untractable" spam in your "clean" mailbox.
...you can make -all- your e-mail addresses disposable, without having one golden address that your e-mail archive is tied to.
Then again, it's the less technical people who are likely to find spam more troublesome.
The other trick that apparently works very well is to have the e-mail address actually contain the letters "spam" or "nospam". Almost all spammers will reject it as a dud, although you may get spam or viruses if someone else's address book is hacked and used to send e-mail.
I find using your own domain and changing your address depending upon who you are giving it to is well worth it. The problem with a "disposable address" is that you don't always know when you'll need a disposable address! Quite often I've found out that I get spam sent to the address that I gave to very reputable companies - whether such companies have been dishonest or merely had their servers hacked I'll never know, but it makes setting up rules for deleting spam much easier.
I'm not sure if what you're proposing is any different but I had a wildcard on xxx.com because so many people were using the US instead of the UK spelling for the domain.
Suddenly, I got hammered by several thousand messages a day. They were all "user not
known" messages from many and various networks. The spammers had used my domain in the From and Reply-to fields and was scattergunning with any and every username they could think of ... both to and from.
Goodbye wildcard!
was in using header fields to switch on. I run my own mail server and it directs things based on the 'RCPT TO' command. That, ultimately, is what sends mail to a mailbox. A simple way to think of it is that it's the SMTP equivalent of an FTP 'put' command.
The stuff in the header is basically just part of the data dump that gets uploaded. Mail servers and clients generally expect them to make some sense but it varies. You can have a message that according to the headers is for 'Mr. Michael Mouse' but actually have it delivered to 'Fred Flintstone'.
I use the same technique but instead of a sub domain I just have a wild card redirection system. Incoming mail has to confirm to the template or else it gets thrown out the door. That stops all the random stuff. If spam starts to come through I know which of my contacts is responsible and I can deal with them without impacting anyone else. It also gives you an additional security check. If my bank asks for my details but addresses 'you.fredflintstone.check@my.domain' I know it's not legitimate - they aren't supposed to know that address exists.
On a day to day basis I barely notice - it all ends up in the same inbox.
For years I have been making up 'company related' email addresses for the companies that I deal with on a casual basis. Just recently I have been getting spam to cts@ - thats the 'computer trade show' in brum that I attended a few years ago. Guess the email addresses have been leaked / sold.
When I then stop needing an email address I either block it on exchange or in a rule in outlook.
If you don't want to register with your own email you can create a throwaway with mailinator already.
Just think of an arbitrary email user name e.g. MyArbtiraryEmailAddress. Something nice and long and unguessable. Then go to mailinator.com and type that name into the box. The service will generate an equivalent email address which can be used to register on sites, e.g. M8R-i5idwi@mailinator.com. The mail box holds mail for a while and then purges it so it should be good enough to work with most forums, sites etc.
The two issues to remember is there is no login password - anyone can read a mailinator box so it's best to generate a unique and unguessable id. The second is some sites have blocked mailinator so you might have to use one of the alt domains for it to work.
"The two issues to remember is there is no login password - anyone can read a mailinator box so it's best to generate a unique and unguessable id. The second is some sites have blocked mailinator so you might have to use one of the alt domains for it to work."
You actually don't need to create your box first by the way. Just send an email to it.
Well, to answer these separately:
1) No password: correct. It IS meant to be throwaway. And to be honest, I have yet to find that the random passwords offered by the site automatically cause any issues.
2) Mailinator has several domains. And in some cases you can even use your own domain, if you have one (see suggestion higher up).
Bottom line is, and it's something you have to realize for this to be of any use - it is a throwaway address that you do not care about. It will be deleted within a day either way.
"Microsoft reckons the average person has three email addresses for different parts of their lives, or spam."
Yup, at least three
" The software giant points out that maintaining three accounts, presumably with three different passwords, is a pain" "
Nope, no problem at all.
Hotmail is one of my spam accounts - I don't need any more on there.
While gmail doesn't offer exactly this feature, I've found it can be made to with google apps. Designate one 'catchall' account (not your main account, set one up dedicated for this purpose) and have it auto-forward everything to your everyday account. You can then set up a filter to check for the X-Forwarded headers - I route everything into a 'Catchall' label.
As far as I can tell it isn't possible without the catchall account and redirect because Google, in its wisdom, has decided not to make it obvious in the headers when this has happened. You can set up a rule to say 'When mail was not sent to X, do Y' but this will match anything not sent directly to you (cc'd, mailing lists etc).
Best option? Run your own mail server.
I find two problems with managing spam this way:
1) A hell of a lot of websites will reject addresses with a + in them, because RFC2822 / 822 mean bugger all to most these days.
2) If I were a spammer, what's the first thing I'd do? This: s/(\+[^@]+)(?=@)//
Of course, one way around this is to use a +suffix'd address as your primary and can anything to the address without the suffix.
The dots in your name @gmail.com are ignored, so you can add a couple extra dots in there and then create a rule to handle them.
Gmail handles spam well so you don't have to worry about getting flooded like you would with hotmail.
I still have a hotmail address, in case people use an old address but I never send any email from it, I use my gmail account.
Gmail has been offering this EXACT feature for years. It's a bit clumsy of MS to announce this "new" feature ("stolen from Google" ;-) ) right after the Bing bar Search 'theft' controversy. Very dumb timing.
Problems with the entire "+" concept:
1) Some webpages do not allow "+" to appear in the submitted e-mail address.
2) Evil spammers could easily automatically remove the string "+*" up to the @.
This post has been deleted by its author
I've been doing this for years, my current ISP allows me 10 email addies and I normally have 4 on the go at any one time.
If I want to do something new, or a short term thing.. I create a new one specifically for that task... it only takes a couple of minutes.
If that email addy then starts getting spam, not only do I know that the company in question is passing my details on and not to be trusted... But I can simply delete the account when I'm done and replace it with something else if needed.
So I can hardly congratulate MS for figuring out something that I've been doing since the 90's.
Leave it to M$ to finally innovate!!!!!
Shit, Earthlink has offered this for quite a few years!!!
Each Earthlink account can get 5 disposable email accounts on a different domain. When you have used them up, get some more. You do not have to even bother checking them.
There would have been no requirement for decoy email addresses had Microsoft played a straight hand in their acquisition of TADAG.com IPR. Instead they filched only a portion of the full TADAG architecture before hiving it off to a third party to be reinvented as OpenID. The remainder is still under wraps.