Feeds

back to article Microsoft discovers disposable email

Microsoft is introducing throwaway email addresses for Hotmail users. You might have thought that Hotmail was already for chuckaway email addresses, but the software giant will now make it easier to redirect mail to your existing primary address. Hotmail subscribers can already use a +sign and add a word to the first part of …

COMMENTS

This topic is closed for new posts.
Go

Existing services...

There are already countless services for doing throwaway email...

http://spamdecoy.net

http://dodgit.com

Also, a trick I use is to create a wildcard subdomain:

*.mydomain.com MX mail.mydomain.com

and then when signing up for a site, use an appropriate subdomain, eg:

myuser@theregister.co.uk.mydomain.com

That way, not only can i stop the flow of unwanted emails should they become a nuisance, but i can also see if someone has sold out or leaked my address to spammers (which has happened a few times)...

When i've had enough of the junk from a particular source, i can just create an MX record specifically for that subdomain which will override the wildcard. I tend to redirect junk back to where it came from.

8
1
Thumb Up

Sir

I have to admit.. while a trifle obvious.. this is a superb idea.

2
1
Anonymous Coward

Why bother?

I just use disposable addresses whenever I register somewhere where they require an email address for validation even though I don't want to give it to them.

End result is similar toy your tactic, except I don't bother about getting/checking/tracking spam at all. TBH, if you are prepared to spend so much time just knowing why you get spam and who from, you're effectively wasting more time than if you just bent over and took it, with a high probability that your email account would filter it for you anyway.

Besides, your trick is blatantly obvious, and any slightly dedicated spammer with half a brain can bulk clean your subdomain from their database with a simple filter/macro, thus increasing your chance to eventually get "untractable" spam in your "clean" mailbox.

1
0
Thumb Down

Wildcards can be a problem ...

I'm not sure if what you're proposing is any different but I had a wildcard on xxx.com because so many people were using the US instead of the UK spelling for the domain.

Suddenly, I got hammered by several thousand messages a day. They were all "user not

known" messages from many and various networks. The spammers had used my domain in the From and Reply-to fields and was scattergunning with any and every username they could think of ... both to and from.

Goodbye wildcard!

1
0
Bronze badge

If you're this capable...

...you can make -all- your e-mail addresses disposable, without having one golden address that your e-mail archive is tied to.

Then again, it's the less technical people who are likely to find spam more troublesome.

The other trick that apparently works very well is to have the e-mail address actually contain the letters "spam" or "nospam". Almost all spammers will reject it as a dud, although you may get spam or viruses if someone else's address book is hacked and used to send e-mail.

1
1
Silver badge
Thumb Up

Similar

I use the same technique but instead of a sub domain I just have a wild card redirection system. Incoming mail has to confirm to the template or else it gets thrown out the door. That stops all the random stuff. If spam starts to come through I know which of my contacts is responsible and I can deal with them without impacting anyone else. It also gives you an additional security check. If my bank asks for my details but addresses 'you.fredflintstone.check@my.domain' I know it's not legitimate - they aren't supposed to know that address exists.

On a day to day basis I barely notice - it all ends up in the same inbox.

1
0
Silver badge

Your mistake

was in using header fields to switch on. I run my own mail server and it directs things based on the 'RCPT TO' command. That, ultimately, is what sends mail to a mailbox. A simple way to think of it is that it's the SMTP equivalent of an FTP 'put' command.

The stuff in the header is basically just part of the data dump that gets uploaded. Mail servers and clients generally expect them to make some sense but it varies. You can have a message that according to the headers is for 'Mr. Michael Mouse' but actually have it delivered to 'Fred Flintstone'.

0
1

something similiar

For years I have been making up 'company related' email addresses for the companies that I deal with on a casual basis. Just recently I have been getting spam to cts@ - thats the 'computer trade show' in brum that I attended a few years ago. Guess the email addresses have been leaked / sold.

When I then stop needing an email address I either block it on exchange or in a rule in outlook.

0
0
Stop

it's worth it

I find using your own domain and changing your address depending upon who you are giving it to is well worth it. The problem with a "disposable address" is that you don't always know when you'll need a disposable address! Quite often I've found out that I get spam sent to the address that I gave to very reputable companies - whether such companies have been dishonest or merely had their servers hacked I'll never know, but it makes setting up rules for deleting spam much easier.

0
1
Bronze badge

Uh, I use greylisting?

Spam that arrives in my inbox is so incredibly rare I tend to look at it out of fascination.

Wait, people haven't discovered anti spam systems yet?

1
0
Welcome

Good vs Bad

This sounds like a good idea. I have had this situation several times and run 3 accounts.

Could it be abused by spammers though? Maybe not as it is linked to your account. Still will not make me use hotmail though :)

0
1

managing three accounts is a pain

Maybe this is an Outlook thing? I'm using Thunderbird and using more than one account is no harder than using just one.

0
2
Vic
Silver badge

Three accounts...

> using more than one account is no harder than using just one.

I have >3500 addresses. A new one for every time I make a new contact.

/etc/aliases is your friend... :-)

Vic.

2
0
Anonymous Coward

Hope they don't do this with live@edu

That would truly be a pain. Nice addition to the basic service though.

0
0
Anonymous Coward

Erm..

I hate to break the bubble but services like Mailinator.com have been around for quite a long time... so nothing new. Less secure to boot.

1
3
Silver badge

Yup mailinator

If you don't want to register with your own email you can create a throwaway with mailinator already.

Just think of an arbitrary email user name e.g. MyArbtiraryEmailAddress. Something nice and long and unguessable. Then go to mailinator.com and type that name into the box. The service will generate an equivalent email address which can be used to register on sites, e.g. M8R-i5idwi@mailinator.com. The mail box holds mail for a while and then purges it so it should be good enough to work with most forums, sites etc.

The two issues to remember is there is no login password - anyone can read a mailinator box so it's best to generate a unique and unguessable id. The second is some sites have blocked mailinator so you might have to use one of the alt domains for it to work.

0
0
Thumb Up

@drxym

"The two issues to remember is there is no login password - anyone can read a mailinator box so it's best to generate a unique and unguessable id. The second is some sites have blocked mailinator so you might have to use one of the alt domains for it to work."

You actually don't need to create your box first by the way. Just send an email to it.

Well, to answer these separately:

1) No password: correct. It IS meant to be throwaway. And to be honest, I have yet to find that the random passwords offered by the site automatically cause any issues.

2) Mailinator has several domains. And in some cases you can even use your own domain, if you have one (see suggestion higher up).

Bottom line is, and it's something you have to realize for this to be of any use - it is a throwaway address that you do not care about. It will be deleted within a day either way.

1
0
Coat

Next new discovery from MS

An operating system that reboots at each change, 1/2 baked updates, and security holes

Can't wait!

1
4
Boffin

Doable with gmail

While gmail doesn't offer exactly this feature, I've found it can be made to with google apps. Designate one 'catchall' account (not your main account, set one up dedicated for this purpose) and have it auto-forward everything to your everyday account. You can then set up a filter to check for the X-Forwarded headers - I route everything into a 'Catchall' label.

As far as I can tell it isn't possible without the catchall account and redirect because Google, in its wisdom, has decided not to make it obvious in the headers when this has happened. You can set up a rule to say 'When mail was not sent to X, do Y' but this will match anything not sent directly to you (cc'd, mailing lists etc).

Best option? Run your own mail server.

0
2
Silver badge

Accounts

"Microsoft reckons the average person has three email addresses for different parts of their lives, or spam."

Yup, at least three

" The software giant points out that maintaining three accounts, presumably with three different passwords, is a pain" "

Nope, no problem at all.

Hotmail is one of my spam accounts - I don't need any more on there.

0
1
Silver badge

Re Hotmail is one of my spam accounts

Someone uses Hotmail not for spam?!

1
0
Stop

Missing the point...

...the disposable accounts online are all well and good, but may expire after an hour (unless you request it to be extended). As they pointed out, you may want this email address for a few weeks, so these disposables are no good.

2
1
Alien

Gullible is not in the dictionary...

"The software giant points out that maintaining three accounts, presumably with three different passwords, is a pain."

Yeah, and the more "data" that M$ can control, the better.

0
1
Jobs Halo

Apple

MobileMe has had this capability for years.

0
2
Megaphone

Google has been offering that exact same option for years

if your email address is username@gmail.tld, you receive emails sent to username+whatever@gmail.tld

It's been a feature for ages, but that's exactly what the Reg article is pointing at.

AC

0
3

Thank you for confirming your ...

reading ability. From the article:

"But doing this means you still give away part of your address."

You can use it for routing, but not for hiding your real email address. Even if you have a hard time reading, the address harvesters are willing to try.

2
0

Re: Google has been offering that exact same option for years

I find two problems with managing spam this way:

1) A hell of a lot of websites will reject addresses with a + in them, because RFC2822 / 822 mean bugger all to most these days.

2) If I were a spammer, what's the first thing I'd do? This: s/(\+[^@]+)(?=@)//

Of course, one way around this is to use a +suffix'd address as your primary and can anything to the address without the suffix.

0
1

No spam

I use 10minutemail for all forums. Works a treat

0
0
Anonymous Coward

Bring on the dots

The dots in your name @gmail.com are ignored, so you can add a couple extra dots in there and then create a rule to handle them.

Gmail handles spam well so you don't have to worry about getting flooded like you would with hotmail.

I still have a hotmail address, in case people use an old address but I never send any email from it, I use my gmail account.

0
2

Google already allows email+x@gmail.com

Have done so (quietly) for a while. It's less useful than you think, as a lot of email forms won't recognise this as a valid email.

0
0
Silver badge

Gee

I've been doing this for years on my own server. Everyone gets their own address to use for me. That way I know where spam is coming from and can block just that source. I don't use any kind of filtering software but I see at most two or three spam messages a year and I only see them once.

0
0
Bronze badge
Pint

As noted - this has been a Gmail feature for YEARS

Gmail has been offering this EXACT feature for years. It's a bit clumsy of MS to announce this "new" feature ("stolen from Google" ;-) ) right after the Bing bar Search 'theft' controversy. Very dumb timing.

Problems with the entire "+" concept:

1) Some webpages do not allow "+" to appear in the submitted e-mail address.

2) Evil spammers could easily automatically remove the string "+*" up to the @.

0
2
Go

Or ...

... you could just set up an email account specifically for such things as car quotes. And then ever so often delete all accumulated emails at once since they're just crap after a time anyway. And you could have even done it years ago and you could even set up more than one.

0
0

This post has been deleted by its author

Bronze badge

But I use my hotmail address for spam already.

It's not like it's a serious email system.

Gmail however is good enough that I use it for my main address.

0
1
Bronze badge
Gates Horns

As Regards Your Request!

Microsoft is creating more throwaway accounts to protect their customers from spammers that use Microsoft throwaway accounts. I don't know if that's a WIN or FAIL.

0
0
Thumb Down

It's nothing new

I've been doing this for years, my current ISP allows me 10 email addies and I normally have 4 on the go at any one time.

If I want to do something new, or a short term thing.. I create a new one specifically for that task... it only takes a couple of minutes.

If that email addy then starts getting spam, not only do I know that the company in question is passing my details on and not to be trusted... But I can simply delete the account when I'm done and replace it with something else if needed.

So I can hardly congratulate MS for figuring out something that I've been doing since the 90's.

0
0
Bronze badge
Flame

M$ creates `disposable` email addresses???

Leave it to M$ to finally innovate!!!!!

Shit, Earthlink has offered this for quite a few years!!!

Each Earthlink account can get 5 disposable email accounts on a different domain. When you have used them up, get some more. You do not have to even bother checking them.

0
0

TADAG

There would have been no requirement for decoy email addresses had Microsoft played a straight hand in their acquisition of TADAG.com IPR. Instead they filched only a portion of the full TADAG architecture before hiving it off to a third party to be reinvented as OpenID. The remainder is still under wraps.

0
0
This topic is closed for new posts.