Microsoft is introducing throwaway email addresses for Hotmail users. You might have thought that Hotmail was already for chuckaway email addresses, but the software giant will now make it easier to redirect mail to your existing primary address. Hotmail subscribers can already use a +sign and add a word to the first part of …
There are already countless services for doing throwaway email...
Also, a trick I use is to create a wildcard subdomain:
*.mydomain.com MX mail.mydomain.com
and then when signing up for a site, use an appropriate subdomain, eg:
That way, not only can i stop the flow of unwanted emails should they become a nuisance, but i can also see if someone has sold out or leaked my address to spammers (which has happened a few times)...
When i've had enough of the junk from a particular source, i can just create an MX record specifically for that subdomain which will override the wildcard. I tend to redirect junk back to where it came from.
I have to admit.. while a trifle obvious.. this is a superb idea.
I just use disposable addresses whenever I register somewhere where they require an email address for validation even though I don't want to give it to them.
End result is similar toy your tactic, except I don't bother about getting/checking/tracking spam at all. TBH, if you are prepared to spend so much time just knowing why you get spam and who from, you're effectively wasting more time than if you just bent over and took it, with a high probability that your email account would filter it for you anyway.
Besides, your trick is blatantly obvious, and any slightly dedicated spammer with half a brain can bulk clean your subdomain from their database with a simple filter/macro, thus increasing your chance to eventually get "untractable" spam in your "clean" mailbox.
Wildcards can be a problem ...
I'm not sure if what you're proposing is any different but I had a wildcard on xxx.com because so many people were using the US instead of the UK spelling for the domain.
Suddenly, I got hammered by several thousand messages a day. They were all "user not
known" messages from many and various networks. The spammers had used my domain in the From and Reply-to fields and was scattergunning with any and every username they could think of ... both to and from.
If you're this capable...
...you can make -all- your e-mail addresses disposable, without having one golden address that your e-mail archive is tied to.
Then again, it's the less technical people who are likely to find spam more troublesome.
The other trick that apparently works very well is to have the e-mail address actually contain the letters "spam" or "nospam". Almost all spammers will reject it as a dud, although you may get spam or viruses if someone else's address book is hacked and used to send e-mail.
I use the same technique but instead of a sub domain I just have a wild card redirection system. Incoming mail has to confirm to the template or else it gets thrown out the door. That stops all the random stuff. If spam starts to come through I know which of my contacts is responsible and I can deal with them without impacting anyone else. It also gives you an additional security check. If my bank asks for my details but addresses 'firstname.lastname@example.org' I know it's not legitimate - they aren't supposed to know that address exists.
On a day to day basis I barely notice - it all ends up in the same inbox.
was in using header fields to switch on. I run my own mail server and it directs things based on the 'RCPT TO' command. That, ultimately, is what sends mail to a mailbox. A simple way to think of it is that it's the SMTP equivalent of an FTP 'put' command.
The stuff in the header is basically just part of the data dump that gets uploaded. Mail servers and clients generally expect them to make some sense but it varies. You can have a message that according to the headers is for 'Mr. Michael Mouse' but actually have it delivered to 'Fred Flintstone'.
For years I have been making up 'company related' email addresses for the companies that I deal with on a casual basis. Just recently I have been getting spam to cts@ - thats the 'computer trade show' in brum that I attended a few years ago. Guess the email addresses have been leaked / sold.
When I then stop needing an email address I either block it on exchange or in a rule in outlook.
it's worth it
I find using your own domain and changing your address depending upon who you are giving it to is well worth it. The problem with a "disposable address" is that you don't always know when you'll need a disposable address! Quite often I've found out that I get spam sent to the address that I gave to very reputable companies - whether such companies have been dishonest or merely had their servers hacked I'll never know, but it makes setting up rules for deleting spam much easier.
Uh, I use greylisting?
Spam that arrives in my inbox is so incredibly rare I tend to look at it out of fascination.
Wait, people haven't discovered anti spam systems yet?
Good vs Bad
This sounds like a good idea. I have had this situation several times and run 3 accounts.
Could it be abused by spammers though? Maybe not as it is linked to your account. Still will not make me use hotmail though :)
managing three accounts is a pain
Maybe this is an Outlook thing? I'm using Thunderbird and using more than one account is no harder than using just one.
> using more than one account is no harder than using just one.
I have >3500 addresses. A new one for every time I make a new contact.
/etc/aliases is your friend... :-)
Hope they don't do this with live@edu
That would truly be a pain. Nice addition to the basic service though.
I hate to break the bubble but services like Mailinator.com have been around for quite a long time... so nothing new. Less secure to boot.
If you don't want to register with your own email you can create a throwaway with mailinator already.
Just think of an arbitrary email user name e.g. MyArbtiraryEmailAddress. Something nice and long and unguessable. Then go to mailinator.com and type that name into the box. The service will generate an equivalent email address which can be used to register on sites, e.g. M8Remail@example.com. The mail box holds mail for a while and then purges it so it should be good enough to work with most forums, sites etc.
The two issues to remember is there is no login password - anyone can read a mailinator box so it's best to generate a unique and unguessable id. The second is some sites have blocked mailinator so you might have to use one of the alt domains for it to work.
"The two issues to remember is there is no login password - anyone can read a mailinator box so it's best to generate a unique and unguessable id. The second is some sites have blocked mailinator so you might have to use one of the alt domains for it to work."
You actually don't need to create your box first by the way. Just send an email to it.
Well, to answer these separately:
1) No password: correct. It IS meant to be throwaway. And to be honest, I have yet to find that the random passwords offered by the site automatically cause any issues.
2) Mailinator has several domains. And in some cases you can even use your own domain, if you have one (see suggestion higher up).
Bottom line is, and it's something you have to realize for this to be of any use - it is a throwaway address that you do not care about. It will be deleted within a day either way.
Next new discovery from MS
An operating system that reboots at each change, 1/2 baked updates, and security holes
Doable with gmail
While gmail doesn't offer exactly this feature, I've found it can be made to with google apps. Designate one 'catchall' account (not your main account, set one up dedicated for this purpose) and have it auto-forward everything to your everyday account. You can then set up a filter to check for the X-Forwarded headers - I route everything into a 'Catchall' label.
As far as I can tell it isn't possible without the catchall account and redirect because Google, in its wisdom, has decided not to make it obvious in the headers when this has happened. You can set up a rule to say 'When mail was not sent to X, do Y' but this will match anything not sent directly to you (cc'd, mailing lists etc).
Best option? Run your own mail server.
"Microsoft reckons the average person has three email addresses for different parts of their lives, or spam."
Yup, at least three
" The software giant points out that maintaining three accounts, presumably with three different passwords, is a pain" "
Nope, no problem at all.
Hotmail is one of my spam accounts - I don't need any more on there.
Re Hotmail is one of my spam accounts
Someone uses Hotmail not for spam?!
Missing the point...
...the disposable accounts online are all well and good, but may expire after an hour (unless you request it to be extended). As they pointed out, you may want this email address for a few weeks, so these disposables are no good.
Gullible is not in the dictionary...
"The software giant points out that maintaining three accounts, presumably with three different passwords, is a pain."
Yeah, and the more "data" that M$ can control, the better.
MobileMe has had this capability for years.
Google has been offering that exact same option for years
if your email address is firstname.lastname@example.org, you receive emails sent to email@example.com
It's been a feature for ages, but that's exactly what the Reg article is pointing at.
Thank you for confirming your ...
reading ability. From the article:
"But doing this means you still give away part of your address."
You can use it for routing, but not for hiding your real email address. Even if you have a hard time reading, the address harvesters are willing to try.
Re: Google has been offering that exact same option for years
I find two problems with managing spam this way:
1) A hell of a lot of websites will reject addresses with a + in them, because RFC2822 / 822 mean bugger all to most these days.
2) If I were a spammer, what's the first thing I'd do? This: s/(\+[^@]+)(?=@)//
Of course, one way around this is to use a +suffix'd address as your primary and can anything to the address without the suffix.
I use 10minutemail for all forums. Works a treat
Bring on the dots
The dots in your name @gmail.com are ignored, so you can add a couple extra dots in there and then create a rule to handle them.
Gmail handles spam well so you don't have to worry about getting flooded like you would with hotmail.
I still have a hotmail address, in case people use an old address but I never send any email from it, I use my gmail account.
Google already allows firstname.lastname@example.org
Have done so (quietly) for a while. It's less useful than you think, as a lot of email forms won't recognise this as a valid email.
I've been doing this for years on my own server. Everyone gets their own address to use for me. That way I know where spam is coming from and can block just that source. I don't use any kind of filtering software but I see at most two or three spam messages a year and I only see them once.
As noted - this has been a Gmail feature for YEARS
Gmail has been offering this EXACT feature for years. It's a bit clumsy of MS to announce this "new" feature ("stolen from Google" ;-) ) right after the Bing bar Search 'theft' controversy. Very dumb timing.
Problems with the entire "+" concept:
1) Some webpages do not allow "+" to appear in the submitted e-mail address.
2) Evil spammers could easily automatically remove the string "+*" up to the @.
... you could just set up an email account specifically for such things as car quotes. And then ever so often delete all accumulated emails at once since they're just crap after a time anyway. And you could have even done it years ago and you could even set up more than one.
But I use my hotmail address for spam already.
It's not like it's a serious email system.
Gmail however is good enough that I use it for my main address.
As Regards Your Request!
Microsoft is creating more throwaway accounts to protect their customers from spammers that use Microsoft throwaway accounts. I don't know if that's a WIN or FAIL.
It's nothing new
I've been doing this for years, my current ISP allows me 10 email addies and I normally have 4 on the go at any one time.
If I want to do something new, or a short term thing.. I create a new one specifically for that task... it only takes a couple of minutes.
If that email addy then starts getting spam, not only do I know that the company in question is passing my details on and not to be trusted... But I can simply delete the account when I'm done and replace it with something else if needed.
So I can hardly congratulate MS for figuring out something that I've been doing since the 90's.
M$ creates `disposable` email addresses???
Leave it to M$ to finally innovate!!!!!
Shit, Earthlink has offered this for quite a few years!!!
Each Earthlink account can get 5 disposable email accounts on a different domain. When you have used them up, get some more. You do not have to even bother checking them.
There would have been no requirement for decoy email addresses had Microsoft played a straight hand in their acquisition of TADAG.com IPR. Instead they filched only a portion of the full TADAG architecture before hiving it off to a third party to be reinvented as OpenID. The remainder is still under wraps.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Video of US journalist 'beheading' pulled from social media
- Netflix swallows yet another bitter pill, inks peering deal with TWC
- The Register to boldly go where no Vulture has gone before: The WEEKEND