manski's blog

Fight spam with disposable email addresses

no comments

Interlude

There’s spam on the Internet, alright. Lots of it. You receive spam when spammers get hold of your email address. How do they do this?

  1. A friend of yours got himself infected with a virus/worm/trojan horse. This virus reads your friend’s address book and sends all email addresses in it to a spam server.
  2. Spammers try to guess common email addresses, like sales@mydomain.com or mail@mydomain.com.

  3. A lot of websites require you to give them your email address.

    • These websites can (potentially) be hacked and the hackers can download your email address (among all others) from the website.

    • The website puts your email address in plain text somewhere where it can (easily) be found by email harvesting programs.

You can’t really do anything about point 1. You can kick your friend’s butt for not having an anti-virus program running on his computer or for surfing on suspicious websites. But then (in most cases) it may not be his fault altogether.

You can avoid the problems of point 2 by not using so commonly used email addresses (but this may not be possible for everyone).

What this article is about is point 3.

Before we get started, here’s some good advice (not really related to what’s following):

If you have a website of your own don’t ever put your email address in plain text on your website. Use a contact form, JavaScript obfuscation, or even an image but don’t put it there in plain text.

The Concept

How do you cope with point 3? Easy:

You provide a different email address for each website that requires an email address.

Doing this has several advantages:

  • If you receive spam over such a special email address, you immediately know which website is the culprit.

  • If you receive spam, you simply delete the email address. No more spam. You can’t do this if you provided the website with your main email address (obviously).

Although this concept is nice, there’s one big requirement for it:

Creating and deleting email addresses must be extremely easy/fast. Otherwise you won’t do it, trust me.

Implementation

So, how do we do this? We use a so called catch-all email address.

Email flow chart

This requires that you have the ability to create such an email address. Your best chance is if you have your own domain and your domain provider allows it.

Then:

  1. Create a sub domain for these email addresses. (Don’t use your TLD if you can because a sub domain is not that easy to guess.) For example, create spam.mydomain.com.
  2. Create a catch-all email address for this sub domain. This can either be a mailbox or a forwarding.

That’s it.

Now, when register at a website called “my-fancy-shop”, use my-fancy-shop@spam.mydomain.com as email address. “Creating” a new email address couldn’t be easier, could it?

If you want to delete/block an email address, simply create a forwarding to a non-existing email address (like reject@mydomain.com). Then this email address won’t be caught by the catch-all email address but instead use its forwarding address.

No comments yet

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.