We all know the infamous e-mail spam three step:
- A spammer obtains your e-mail address.
- The spammer begins to inundate you with e-mail spam.
- You receive the e-mail spam and get rid of it.
It's common knowledge that the easiest way for spammers to obtain e-mail addresses is to purchase them from Web sites that require e-mail addresses for some reason or another. A typical example would be where an e-mail address is exchanged for desired information being advertised by the Web site. After which the host is free to use the e-mail address per the fine print agreement, which all of us typically don't read.
Recently I read about a unique method that eliminates the risk of being spammed after providing an e-mail address to a Web site. Before I get into that though, I'd like to look at what's being currently used.
Somewhat successful anti-spam methods
Spam filtering is the technology of choice to reduce/eliminate (depending on your viewpoint) e-mail spam. The only problem with this approach is that it's after the fact. It's also a never-ending battle to keep either a black list or white list up to date. There are heuristic spam filters, but they're known for erratic results, more often than not capturing an important e-mail that you wanted to get through.
Keeping e-mail addresses a secret is another semi-successful method, but doing so is becoming virtually impossible in today's Internet world. Besides there's very little difference between keeping an e-mail address secret and not having an e-mail account.
Still that brings up an interesting point. Why not get several Web-hosted e-mail addresses, they're free. Start getting too much spam, just close that particular e-mail account.Sacrificial e-mail accounts seems plausible
Sounds like that might work. Even with all the effort to open the accounts, it's still worth it to eliminate any amount of e-mail spam. At least that's what I thought, but there's a gotcha that I hadn't considered.
Let's use me as an example to explain the gotcha. I started getting all sorts of e-mail spam from one of my sacrificial accounts so I decided to close it. Great, I'll show them. The next day I was surfing and wanted information from some Web sites, which happened to require e-mail addresses in exchange for the information. No problem, I used my new sacrificial e-mail account. All is well in my world.
What I wasn't prepared for was how soon I started getting e-mail spam again. It didn't take long before I came to the conclusion that my sacrificial e-mail addresses definitely weren't the answer. Luckily for me, I came across Kurt Wismer's article "How to Avoid Email Spam" on the anti-virus rant's Web site.
Wismer explained the flaw in my theory about sacrificial e-mail accounts:
"A number of people are already familiar with the idea of a throw-away email address and often use hotmail or some other free webmail provider to make one. Unfortunately that leaves you with no way to know who leaked your address to the spammers. So when you need to change addresses (because the current throw-away address has gotten too spammy) you'll have no way of knowing which organizations to not give the new address to."
I'd go through all the work to change my e-mail address to a new sacrificial one and get caught again.
One-time e-mail addresses
Wismer goes on to explain that there are applications and Web hosts that allow the use of easily disposable e-mail addresses so a different one can be used for each site that's visited:
"This is where true disposable email addresses come in. You need to use a different address for each site. You give an address to (whether it's ebay, amazon, or your bank) so you can identify which one leaked the email address simply by looking at which email address got leaked. So that you only have to turn off that one address when it starts getting spammed rather than changing addresses and updating a potentially long list of sites with your new address."
There are several services that will allow the use of disposable e-mail addresses. They are divided into two different categories. The first type is the most familiar:
- A throwaway e-mail address is selected.
- Give the address out to Web sites whenever needed.
- Check the service's home page or RSS feed for any responses.
- If the return e-mail is spam, just delete the e-mail address.
I know of two services that work this way, mailinator.com and dodgeit.com. I prefer the next type, because the service forwards any return e-mail to my actual e-mail account. The steps used by these services are (courtesy of sneakemail.com):
- Instead of typing in your real e-mail address, you select your Sneakemail bookmark, which pops up Sneakemail.com in a small window. You log in and click on Create a New Sneakemail Address.
- Here you find a simple form. You label the Sneakemail address so that you will recognize where that particular e-mail address was used. Click Create, and a new and random e-mail address such as email@example.com is created.
- Paste firstname.lastname@example.org into the form at the Web site. You never give out your real e-mail address.
- Now when mail is sent to email@example.com, it goes to a Sneakemail server where it's forwarded to your real e-mail address. The e-mail is mostly unaltered, except the From line reads, From: Web sites email address |label you created| firstname.lastname@example.org.
- By looking at this line, you can see that it originally came from the Web site that you visited and was sent to the Sneakemail address you specifically labeled in your account.
- If you begin receiving spam at this particular Web site and you were careful to give this address out only to that Web site, you know exactly where the spammer got this address. Also, you can go to Sneakemail.com and delete the e-mail address, eliminating any further spam.
I've tried two services that use this approach, sneakemail.com and mailnull.com, and had equal success with both. Mailnull.com also has an added feature called Web Contact Form, which is great for Web-site hosts that don't want to advertise an e-mail address to avoid spam e-mail spiders but would like to give visitors the option of contacting them.Final thoughts
I like these approaches. There's a certain satisfaction in deleting an e-mail address knowing that any spam aimed at that address will be eliminated. I realize it's an added step, but I'm willing to take it just to gain back some control.
Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic’s Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!
Michael Kassner is currently a systems manager for an international company. Together with his son, he runs MKassner Net, a small IT publication consultancy.