Disposable e-mail address
Encyclopedia
Disposable email addressing (DEA) refers to an alternative way of sharing and managing email addressing. DEA aims to set up a new, unique email address for every contact or entity, making a point-to-point connection between the sender and the recipient. Subsequently, if anyone compromises the address or utilises it in connection with any email abuse, the address-owner can easily cancel (or "dispose" of) it without affecting any other contact. Following the cancellation or replacement of a disposable emailaddress, the (ex-)owner need notify no more than one person/contact of the change.
s, bulletin board
s, chat room
s, online shop
ping, and file hosting service
s. In a time when email spam has become an everyday nuisance, and when identity theft
threatens, DEAs can serve as a convenient tool for keeping network users safe and sane.
Most likely, but not always, cancellation of a disposable email address takes place because someone starts to use the address in an illegitimate manner. This may occur through the accidental release of an email to a spam list, or because the original recipient unscrupulously and deliberately obtained it deceptively. Alternatively, the user may simply decide not to receive further correspondence from that company. Whatever the cause, DEA allows the address owner to take unilateral action by simply cancelling the address in question. Later, the owner can determine whether to update the recipient or not.
For the sake of convenience, disposable email addresses typically forward to one or more real email mailboxes where the owner receives and reads messages. The contact with whom a DEA is shared never needs to know the real email address of the user. If a database
manages the DEA, it can also quickly identify the expected sender of each message by retrieving the associated contact name of each unique DEA. Used properly, DEA can also help identify which recipients handle email addresses in a careless or illegitimate manner. Moreover, it can serve as an effective tool for spotting counterfeit
messages, or phishers
.
Additionally, because access has been narrowed down to one contact, that entity then becomes the most likely point of compromise for any spam that account receives (see "filtering" below for exceptions). This allows users to determine firsthand the trustworthiness of the people they share their DEAs with. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned undeliverable if the DEA is deleted outright.
Further, because DEAs serve as a layer of indirection
between the sender and recipient, if the DEA user's actual email address changes, for instance moving from a university address to a local ISP, then the user need only update the DEA service provider of the change, and all outstanding DEAs will continue to function without updating.
s may help with this.
(MTA) to block attempts by spammers to bypass the DEA filtering. As an example, a static string or checksum
that can be computed in one's head (or by a MTA with sieve
or procmail
) can be used as a checkstring that can be added to a DEA to evade spammers. As an example,
and wiki
administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, trolls, vandals and other users that may have been banned may use throwaway email addresses to get around attempts to ban them. Using a DEA provider only makes this easier; the same convenience with which a person may create a DEA to filter spam also applies to trolls. For this reason, most forum programs have functionality to make it easier to ban DEAs. As a result, forum, wiki administrators, blog
owners, and indeed any public site requiring user names may have a compelling reason to ban DEAs. Site operators that expect to generate revenue from the sales of gathered user email addresses may choose to ban DEAs as well due to the low market value of such addresses.
As a counterbalance to the risks of asking a user to give a "permanent" email address in a publicly accessible site, administrators have the option to prevent, or give the option for hiding, the publication of users' email addresses. An "e-mail this user" script can be used to allow communication with the user without the sender knowing their e-mail address.
This provides some minimal protection of users from spam and allows them to use real email addresses, which may make a ban on DEAs easier for users to accept. The problem is when the website itself is hacked, and the real addresses and other personal information is stolen, or when the website changes owners and email policies changed without notice to the user, or if the website intended to spam the user from the beginning.
Caught in the crossfire between Internet undesirables and administrative and user attempts to deal with them, DEA providers have trouble presenting a total solution. A user may find it advantageous to decide whether to provide a "real" e-mail address to a public/commercial entity on a case-by-case basis. On the one side, the trustworthiness and reputation of the site administrators, the availability of options to hide e-mail addresses, the existence/enforcement of an acceptable privacy policy
and the chance that the site may one day be compromised or transferred to new owners are all factors that should be taken into account. On the other, there are the risks of confusing people by using long or oddly named addresses often associated with DEAs, being perceived as a troll or someone with a motive to hide their identity, and the chance that the DEA provider may eventually cease operations.
It requires additional time to set up forwarding. However, this method allows storage and access of all emails from a single main account, although to manage forwarding the user has to remember the password for each alias.
A variation on this is to use a catch-all address then forward to the real mailbox using wildcards. A lot of mail servers allow the use of '*' meaning 'any number of characters'. This makes the whitelist automatic and only requires the administrator to update the blacklist occasionally. In effect the user has one address but it contains wild cards e.g.; 'me.*@my.domain' which will match any incoming address that starts with 'me.' and ends with '@my.domain'. This is very similar to the '+' notation but may be even less obvious since the address appears completely normal.
Uses
Disposable email addressing, in essence, sets up a different, unique DEA for every sender/recipient combination. It operates most usefully in situations where someone may sell or release an email address to spam lists or to other unscrupulous entities. The most common situations of this type involve online registrations for things such as discussion groupDiscussion group
A discussion group is an online forum for individuals to discuss various topics amongst each other. People add their comments by posting a block of text to the group. Others can then comment and respond. In the early days of the Internet, USENET was the most popular type of discussion group, but...
s, bulletin board
Bulletin board
A bulletin board is a surface intended for the posting of public messages, for example, to advertise things to buy or sell, announce events, or provide information...
s, chat room
Chat room
The term chat room, or chatroom, is primarily used by mass media to describe any form of synchronous conferencing, occasionally even asynchronous conferencing...
s, online shop
Online shop
Online shopping is the process whereby consumers directly buy goods or services from a seller in real-time, without an intermediary service, over the Internet. It is a form of electronic commerce...
ping, and file hosting service
File hosting service
A file hosting service, online file storage provider, or cyberlocker is an Internet hosting service specifically designed to host user files. Typically they allow HTTP and FTP access. Related services are content-displaying hosting services A file hosting service, online file storage provider, or...
s. In a time when email spam has become an everyday nuisance, and when identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
threatens, DEAs can serve as a convenient tool for keeping network users safe and sane.
Most likely, but not always, cancellation of a disposable email address takes place because someone starts to use the address in an illegitimate manner. This may occur through the accidental release of an email to a spam list, or because the original recipient unscrupulously and deliberately obtained it deceptively. Alternatively, the user may simply decide not to receive further correspondence from that company. Whatever the cause, DEA allows the address owner to take unilateral action by simply cancelling the address in question. Later, the owner can determine whether to update the recipient or not.
For the sake of convenience, disposable email addresses typically forward to one or more real email mailboxes where the owner receives and reads messages. The contact with whom a DEA is shared never needs to know the real email address of the user. If a database
Database
A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
manages the DEA, it can also quickly identify the expected sender of each message by retrieving the associated contact name of each unique DEA. Used properly, DEA can also help identify which recipients handle email addresses in a careless or illegitimate manner. Moreover, it can serve as an effective tool for spotting counterfeit
Counterfeit
To counterfeit means to illegally imitate something. Counterfeit products are often produced with the intent to take advantage of the superior value of the imitated product...
messages, or phishers
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
.
Advantages over traditional email
Ideally, owners share a DEA once with each contact/entity. Thus, if the DEA should ever change, only one entity needs to be updated. By comparison, the traditional practice of giving the same email address to multiple recipients means that if that address subsequently changes, many legitimate recipients will need to receive notification of the change and to update their records — a potentially tedious process.Additionally, because access has been narrowed down to one contact, that entity then becomes the most likely point of compromise for any spam that account receives (see "filtering" below for exceptions). This allows users to determine firsthand the trustworthiness of the people they share their DEAs with. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned undeliverable if the DEA is deleted outright.
Further, because DEAs serve as a layer of indirection
Indirection
In computer programming, indirection is the ability to reference something using a name, reference, or container instead of the value itself. The most common form of indirection is the act of manipulating a value through its memory address. For example, accessing a variable through the use of a...
between the sender and recipient, if the DEA user's actual email address changes, for instance moving from a university address to a local ISP, then the user need only update the DEA service provider of the change, and all outstanding DEAs will continue to function without updating.
Security and filtering
It is possible for spammers to "guess" commonly used DEAs by trying addresses in the form ofChecksum
A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and...
s may help with this.
"Poor man's DEA"
The sub-addressing technique allows users to create DEAs using an existing email address without the need for a DEA service provider. (This does not rule out using this technique with a DEA service provider, so long as plus addressing is supported.) All that is required is for the email server to support plus addressing. A checkstring, which is optional, allows the mail transfer agentMail transfer agent
Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
(MTA) to block attempts by spammers to bypass the DEA filtering. As an example, a static string or checksum
Checksum
A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and...
that can be computed in one's head (or by a MTA with sieve
Sieve (mail filtering language)
Sieve is a programming language that can be used to create filters for email. It owes its creation to the CMU Cyrus Project, creators of Cyrus IMAP server....
or procmail
Procmail
procmail is a mail delivery agent capable of sorting incoming mail into various directories and filtering out spam messages. Procmail is widely used on Unix-based systems and stable, but no longer maintained; users who wish a maintained program are advised to use an alternative MDA, such as...
) can be used as a checkstring that can be added to a DEA to evade spammers. As an example,
The downside
Many forumInternet forum
An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are at least temporarily archived...
and wiki
Wiki
A wiki is a website that allows the creation and editing of any number of interlinked web pages via a web browser using a simplified markup language or a WYSIWYG text editor. Wikis are typically powered by wiki software and are often used collaboratively by multiple users. Examples include...
administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, trolls, vandals and other users that may have been banned may use throwaway email addresses to get around attempts to ban them. Using a DEA provider only makes this easier; the same convenience with which a person may create a DEA to filter spam also applies to trolls. For this reason, most forum programs have functionality to make it easier to ban DEAs. As a result, forum, wiki administrators, blog
Blog
A blog is a type of website or part of a website supposed to be updated with new content from time to time. Blogs are usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in...
owners, and indeed any public site requiring user names may have a compelling reason to ban DEAs. Site operators that expect to generate revenue from the sales of gathered user email addresses may choose to ban DEAs as well due to the low market value of such addresses.
As a counterbalance to the risks of asking a user to give a "permanent" email address in a publicly accessible site, administrators have the option to prevent, or give the option for hiding, the publication of users' email addresses. An "e-mail this user" script can be used to allow communication with the user without the sender knowing their e-mail address.
This provides some minimal protection of users from spam and allows them to use real email addresses, which may make a ban on DEAs easier for users to accept. The problem is when the website itself is hacked, and the real addresses and other personal information is stolen, or when the website changes owners and email policies changed without notice to the user, or if the website intended to spam the user from the beginning.
Caught in the crossfire between Internet undesirables and administrative and user attempts to deal with them, DEA providers have trouble presenting a total solution. A user may find it advantageous to decide whether to provide a "real" e-mail address to a public/commercial entity on a case-by-case basis. On the one side, the trustworthiness and reputation of the site administrators, the availability of options to hide e-mail addresses, the existence/enforcement of an acceptable privacy policy
Privacy policy
Privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data...
and the chance that the site may one day be compromised or transferred to new owners are all factors that should be taken into account. On the other, there are the risks of confusing people by using long or oddly named addresses often associated with DEAs, being perceived as a troll or someone with a motive to hide their identity, and the chance that the DEA provider may eventually cease operations.
Multiple email aliases
Another approach is to register one main and many auxiliary email addresses which will forward all mail to the main address i.e. being used as aliases to the main address. The advantage of this approach is that the user can easily detect which auxiliary email is 'leaking' with spam and block or dispose it.It requires additional time to set up forwarding. However, this method allows storage and access of all emails from a single main account, although to manage forwarding the user has to remember the password for each alias.
A variation on this is to use a catch-all address then forward to the real mailbox using wildcards. A lot of mail servers allow the use of '*' meaning 'any number of characters'. This makes the whitelist automatic and only requires the administrator to update the blacklist occasionally. In effect the user has one address but it contains wild cards e.g.; 'me.*@my.domain' which will match any incoming address that starts with 'me.' and ends with '@my.domain'. This is very similar to the '+' notation but may be even less obvious since the address appears completely normal.