77 comments

[ 3.8 ms ] story [ 119 ms ] thread
Nice idea, but I suspect if it gets any traction, many services will just block maskmail addresses. That's why mailinator uses 100s of different domains and makes it really hard to get a list of all of them.
That's a good point. I'd let users pay for using their own domains.
That could be interesting, but then what do they need you for? I can already do that with gmail. I just set up a domain on google apps and then tell it to deliver any email address to my main email. In fact I do that already (see my profile).
Price, convenience. Google Apps is not free. For this particular use case you might be able to provide better user experience. Maybe integrate the custom domain registration and automatic DNS config to the UI.
(comment deleted)
The convenience factor is definitely there. A browser plugin that automatically creates an email address that you can later turn on/off with a couple clicks instead of going through the domain setup in gmail (or in my case fastmail)? I'd be interested in it.
Which also means users can't use them either. Sometimes I want to use a different mailinator domain, but loading the homepage usually only shows the known domains.
You could always point your own domain at it instead.
(co-creator of Maskmail here). That's in our plan for future updates, at the least allowing users to opt in to using many different domains. Many other features in the pipeline too, please feel free to send any ideas you have to support@maskmail.net, or tweet at us @mask_mail

Hope you find value in the service!

Will you add support for Bring-Your-Own-Domain? This HN commenter is definitely interested.
We hadn't considered it, but it's an interesting idea. We'd have to think through how to make it work, there'd be some interesting interplay with routing and mail servers.
(comment deleted)
Yea I would want this too. I think it makes more sense than Maskmail just adding a bunch of other domains that can get blocked too.
Many services block all mailinator domains by simply doing a live MX record lookup and noting the domain is pointed at mailinator (there are SaaS companies that offer this via an API). Another thing I've noticed is blocking email addresses on domains that do catch-all receiving. It's really frustrating.

I've used sneakemail for a very long time, but I've found that it's actually been resulting in worse things than simply having my registration blocked.

* Credit Karma banned my account (that I'd had for eight years)

* HP canceled my order for a laptop AFTER IT SHIPPED, recalling the package

I've had to switch to sneakemail only for things that I wouldn't provide my name to anyway.

I don't really know anything about MX records or email in general, but couldn't maskmail just always point to the forwarder domain (yahho, gmail, etc) instead of their own hostname?
No, the forwarder has to re-send the message with different envelope information.
Great landingpage dude! Was building something like that a while ago for myself until I realized, I'd just use the email+something@gmail.com feature.

But anyways, great idea! Wish you all the success or at least some decent side money.

this +something neither anoymizes your real address nor prevents it someone to spam your real address forever
I think it is a good way to only register in sites. For collaborating is not good, because "reply-to" header is set to the real sender. This a only one way to `mask` email. Answering thought masked mail is not possible.
Looks like Trashmail but more $
Why not just append a unique marker to your mail address? Some services support this. For gmail i believe you can use "+" as the separator: I.e. your email address is victim8384@gmail.com and you want to give your email address to a party called "spammer", you give them victim8384+spammer@gmail.com instead.

Once you start receiving spam to that address, you block it.

Most spammers know about that trick, and their software automatically strips the + and anything after it. Their software has been doing that for about 20 years already, sadly. The + trick really only works with people you trust already. Also, + addressing is in the RFC, so pretty much every mail server supports it.

Gmail also added . (dot) as a non-counted character, so you can put as many of those as you want into the user field, but most spam software is catching onto that too.

I use a different delimiter (using the option recipient_delimiter in postfix on my mailserver) and have yet to see a spammer figure it out. YMMV.
That works great if you control your own mail server, but most people don't these days. :)
The reason for this is of course that it's a complete pain to work with the large email providers (say, you want to send an email to gmail) if you have your own service. Email has been far from truly decentralised for a while now.
It's not that bad really. Been doing it since more than a decade.
If you enjoy the administrative work that comes with it (removing yourself from "you exist and you are therefore banned" blocklists, trying to convince gmail/hotmail/etc that you're really a real person, etc) then yes, it's not hard. If you use email, want it to work and don't enjoy extra administrative duties on top of your day job, I'd say it is that bad.
For non-important stuff I can recommend mailhero.
I have also been using mailhero.io since it has first been mentioned on HN.

Lately I do however have issues with mails not being forwarded / blocked at the service. I contacted the developer but as of today no feedback. Obviously this is a free service, which also means that I sadly cant rely on it. I am willing to pay for such a service and will try Maskmail / Othermail, but actually I would prefer an open source solution on an own (micro-)server...

My plus addressing with gmail is strictly a whitelist. Anything sent without a plus address is immediately deleted with an automatic filter. The issue I encounter is services that (incorrectly) treat a plus address email as invalid, preventing sign ups.
As a spammer, wouldn't it be trivial to just run a regex on email lists looking for that pattern and then harvesting the results? Or is this like the old joke where you don't have to outrun the bear, just your friend?
Well, one more reason not to use gmail i suppose. If you have your own mailserver you can configure a different delimiter.
Sure, but then you get 100 other problems that come with self-hosted e-mail servers that might not be worth the hassle.
At least some years ago this did not work out so well due to broken email validators that did not accept + in the address.
Some sites and systems won't accept email addresses with a plus sign in them - I've found most do tho.
I've actually thought of this a while back and thought "wouldn't that be awesome?". Kudos to the ones who developed it!
Me and a a colleague discussed this just last week and even considered building something ourselves. Good thing you beat us to it, you seem to have done a marvellous job. The one thing we did some thinking about is how to avoid getting blocked. We run a SaaS and have blocked several hundred domains such as mailinator because of the high rates of fraud. Anyway, good luck!
Another approach is a service I built called veropost (dotcom) that is an email paywall so the sender needs to send a tiny tiny bit of Bitcoin in order to reach you.
Good job, mate! Seems pretty useful. Who would you name your top competitors?
Cool, another domain name to add to my list of disposable email services. Done.
But why?
not OP, but I imagine it might be one of: it's valuable (sellable) information, fraud is more likely to come from anonymous/disposable email address sign-ups for services, tracking is more valuable when tied to a (semi-) verified/verifiable identity, valid email addresses can be enriched via other sources of information people might have access to?
To thwart low-effort drive-by anonymous abuse.

(I also block TOR. Pure anonymity is not a service I choose to offer, because it is inevitably abused and I don’t have the time or resources to deal with it.)

I don't understand one thing: the whole point of a disposable e-mail address it's that you just can use it instantly and never reveal your real e-mail addresses to anyone. That's why Mailinator got so popular. But in order to use Maskmail I have to register - what's the point? I was thinking I could give it a try because it's new so it will work for a while for sites that for some strange reason block disposable e-mail addresses, but registering simply defeats the purpose.
Note it says "anonymous", not "disposable".

> the whole point of a disposable e-mail address it's that you just can use it instantly and never reveal your real e-mail addresses to anyone

For you maybe. For others the point might be "never reveal my real e-mail address to the sites I give disposable addresses to, be able to keep receiving e-mails for some of them long-term and not having them publicly exposed to everyone that knows the address".

Why not create a Gmail account for that purpose then? (Or Yahoo/Outlook if you're concerned with data collection.) The amount of hassle is the same. With Mailinator I just type khdgfkasjdhfg in the register field, then then type Ctrl+L "maili" [Enter], paste khdgfkasjdhfg in the (already active) "Check Any Inbox" field and bang! - I'm already there, always. Maybe there's something I don't see here.
Creating a new gmail account isn't a one-click thing, adding a new address to Maskmail is, at least according to their website.
If you create a new Gmail account, as many people do, you can still be tracked with that. Using the same email address on multiple sites allows data aggregators to match your profiles from each site to build a very comprehensive picture of you. Of course, you could create hundreds of Gmail accounts, but then you have to manage hundreds of inboxes, which you won't do well leading to you missing lots of emails.

Maskmail essentially does this for you with extreme convenience.

A bit off topic but does anyone know of an email service that doesn't require a pre-existing email account, doesn't require ID, is TOR friendly and accepts cryptocurrency as payment? It seems like this should be an obvious service but I have a hard time finding one.
Not everything listed but mailinator works in Tor Browser... Might be a starting point for the pre-existing email account...
Last time I tried, they blocked Tor.
Sharklasers.com works on Tor, don't know how it compares to mailinator feature wise though.
> https://protonmail.ch

No IMAP/POP3 on free account is such a turn off

I imagine they're worried about their service being used to send spam, which would trash their reputation as a sender.
You can’t spam using either of those protocols.
1. Sign up for an account to comment, using a free email account

2. POP3/IMAP your email to your bot, clicking any links

3. Write spammy comments

Sure, you have a point. But I've noticed that nobody blacklists new domains, so using existing providers would be a waste of time for most of such operations.
Have to pay the bills. If you value a service, pay for it.
https://cock.li

tor friendly. free (runs of donations). no email or id required.

also has tons of cool domain names to choose from. some of my favorites: horsefucker.org, cumallover.me, nigge.rs, rape.lol, nuke.africa

Correct me if I am wrong, but this is the same idea as spamgourmet.com, right?
I love this service, whoever runs it: thank you!
Complete anonymity you say? Please show me how you bypass "lawful search".
There is as well anonbox.net[1] from the CCC which is pretty useful too, even if its functionalities are a little bit different

[1] https://anonbox.net/

this is a email masking service by using anynoymous email adress unlike many others which only provides anonymous email address

nice idea!

I try to create an account, put in a username and matching passwords, but the "create account" button gives me a circle-bar "you can't do that" pointer, with no explanation. Chrome on OSX.
Sorry your password needs to be 8 characters or more
Good feedback, I'll make it clearer, this is a confusing state
It's fixed now, thanks for trying it out!