34 comments

[ 1.8 ms ] story [ 76.8 ms ] thread
Any free email provider can be used for fake, one-time, temporary email addresses - it just takes a bit more time to register another one. It's just annoying when email is needed to create an account, and way more annoying when it filters email addresses for no reason.
Yes, and this is a war that cannot be won. Measures like this will simply escalate it to the next level. The reason people use throwaway accounts is because they don't want to receive email as a consequence of signing up. The solution seems simple: don't require email to create an account.
Or you can use the old username+SOMETERMYOUFILTEROUT@gmail.com.
Don't you know that having a plus sign in your email breaks half of the websites' regex.

    "There is an invalid character in your email address,
    please try again."
then it's worth letting them know their site is broken.
This scares me, because you don't have to be very "smart" to remove everything after the + (or -, for us qmail users). Then your real address is exposed.

Much better to use SOMETERMYOUFILTEROUT@yourdomain.com, or throwaway-account@mailinator.com. (I love how many sites block mailinator, but don't block its other 8 billion domain names. Wunderbar.)

I've also seen some website "clever" enough to remove the + sign when sending some of their emails...
Simple solution: never use your email without "+suffix" part and discard direct email (unless whitelisted) as a spam.
The goal should be attracting customers that want to read your emails. If they are using disposable emails, that means you do something wrong. Maybe you should skip email requirement?
I can't agree more. Regardless of whether you force your customers to use a real email address or not isn't going to change the fact that if they don't want your emails they aren't going to read them.

If you force the emails on them they are only likely to become annoyed at your company and reduce their interactions with you.

Do two things. Make the email address optional. Make the email content so desirable that the customers provide their real email address at their own free will. It's the best of both worlds, now you only have email addresses in your list of people who are genuinely interested in seeing your content.

I can imagine several different PHB deciding to require that the developers use this.

The problem is that if the user doesn't want to read you email, they won't.

This service is like selling megaphones to advertisers - it doesn't make people buy your service/read your email but it does increase the profit for the megaphone suppliers.

And if a website enforces this, well, I didn't want to sign up anyway.
Here's a thought: instead of dealing with crap like this, what about a service for mailing lists that collects email addresses, and stores them internally. Companies wanting to reach customers can put the signup form as js on their websites, but never get the actual email addresses. The mailing list service passes the newsletters on to subscribers, who are free to click links and form a more direct relationship with the client company, but guarantees to users that:

1. It will never directly pass email addresses to the client company or any third party.

2. All unsubscribes will be respected immediately.

So you can sign up with confidence. The downside for the client company is it doesn't get those sweet, juicy email addresses. The upside - lots more signups, and no fake addresses.

Feeds (atom, rss) solves this quite well already.
really? can you expand on this?
Instead of sending out a newsletter, the company just adds an item to its feed.

Interested users can add the feed to their feed-reader, and can unsubscribe at any point by removing it again.

It has all the benefits of the OP's suggestion, but it is already available. I guess it is debatable whether having it in your feed reader or inbox is a pro or a con (I personally don't want mass email in my inbox).

I use sneakemail.com as a way of filtering mail and tracking email addresses I give out to web sites and mailing lists (/not/ as 'disposable' addresses), and both their domains (sneakemail.com and the newer snkmail.com) are blocked by this service.

Blocking these email addresses is counterproductive. The only site I've encountered in the past that blocked Sneakemail was Digg, and I didn't sign up as a result. They /may/ have blocked a few 'disposable' accounts with this strategy, but they /definitely/ lost at least one 'real' user because of it. In addition to this, I have no doubt that there were orders of magnitude more 'disposable' Hotmail and GMail addresses signed up for Digg that there would have been Sneakemail addresses, so they need to deal with the 'problem' of undetectable disposable accounts anyway.

Sneakemail is a great service, BTW. I hope stuff like this doesn't render it useless.

Yes, quite. Hotmail and gmail etc offer what are essentially disposable addresses (free to sign up). The _only_ issue with these is that there is _some_ overhead with signing up - a fair amount of personal data required, which whilst can be faked they (well hotmail anyway) does annoying things like confirm validity of zipcode.
I have a catch-all account for my domain. If I sign up for a service I use their domain as the user on the address I give out. E.g. facebook@mydomain.com.

The result is that all email that isn't personal nor directly related to my business gets sent to an account that I check once a day.

If an address gets spammy or, like the Epsilon situation, a service provider gets hacked I can block my account without consequence.

What about disposable email address services who offer exclusive domains for paying customers? Are you going to characterize those addresses as "fake"? I see you are actually doing that now!

I know these evil disposable email address users and they are not the abusers you think they are. In fact a lot of them have been more abused by the sites you are providing a service to than vice versa.

There are better ways of combating abusers then just banning a domain, and would cause a lot less grief. A central repository of "fake" domains inevitably will cause false positives on a large scale and will cause a whole lot of grief to everybody.

Full disclosure: I came out with the first disposable email address service, as far as I know, and I'm quite certain I even coined the term "disposable email address", as obvious as it may seem, it wasn't at the time, and I can't imagine what you think of me!

This is starting to feel like an arms race. Next, there will be undetectable disposable emails, and then automatic detection of undetectable disposable emails.
One problem with a service like this is: how do I know if I can trust it with people's email addresses? How do I know that this site doesn't store the emails tested and sell them to spammers?
How do I know that this site doesn't store the emails tested and sell them to spammers?

Why wouldn't it?

well it only tests on domain name if I understand correctly, so you could send it random string@same_domain_name and then check if the domain is valid or not (Not that it is a good idea)
Next week on HN, I'll unveil my new browser extension: block-sites-that-block-disposable-emails.com.

Why should I trust someone I've never heard of with my real email address? Trust is earned, and I am not going to use a service that requires a "real" email address.

Besides; I run my own email server... how do you even know I'm delivering your email to a file and not to /dev/null? You don't. This service is bullshit.

Hi

Kevin is right, also jrmg and most others from my point of view. I am the one who started the service discussed.

As in every topic there are at least two positions. I think in normal cases the service will help service providers to keep the userdatabase clean of temporary mail addresses. From the point of a user (and I am often only a user looking for services) it should also not be a problem to give a email address away if you trust the provider.

But I agree: In special cases acting as a user it is useful not to give someone the email address. Like a creditcard number.

From providers angle I would decline such email addresses in every case. Most of the services are free today - so the only return service is to have a communication channel to the user. It's clear for me not to spam my users as I treat them as customers.

It's up to you if and how you use the service. And hopefully most of you would like them.

But I know that not everyone is happy with that kind of abuse killing abuse killing systems ... (see jrockways new idea of block-sites-that-block-disposable-emails.com).

Best regards,

Gerold http://www.block-disposable-email.com

Why is this not done as an RBL-style DNS-based blacklist? The queries are cheaper, mirroring and distributed caching are already built-in...

Of course, charging for access would be harder, but you can still offer to sell people lists who don't want to rely on external infrastructure.

I had DNS RBL in mind because of your mentioned advantages. But the service needs the new domain-feed done by users requesting the service. As far as I know this is not possible by DNS RBL.

And: for me it was easier to develop a web based service than doing new things with bind.

Gerold

Fair 'nuff. :-)

In case you want to revisit, dynamic DNS is really easy to do with PowerDNS (an alternative to bind).

I've combined PowerDNS and Redis with a relatively thin Python glue layer, and then done some funky things with subclassing that to create programmatic answers to certain queries instead of just looking things up. PowerDNS also has native backends for MySQL and some others.

If you're interested in my Python/Redis stuff, the code is here: https://github.com/pagekite/PyPdnsRedis/

I could probably get behind this idea if it differentiated between junk accounts and premium paying users. In fact I began offering exclusive domains just to keep my paying users from dealing with this sort of thing. As of right now you are not distinguishing them.
Hi,

I always want to improve my service - also regarding the accuracy of responses.

In fact paying users may have other interests than 10minutemail-users. Please contact me if you want to tell me your domains so I can have a look at them and unblock it.

You find my contact here: http://www.block-disposable-email.com/about.php

Regards,

Gerold

In Gmail, you can add arbitrary dots (.) to your email address and add filters based on it: f.o.o@gmail.com You can also append a plus-sign with arbitrary text on it: foo+asdfsdfaiugo@gmail.com Both will route mails to foo@gmail.com.

As said, you can add a filter to add a label to all mails to this address and skip inbox for them. That's what I do.