27 comments

[ 3.9 ms ] story [ 38.8 ms ] thread
not spectacularly new and exciting but with a few useful links (if your favorite webservice blocks a few disposable email services). thanks for posting.
As part of an anti-spam effort in my previous project, I collected a disposable email domain list:

http://madk.org/disposable-email.txt

You missed about 99.99% of mailinator's domains.

Hell, you can even point your own domain at mailinator, so blacklisting will never work. Sorry.

Can't you just check the MX-record of the domain. If that point to mailinator.com (or the same ip as mailinator.com) you know that it is mailinator's domain.
Sure. And don't forget to check the A record if there's no MX. At some point it's probably not worth the effort, though.
I can set the MX to whatever I want during the validation stage. Then tomorrow, when I no longer want your email, I can point it back at mailinator.
Finally, as for website administrators, they always want to get real user information, so they may hate this kind of disposable email service. No worry, you have your weapons, undisposable.NET can help you to identify which email address is not a real one. Then you can refuse them to register.

I've tried to register with Mailinator on a few sites but was told by the form validator to use a real address. So I go over to mailinator, find one of their disposable domain names of the day, and use that instead. Works every time. (They even make the list of domains an image so websites can't easily scrape it. Wonderful!)

Bonus fact: you can use your own domains as well, if you're not currently getting mail at them. Just point the MX to malinator, it'll accept mail for anything.
Note that mailinator inboxes, in particular, also accept mail to an alternate address which cannot be used to access your mail. (Just access your chosen mailbox.)
Often, if you're giving your address to some site WeSendSpam.com, you can just add a label to your email address as such:

youraddress+wesendspam@domain.com

With some mail providers (GMail), the email goes to youraddress@domain.com, but the "to" field will be youraddress+wesendspam@domain.com. So, if ever WeSendSpam actually starts sending spam, you can just create a filter that dumps all emails sent to that label directly to the trash!

edit: just tested it with Hotmail, works too.

Unfortunately many sites refuse to recognize as valid a mail address with the character '+' in it.
Yup, I have had that happen more than once with my company address ( that is hosted with google apps).
Gmail (I'm not sure about other providers) will send ex.am.ple@gmail.com and ex.ample@gmail.com to example@gmail.com.

I use this to get around the various websites that do not accept the + character.

This only works for "legitimate" spammers -- those who usually have a working unsubscribe link (which is often easier to use).

Real spammers just drop the "+..." part and spam your main address.

I've also noticed a surprising number where the plus symbol actually breaks the unsubscribe link. (Thye failed to properly URL encode the plus sign, which is treated as a space by the server)
Or, you could use a catch all email address to give every site their own unique email: sitename@yourdomain.com. More outlined here: http://www.mooreds.com/wordpress/archives/219

Then you know who is selling/losing your email address. And pipe those particular addresses to /dev/null

For this type of service spamgourmet is my long time favorite.

Create disposable e-mail addresses that forward to your real e-mail address. You get a name stub and then you can create e-mail addresses on the fly. For instance you can have something like "hacker" as your name stub, and they have 20ish domains to use. So it works like this, say you are signing up for a subscription with inc you can then use inc.hacker@recursor.net or inc.hacker@neverbox.com or inc.hacker@spamgourmet.com. Whichever you prefer as the domain. In this case it would use my default burnout rate which is set at 3 when you signup. I bumped mine up some, but you can also specify it. So if you wanted say 10 e-mails before it burned out you could use inc.10.hacker@recursor.net. If you don't do anything else, once you receive 10 e-mails at that mailbox it will burnout and start eating them. You can also go whitelist the domain so if you get an e-mail from inc.com it will come through, but it will use the normal burnout settings for e-mail from anyone else. There are also much more advanced features for when/if someone figures out how this works and tries to spam you like setting watchwords. So if an e-mail doesn't contain the current watchword it will not allow the creation of a new e-mail address, but old ones continue to work.

One thing that is nice is the interface shows you how many e-mails have been received on a given address versus how many have been eaten. For instance when I signed up with inc, they apparently gave my e-mail away and I started getting e-mail on that inbox, so I let it burn out. Now they can no longer reach me. Market Samurai has been incredibly bad, they've had my e-mail address for almost 2 years and I have already received 2500 spam messages on that inbox.

The great thing is this is all free and open source. You can donate, and if you use the service a lot, you probably should. You can also download all the source and set one up yourself. Overall the current setup is not user friendly by design. In the FAQ it specifically discusses they don't want to support end users who can't take the time to read the FAQ. Overall I cannot overstate how great this has been. It solves such a major source of pain and does it in such an elegant way. If you haven't found a service you are happy with, give spamgourmet a try.

For web developers who want to detect disposable e-mail addresses, I've had good luck with http://www.block-disposable-email.com. It's a good replacement for the (now defunct) undisposable.org/undisposable.net.
Do as I do -- get your own domain.

Then you can have as many email address as you want.

I run my own mail server so I was able to come up with my own way of handling temporary email addresses. My server will accept email matching the following format:

yyyy-mm-dd@tmp.example.com

But it will only accept that mail if yyyy-mm-dd is either today, or some point in the future.

So for example, if I enter a competition which finishes in three weeks, I might use an email address to sign up which expires in a month:

2012-06-20@tmp.example.com

Or if I'm just checking out a service that looks interesting, I might use an address which expires today. Eg:

2012-05-20@tmp.example.com

I don't have to set these up each time. I just use them knowing that they will work until a certain date.

Obviously, this would stop working if the method became popular. And if somebody signed me up for something using an email far in the future. I can always change the subdomain that I use though, or modify the format slightly at any point.

EDIT: I wrote up how I did this using Exim here: https://grepular.com/Automatically_Expiring_Email_Addresses

Wow, seems complex.

I have all emails @e.domain.com forwarded to gmail. Only problem was with a spammer somehow getting my worldvision@e.domain.com address.

The danger there (and maybe it's not as big an issue these days) is that there are spammers who will pick a domain and attempt to send a few thousand messages to <common user names>@yourdomain.com

That is unpleasant to deal with if you've got a catchall set up.

Maybe I'm the minority here, but I find disposable e-mail addresses to be a solution in search a problem. It pushes so much additional work on the user, that it just seems simpler for me to accept the fact that I'll receive spam anyway and work to minimize that thought filtering. I've used the same e-mail address since 2001. It's all over the Internet. Adding disposable e-mail addresses to my toolbox is not going to sufficiently help in any way, since I already receive a massive amount of spam that I must address already.

Even reading the other posts here on how they "handle" disposable e-mails makes my head spin.

Flagged as it is copied content (see bottom of the post) and not even up to date (slopsbox is dead for example).