Disposable email address

Disposable email addressing (DEA) refers to an ap- 2 Advantages over traditional

proach where a unique email address is used for every
contact or entity. The benet is that if anyone compro-
email
mises the address or utilises it in connection with email
abuse, the address owner can easily cancel (or dispose Ideally, owners share a DEA once with each con-
of) it without aecting any of their other contacts. tact/entity. Thus, if the DEA should ever change, only
Such disposable addresses are generally provided by a one entity needs to be updated. By comparison, the tra-
service company (paid or free) that forwards mail from ditional practice of giving the same email address to mul-
the DEA to the actual address, but email sub-addressing tiple recipients means that if that address subsequently
techniques can also be used to provide a subset of similar changes, many legitimate recipients will need to receive
advantages. notication of the change and to update their records a
potentially tedious process.
Additionally, because access has been narrowed down to
one contact, that entity then becomes the most likely point
of compromise for any spam that account receives (see
1 Uses ltering below for exceptions). This allows users to de-
termine rsthand the trustworthiness of the people they
Disposable email addressing sets up a dierent, unique share their DEAs with. Safe DEAs that have not been
email address for every sender/recipient combination. abused can be forwarded to a real email account, while
It operates most usefully in scenarios where someone messages sent to compromised DEAs can be routed to
may sell or release an email address to spam lists or a special folder, sent to the trash, held for spam ltering,
to other unscrupulous entities. The most common sit- or returned as undeliverable if the DEA is deleted out-
uations of this type involve online registration for sites right.
oering discussion groups, bulletin boards, chat rooms, Further, because DEAs serve as a layer of indirection be-
online shopping, and le hosting services. In a time when tween the sender and recipient, if the DEA users actual
email spam has become an everyday nuisance, and when email address changes, for instance because of moving
identity theft threatens, DEAs can serve as a convenient from a university address to a local ISP, then the user need
tool for protecting Internet users.[1] only update the DEA service provider about the change,
Disposable email addresses can be cancelled if someone and all outstanding DEAs will continue to function with-
starts to use the address in a manner that was not intended out updating.
by the creator. Examples are the accidental release of
an email to a spam list, or if the address was procured
by spammers. Alternatively, the user may simply decide
not to receive further correspondence from the sender.
Whatever the cause, DEA allows the address owner to 3 Using sub-addressing
take unilateral action by simply cancelling the address in
question. Later, the owner can determine whether to up-
date the recipient or not. A number of email systems support "sub-addressing"
[2][3][4][5]
Disposable email addresses typically forward to one or (also known as plus or tagged addressing)
more real email mailboxes where the owner receives and where a tag can be appended to the local part of
reads messages. The contact with whom a DEA is shared an email address the part to the left of the "@"
never learns the real email address of the user. If a - but with the modied address(es) being an alias to
database manages the DEA, it can also quickly identify the unmodied address. For example, the address
the expected sender of each message by retrieving the as- joeuser+tag@example.com denotes the same delivery
sociated contact name of each unique DEA. Used prop- address as joeuser@example.com. The text of the tag
erly, DEA can also help identify which recipients han- may be used to apply ltering, or to create single-use ad-
dle email addresses in a careless or illegitimate manner. dresses.
Moreover, it can serve as a good tool for spotting fake If available, this feature can allow users to create their
messages or phishers. own disposable addresses[6]

1
2 5 CONCERNS

4 Multiple email aliases may well not exist, and demands for one are strange, sus-
picious and inconvenient, and creating a dierently struc-
Another approach is to register one main and many aux- tured alias or account may cause varying degrees of has-
iliary email addresses, which will forward all mail to the sle.
main address, i.e., the auxiliaries are used as aliases of the More eective techniques for controlling undesirables
main address. The advantage of this approach is that the without inconveniences to legitimate DEA users might
user can easily detect which auxiliary email is 'leaking' include: recognizing legitimate DEAs for what they are
with spam and block or dispose it. (they usually have a proper domain and a xed prex
Some services require additional time to set up forward- or sux), distinguishing them from short-lived, random
ing but others allow to create new addresses on the y throwaway address patterns or domains used by undesir-
without registering them with the service in advance. ables, wildcard banning (e.g., if a real person John Smith,
However, this method allows storage and access of all using DEA, needs to be banned, he can be banned as
emails from a single main account, although to manage john.smith*@(domain) or even *@(domain), based on
forwarding for some services the user has to remember their DEA pattern).
the password for each alias. As with any kind of threat and defence measures, no at-
A variation is to use a catch-all address, then forward tempts to use or thwart DEAs are foolproof any lter-
to the real mailbox using wildcards. Many mail servers ing method is bound to result in some false positives (le-
allow the use of '*', meaning 'any number of charac- gitimate users getting banned), and some false negatives
ters. This makes the whitelist automatic and only re- (undesirables getting through, and legitimate users man-
quires the administrator to update the blacklist occasion- aging to come up with a DEA pattern getting around lim-
ally. In eect the user has one address, but it contains itations imposed by site administrators). This is because
wild cards, e.g.; 'me.*@my.domain', which will match the email address may be partly or fully dened by the
any incoming address that starts with 'me.' and ends with user, made to appear as permanent"-looking as needed,
'@my.domain'. This is very similar to the '+' notation but or made to avoid a particular pattern, defeating any lter-
may be even less obvious since the address appears to be ing because for all intents and purposes it is not dierent
completely normal. from a permanent one, despite being limited to one pur-
pose.
As a counterbalance to the risks of asking a user to give
5 Concerns a permanent email address in a publicly accessible site,
administrators have the option to prevent, the publica-
tion of users email addresses or to give users the option
5.1 Restrictions by site administrators of hiding their address. An email this user script can
be used to allow communication with the user without
Many forum and wiki administrators dislike DEAs be- the sender knowing his email address.[9] This provides
cause they obfuscate the identity of the members and users with some minimal protection from spam and al-
make maintaining member control dicult. As an ex- lows them to use real email addresses, which may make a
ample, trolls, vandals and other users that may have been ban on DEAs easier for users to accept. The problem is
banned may use throwaway email addresses to get around when the website itself is hacked, and the real addresses
the ban.[7] Using a DEA provider only makes this easier; and other personal information is stolen, or when the web-
the same convenience with which a person may create a site changes owners and email policies are changed with-
DEA to lter spam also applies to trolls.[8] As a result, out notifying the user, or if the website was set up from
forum, wiki administrators, blog owners, and indeed any the beginning with the intention to spam the user.
public site requiring user names may have a compelling
Caught in the crossre between Internet undesirables and
reason to ban DEAs. Site operators expecting to generate
administrative and user attempts to deal with them, DEA
revenue by selling the user email addresses they gather
providers have trouble presenting a total solution. A user
may choose to ban DEAs as well due to the low mar-
may nd it necessary to come up with a conventional-
ket value of such addresses. There are several free lists
looking email address (or create a separate mailbox
available to help detect DEA domains as well as managed
in the worst case) to a public/commercial entity if re-
services.
quired. There is always uncertainty about the trust-
Banning DEAs might not be as eective at deterring un- worthiness and reputation of the site administrators, the
desirable users as the administrators might hope spam- availability of options to hide email addresses, the ex-
mers, vandals and trolls who routinely engage in such ac- istence/enforcement of an acceptable privacy policy and
tivities can easily generate brand new email addresses, the chance that the site may one day be compromised or
even legitimate-looking ones, using throwaway domains transferred to new owners. Even the largest and otherwise
or creating new accounts with free email services. This reputable companies have been compromised or resorted
would be more of a problem for legitimate DEA users, to sending spam or giving away emails to third parties.
for whom the concept of a real or permanent address
 3

A human correspondents computer or mailbox may be

compromised by malware and his address book can be
stolen and sold to spammers.

5.2 Privacy concerns

Many sites oer free disposable email addresses that ex-
pire after a short amount of time, usually between ten
minutes and a week. Its entirely possible that the busi-
ness model of these sites is to serve the users targeted ads
after reading their emails or to sell the users emails to the
highest bidder. A website could even lock a user out of
their email address and then sell the still-functioning ac-
count, allowing for impersonation or the theft of accounts
by using Password notication emails.

6 See also
Guerrilla Mail

TrashMail

7 References
[1] Disposable e-mail addresses foil marketing plans. Net-
work World. 2006-12-04. Retrieved 2007-02-02.

[2] Using an address alias. google.com.

[3] Disposable addresses in Yahoo Mail Yahoo Help

SLN3523. help.yahoo.com.

[4] Outlook.com supports simpler "+" email aliases too.

Within Windows.

[5] Plus addressing and subdomain addressing. fastmail.fm.

[6] Disposable E-mail Addresses. PC Magazine. 2004-03-

22. Retrieved 2007-02-06.

[7] Successful Forum Tip #3 Troll Prevention and Exter-

mination. 2004-08-09. Retrieved 2007-02-02.

[8] Add New Ban. SMF 1.1 Online Manual. Simple Ma-
chines LLC. Retrieved 2007-02-02.

[9] Email Options. vBulletin Manual. Jelsoft Enterprises

Ltd. Retrieved 2007-02-02.

8 External links
Temporary Addresses at DMOZ

Mailinator.com
4 9 TEXT AND IMAGE SOURCES, CONTRIBUTORS, AND LICENSES

9 Text and image sources, contributors, and licenses

9.1 Text
Disposable email address Source: https://en.wikipedia.org/wiki/Disposable_email_address?oldid=778133280 Contributors: 6birc, Tre-
goweth, Je Relf, Pedant17, Tschild, Bloodshedder, DavidCary, Antandrus, Abdull, Discospinster, Night Gyr, Whump, Cmdrjameson,
Wrs1864, Mrzaius, Vanished user zdkjeirj3i46k567, Mitsuhama, Freyr, Redvers, OwenX, Oreckel, Tokek, Elvey, Kinu, Harro5, N-Man,
Duomillia, RexNL, Wavelength, Peter S., Dantheox, Barefootguru, Cherylb, Yahya Abdal-Aziz, Irishguy, Elmwood, Adicarlo, Habbie,
Pankkake, SmackBot, F, Michaelfavor, Ohnoitsjamie, BullWikiWinkle, Snori, Sct72, Pennydreadful, Nixeagle, Digitalturbulence~enwiki,
Jokes Free4Me, Cydebot, IsaacSapphire, Raprezent, BetramMurgatroyd, Ingolfson, Dirkjot~enwiki, Nyttend, Cdyne, Theroadislong,
A3nm, MwGamera, Slamlander, Bonadea, Philip Trueman, Joren, BotKung, ErikWarmelink, Fergie4000, TJRC, Xeltran, Dif, Radarx,
ClueBot, Sptx, Astrps, Vistasq, Boing! said Zebedee, Trivialist, Against the current, XLinkBot, Ost316, Frood, Addbot, Mabdul, Czaries,
Yobot, KamikazeBot, Snowmaninthesun, AnomieBOT, Songshu, Xqbot, DimDim72, Mark Schierbecker, Newyorker80, Remotelysensed,
FChurca, Oashi, Itzekocke, Full-date unlinking bot, Lotje, January, Mean as custard, Pbeaumier, GoingBatty, ZroBot, , Wagino
20100516, Clarkeandrew, Xyzzyavatar, Gulfamhandicrafts, Peter James, Rautamiekka, Helpful Pixie Bot, BG19bot, Rijinatwiki, Kevin-
josephmorin, IluvatarBot, Davesmylie, Kephir, Designationless, FockeWulf FW 190, Jjmrocha, Aphillia, KH-1, Ultravoxmx, Bard2014,
Ahtisham755, Drsandor, Idratherbeboating, Printingmark, Ismail jani, Sylarv and Anonymous: 121

9.2 Images
File:Question_book-new.svg Source: https://upload.wikimedia.org/wikipedia/en/9/99/Question_book-new.svg License: Cc-by-sa-3.0
Contributors:
Created from scratch in Adobe Illustrator. Based on Image:Question book.png created by User:Equazcion Original artist:
Tkgd2007

9.3 Content license

Creative Commons Attribution-Share Alike 3.0