Disposable Address Services
One of the easiest ways to free yourself of spam is to use throwaway or disposable email addresses. The basic idea is this: use a different email address for each different recipient.
The reason this helps with spam is that it allows you to figure out where your spam is coming from. If you give the same email address to everyone, should you get some spam emails you won't know where they came from. But if you use a different email address for each recipient, if one recipient leaks your address to spammers, you can easily plug the leak and punish the leaker because you know exactly what email address has been compromised.
Using disposable addresses can be easy and convenient. It's possible to give a different email address to every business or web site, while still getting all your email as before. Should one of your addresses be given to spammers, you can have it shut off without affecting any of your other addresses.
Disposable emails can also enhance your privacy. It's possible to give out an email address that is not visibly connected to you in any way. Not only is your inbox protected from spammers, your privacy is protected as well.
This document describes various disposable email techniques that JTAN offers. Depending on your needs and the kind of account you have, one or more of these techniques will be best for you.
Domain Wildcard AddressesDomain wildcard addresses is the simplest scheme for disposable addresses. It is supported by every JTAN account with domain based email. It's not perfect, but it's extremely easy to use. In fact, this technique is justification enough for getting a domain as it really makes disposable addresses simple. Here's how it works.
Let's say you have a domain "yourdomain.com" and a single mailbox "boxname". The default setup with any new JTAN account is to have any address in yourdomain.com sent to "boxname". Thus, email@example.com, firstname.lastname@example.org, and email@example.com all go to the same box. If this default isn't your current setup, you can make it so from the "Manage Addresses" page for your domain. Select the option to have all your mail redirected to a single mailbox. Normally, you should not check the "omit detail" option, as you really do want the detail, as we will explain shortly.
The way you use disposable addresses with this system is so easy, it's trivial. Whenever you need a new address, just make up a word and use it with your domain. For example, when you sign up with eBay, you can give firstname.lastname@example.org as your email address; but tell your mother that your email is email@example.com. Whoever you sign up with, or whoever you correspond with, make up an address that you use just for them, especially when you fill out your email address on the checkout form of an e-commerce site.
With the default domain address wildcard setup at JTAN, all these disposable addresses are delivered to your single mailbox. You have nothing to configure, nothing to remember. It's really a very simple system.
Even though it's simple and easy, it gives you a basic level of disposable email protection. Suppose Evil Company, Inc sells your address to marketers. You are known to them as firstname.lastname@example.org and you start getting spam to this address. No problem. You just visit the JTAN members page and direct email@example.com into the trash (or a special folder). This keeps their junk out of your normal mailbox. You might also want to shoot off a nasty note to Evil Company for selling you out.
This is a screenshot of how you set an alias in your Manage Addresses page to delete mail sent to a disposable address:
Using firstname.lastname@example.org will cause mail sent to this address to be deleted silently. If, instead, you specify email@example.com then any mail to this address will be reported as spam. This turns your "burned out" disposable address into a so-called honeypot addresses. JTAN will capture messages sent to these addresses and use them to help battle spam. Only do this with addresses that get 100% spam.
Alternatively, you can use mail rules to put this mail in a special folder, or even set up an autoresponder to reply to unwanted mail with a suitably nasty message, although we don't recommend this last approach.
Non Domain "Plussed" DisposablesIf you don't have an entire domain within which to create disposable addresses, the domain wildcards described above will not work for you. Fortunately, there is another kind of address that achieves almost the same thing. It's called a plussed address.
For example, suppose you only have the single mailbox "boxname" with the single local address firstname.lastname@example.org associated with it. You still can have disposable addresses by appending a "+" and some suffix to your username. For example email@example.com could be your address for ebay, and firstname.lastname@example.org could be your address for paypal. All of these will be delivered to your normal email@example.com mailbox without any special configuration.
Plussed addresses aren't perfect. Some people feel that the address firstname.lastname@example.org is too ugly. Some software has trouble with plussed addresses. But most importantly, a plussed address reveals your non-disposable address sitting right out there in the open!
As we said, domain disposables are better, but if you don't want to bother with a domain, plussed addresses can do the job.
Identifying the Address UsedIf all your mail goes into one mailbox, how can you tell which of your disposable addresses was used by the sender?
There are two ways, both involving your email headers. Email pros all know about headers, but if you are less than an email expert maybe you don't even know how to see your email headers. Here is a tutorial on the subject of headers.
Anyway, the first way to tell which of your disposable addresses was used by the sender is by looking at the "To:" header. If the sender is another real person, and sent the mail just to you, the "To:" header will normally reveal what email address that person used to send you the mail. Unfortunately, if they sent the mail to more than one person, or the sender was a mailing list, or especially a spammer, the "To:" header won't tell you a thing.
To solve this problem, JTAN has added a special header titled "X-JTAN-Detail" to your mail. In the case of a domain wildcard, the X-JTAN-Detail header contains the address used to send you the mail. You can trust the X-JTAN-Detail header to give you the actual address that the sender sent to because it is applied by JTAN after we receive your mail. There's no way for a bad guy to alter or forge it.
In the case of plussed addresses, the X-JTAN-Detail header will contain the username text after the plus in the address. For example, mail sent to email@example.com will have "something" in the X-JTAN-Detail header.
Clever readers might guess that JTAN transforms domain disposables into plussed disposables internally -- and they would be correct. We do a little transformation magic to hide this from you, but you might pick up our trick from careful study of the Received headers.
An automatic system for acting on mail (e.g. procmail or the JTAN Advanced Mail Rules, or rules in Outlook or Eudora) can use the X-JTAN-Detail header to decide what address was used for a given wildcard. There are lots of cool things you can do with this. Obviously, you could sort mail into different folders depending on the address used. Or you can change the color of the mail listing in your inbox depending on what address was used. Your sweetheart's mail could be pink, your boss's mail green, and mail from everybody else's mail could be almost the same color as the background!
Replying to a Disposable AddressWhen you reply to mail that was sent to a disposable address, you want to be careful not to reveal your real address. How tricky this is depends on the program you use to read and reply to mail.
MuttOur favorite mail program here at JTAN is mutt, and mutt makes it easy to reply to mail with a "From" address that matches the "To:" on the incoming mail. All you need is an "alternates" or "set alternates" command in your muttrc. This is a regexp that tells mutt what addresses in the To: are really you. For example, the command
alternates .*@yourdomain.comwill match firstname.lastname@example.org. (Some versions of mutt may need "set alternates".) If you use this command, whenever you reply to a message sent "To" a domain wildcard, a matching "From" address will be generated when you send mail. Similarly, alternates email@example.com will match plussed addresses for mailbox "boxname" as well as the bare firstname.lastname@example.org address.
Another neat trick with mutt is setting your address to the date, or some other random string. Here's how to put the year and month on your addresses.
set from="Your Name <`date +%Yemail@example.com>" set use_fromThis will result in From addresses like firstname.lastname@example.org. If you use a combination of these two techniques, you will automatcially generate new addresses and keep secret ones secret without any effort.
OutlookOutlook doesn't have the automatic "From" setting feature like that found in advanced mail programs like mutt. To set your reply addresses in Outlook, you need to edit your default account and manually put in the different address. Here's how: