« Do not spam list
Intercage with lots of wmf exploits »

Responsible use of disposable addresses

I’ve seen a lot of disposable addresses over the last few years. There are services out there that hawk these addresses. There are spam aware domain owners who consistently use these when leaving messages on blogs. And I’ve had pitches from people who think they’ve found the solution to spam, and teach it to others. They want me to link to them on my blogroll. I’ve told one guy I don’t believe in his method (at least not the selfish way he’s teaching it). I’ll tell you why here.

Problem is, disposable addresses INCREASE the sum total of spam.

Why?

The point isn’t just how much spam you personally see in your inbox. The point is just as much how hard mailservers have to work to try and deliver spam.

And the main point is, that the more e-mail addresses that get into the hands of spammers, the more spam we’ll see.

Except.

If you use e-mail addresses responsibly, the spam never leaves the spamming servers.

And the trick is to make sure you don’t use catch all e-mail addresses. It’s a lot more work. But if you only allow your mailserver to accept valid addresses, it can safely reject the invalid ones.

A postfix server (for instance) can reject mail all day and not break a sweat. It might break a sweat if it has to receive mail and then try to bounce them once they can’t be delivered to the intended recipient.

There is an easy way to use disposable addresses, though.If you use a webserver with cpanel, it’s possible to use disposable addresses combined with catchall. The trick is to add a forwarder once you retire an address:

Go to Forwarders
Click on Add Forwarder (at the bottom of the screen in my skin. I prefer Monsoon, BTW)
Write in your address, then write :fail: in the forward to field, then click Add Forwarder. Like this:

fail addy
Click on the image to see it in full size

A few years ago, cpanel changed the functionality of these fail forwarders. Today, the server will reject the mail without accepting it. In the past, you could speficy a message after :fail:, and that message would be sent on to the recipients of the bounce. Today, since the server rejects it and doesn’t even receive the mail, that message has no function. Writing :fail: is enough.

If I send an e-mail to that address, I’ll get a bounce from MY sending mail server, saying something like this:

host annelisabeth.com[munged] said: 550-”The
recipient cannot be verified. Please check all recipients of this 550
message to verify they are valid.” (in reply to RCPT TO command)

If a spammer sends spam, there will be no bounce. The zombie will just quietly go on sending to another spam victim. Hopefully the spammer keeps track of which addresses are rejected, but I wouldn’t hold my breath.

If you don’t use disposable addresses, but have cpanel, the responsible way to run your domain, is to make forwarders for each address you intend to receive mail on, then disable catch all e-mail. That’s done by clicking on Default Address in cpanel. Click on Set Default Address (at the bottom of the screen), then send it to :fail: the same way you’d do with a forwarder for an address you want to reject.

This entry was posted on Wednesday, January 4th, 2006 at 5:42 am and is filed under Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “Responsible use of disposable addresses”

  1. Joe Says:
    January 4th, 2006 at 12:19 pm

    I use a disposable address service and I did find how it handles disposed addresses annoying. I know bouncing spam doesn’t work since the recipient of the bounce likely had nothing to do with the message. So I just don’t dispose any of my addresses. But they allow me to filter the mail easily. And they allow me to see who has been letting my address slip to spammers.

  2. Kevin Hutchinson Says:
    January 5th, 2006 at 12:19 am

    When you say “If you use e-mail addresses responsibly, the spam never leaves the spamming servers” what do you mean? I don’t see how my mail server can work out it’s spam and stop if before it’s had a chance to read what’s in the message?

    I agree with you that disposable addresses are no panacea, but as Joe says in his comment, they can be used in combination with other techniques. There are 4 styles of disposable address services that I’ve found:
    1) The www.zoemail.com style where you need to pre-enable them
    2) The www.spamgourmet.com style where they expire after x messages
    3) The www.mailinator.com style where they are simply all public
    4) The www.mail-filter.com style where they are a combined with spam scoring

    I guess different styles work for different people.

    By the way, I wasn’t fishing for a link to my site - I was just hoping you might take a look and give me some honest feedback…

  3. Joe Says:
    January 5th, 2006 at 12:34 pm

    The service I use is MailShell (with a legacy free account, they now concentrate on enterprise solutions). I can pre-enable addresses or just allow whatever comes in. Each address can be setup with several levels of spam filtering. You can setup some pretty powerful user defined rules. There is also blacklisting of senders and I think whitelisting. It really saves me from a lot of spam because I use one of those addresses on Usenet and it just gets hammered.

    I have to also point out that I don’t have much faith in free spam filtering services anymore. So many of them have come and gone. I am very lucky Mailshell didn’t kick me off or make me pay.

    But I see that yours isn’t a free only service. That makes it seem more likely to stick around, but makes me a bit worried about the free part. It is an interesting pricing structure you have and should allow many people to continue to use the free service, but as a user you have no control over how much mail you get in a month.

    If I get a few huge attachments in one month that would push me into your professional services. It is clear that is more strain on your servers, but I would hope you base the decision on more than one month’s usage or the reason for the overage. If it is mostly spam then clearly the user should be paying for its removal because that is a huge ammount. But if it is just a couple legit messages and not every month I think the user shouldn’t be forced to upgrade.

    Is the service ad supported (in the UI or attached to emails) or totally relying on the professional services?

    The reason your comment on the other post with a link to your site looks so bad is because it had nothing to do with the post you commented on. That post was on a web spammer blacklist of antispam sites. Email filtering is totally off topic and how you tried to make it fit made it seem like you didn’t actually read the post, just like a spammer. A meaningful comment only linking your name will still get you noticed. An off topic comment will make you look like a spammer.

  4. Administrator Says:
    January 6th, 2006 at 1:16 pm

    Kevin:
    I got an e-mail from someone else, who was setting up a site with advice on disposable e-mail addresses. This was someone who’d never run a mail server, and had no idea what his advice ACTUALLY did to mail servers. If his advice (at the time, he may have amended it by now) had been responsible, I wouldn’t have gotten so ticked off.

    But the thing about the spam never leaving the spamming server, has to do with an e-mail address that was once in use, but no longer is. If the receiving mail server is set up to REJECT mail, the sending server never gets to send it. The receiving server just won’t accept it.

    In regular mail servers, that triggers a bounce. Check the bounce messages you receive. If the bounce is sent by the server where your intended recipient once had an e-mail account, then that server does not reject mail. It receives mail (catch all), then either tries to send it to a mailbox internally, or sends it on to the mailbox server, which then sends a bounce to the sender.

    If the bounce was sent by your SMTP server, then the receiving server was set up to reject mail to non-existing addresses.

    There are actually all sorts of ways to do this. You can set up a list of addresses to receive for one domain, and reject everything else. You can have catch all domains, and you can have catch all, combined with some addresses that are rejected. All of that on the same server.

    The load on the server will be significantly reduced, if you reject as much as possible that isn’t addressed to a user.

  5. JoeChongq Says:
    January 7th, 2006 at 1:17 am

    I wonder if anyone else would be interested to know Kevin has another carefully worded link comment over at jgc.org on a semi on-topic post.

  6. Olliver Says:
    January 7th, 2006 at 5:50 pm

    Ah, the famous Mister Hutchinson once more…

    I think it’s about time to agree upon which role to play, Keven:
    Either the anonymous propaganda poster who happened to stumble upon some interesting links or the creator of a service now looking for new customers. But you can’t have it both ways unless you’re a multiple personality or in fact a badly programmed spam bot :-)

    Olliver

  7. Nikson Says:
    January 17th, 2006 at 5:22 am

    FUCK YOU BITCH!!!!!!!!!!!!!!!!!!!!!!!!!!!

  8. Administrator Says:
    January 17th, 2006 at 6:33 am

    Yeah, you just made my day! I love compliments about my looks, but name calling from spammers? Just tells me I’m on to something.

    Thank you!

Leave a Reply