Where Do Dummy Email Addresses Go? 926
ajain writes "Maybe a year and a half back or so, I started using someone@somewhere.com as a dummy email id in online blogs, guestboks, forums, and sundry pages. But then I started wondering what if someone actually tried to email me on that email address. I was sure that it would bounce because I assumed that there wouldn't be an actual email address like that. In any case, just for fun, I decided to google on someone@somewhere.com. And lo behold, there are some 4090 results! I have written a small article at my blog and a reader says NoOne@NoWhere.com is another contender. Do you use some common dummy email IDs too, to get around the privacy problem online? Isn't there a potential for malicious misuse of someone's email ID in this way?"
me@me.com (Score:2, Informative)
asdf (Score:5, Informative)
seems I'm not alone:
http://www.asdf.com/asdfemail.html [asdf.com]
http://www.asdf.com/whatisasdf.html [asdf.com]
Mailinator (Score:5, Informative)
This is what example.com is for (Score:5, Informative)
However, I find that for cases where you can be reasonably certain your address is NEVER going to be used for legitimate purposes (such as cases like this where the context implies the address is useless and it will only be treated as real by harvesters), you can skip the middle man by using uce@ftc.gov
Plenty of open alternatives (Score:5, Informative)
If you do want to recieve email but only, say, once from a company then you'll be looking at SpamGourmet [spamgourmet.com] which provides simple, free, fowarding addresses that expire after X hits.
Mailinator (Score:3, Informative)
These days, I just use Mailinator [mailinator.com]. They offer throw-away email addresses for free and automatically delete any mail the account receives after a few hours. That way, I can actually confirm registrations and the like but don't have to worry about spam. And I do not bother innocent third parties, such as the nowhere.com domain owners.
Use a reserved domain name (Score:5, Informative)
using real address = pure evil!!! (Score:5, Informative)
No-risk, non-abusable (Score:5, Informative)
The best way I've found, though, is mailinator.com. Every @mailinator.com account "exists" (is created as needed), and other than (perhaps) root, abuse, etc., they aren't passworded. So you don't even have to set up a junk account, just make up the address on the fly. Be sure to delete any emails with passwords in 'em ASAP, of course.
Use example.com (Score:2, Informative)
Re:Mailinator (Score:5, Informative)
Re:Mailinator (Score:1, Informative)
Try it out. Login as something common, like spam@mailinator.com. You'll see all the spam that this address has collected.
This makes mailinator safe, but not so secure. When in doubt, use one the the randomized addresses on the front page, or your handle with some random letters and numbers after it.
Re:The winner is foo@bar.com (Score:5, Informative)
user@domain.com [google.com] - 17,100.
Why are you causing spam? (Score:4, Informative)
The correct way (Score:4, Informative)
RFC 2606 (Score:5, Informative)
Re:Mailinator (Score:5, Informative)
I have an entire fake identity for form filling (Score:2, Informative)
I prefer... (Score:3, Informative)
I prefer postmaster@[site]. Internet standards require postmaster be a working mailbox (not everyone follows the standards, but many/most do). I also find webmaster@[any-domain] tends to gets tons of dictionary-attack spam, thus making it more likely to be filtered already. Most (not all!) spammers filter out postmaster@[all-domains] (spammers may be stupid, but they're not *that* stupid). Finnally, postmaster@ is, I suspect, more likely to be read by people who care (sysadmins rather then marketing weenies).
"...and I check all of the "Email me adverts for all this shit!" boxes, too."
I never do that. I also check off whatever "opt-out" options the form offers. That way, they are encouraged to adhere to their own policies. If they do not spam unless you ask them to, then postmaster@ will not be spammed. If they send stuff without asking, then postmaster@ gets it.
Alas, more and more registration forms check for obvious things like a domain the organization already operates.
Re:The winner is foo@bar.com (Score:3, Informative)
Re:The winner is foo@bar.com (Score:3, Informative)
Personally, I like fuck@you.com :).
Re:Technically, its illegal - nope (Score:2, Informative)
What you are probably doing is violating a EULA, but their legal standing is very questionable, especially when you aren't actually paying for the service.
So, at least in the UK you aren't going to get busted for using a fake account if you do it right. Using support@microsoft.com is a different matter, you could probably claim it's stalking or something.
IANAL...
Re:RFC 2606 (Score:1, Informative)
Comment removed (Score:3, Informative)
Re:a@b.com (Score:5, Informative)
Re:Mailinator (Score:3, Informative)
So yeah, use something like jj342873402@mailinator.com, and you have better odds, I suppose.
I think individual emails are deleted based on their time stamp as well, too, but then again, you could just read the page, since they explain this...
Re:fake email (Score:5, Informative)
Re:isn't it obvious? (Score:3, Informative)
Yup, it is called a joe-job...
http://catb.org/~esr/jargon/html/J/joe-job.html
Re:Begin the Google Fight! (Score:4, Informative)
I sorta pity whoever owns @nowhere.com
(Actually, there is someone who owns @NoWhere.com, registered back in 1994 according to WhoIs. However, there are no NS, MX or SOA records so e-mail to that domain goes nowhere.)
Re:No-risk, non-abusable (Score:3, Informative)
They can exist, it's just that they were set aside early on. But not early enough to stop x.org, q.com, z.com, x.com, 3.dk and probably a number of other one letter domain registrations. And then we have the hundreds of two letter domains you can find here [citycynic.com]. You've never visited aa.com, the site for American Airlines? What about xe.com, to do currency conversion?
And if you want to get really technical, every ccTLD is in an example of a domain less than three characters.
Re:Mail Somewhere (Score:2, Informative)
What you need to do is write your script so that none of the user's input goes into the headers of the e-mail that gets sent to you. Hard-code the headers into the script. There won't be anything in it that absolutely has to come from a variable, anyway.
Then put all the user's input into the body of the e-mail, up at the top of the message.
Re:Mailinator (Score:1, Informative)
> Try it out. Login as something common, like spam@mailinator.com. You'll see all the spam that this address has collected.
Of course the account is not deleted, there IS no account. If you think about how it works for a few seconds you'd realize that those were just the mails sent to the addresses in the past few hours.
Re:isn't it obvious? (Score:2, Informative)
When I had a catch all address with my own domain I would enter the site I was giving my email as the alias eg. osdn-7-11@mydomain.com, this way when I get spam from \/1a.gra Inc. sent through some relay I know who sold the address.
Oh, The Irony... (Score:5, Informative)
It turns out that as the internet became more and more popular, more and more people started using someone@somewhere.com as the address they'd put into email when they didn't want the originator of the email to be known. For example, forwarded mail where you don't want the person who forwarded it to get mad at you for publishing their email address.
So he started getting a lot of crank email to somewhere.com - people complaining that he shouldn't send them mail about Jesus' third coming in a UFO, and stuff like that. For a while he tried sending mail to these people to clue them in, but of course they were un-cluable.
Eventially, it got to the point where he was mostly getting the kind of stuff you get when you've been joe-jobbed - angry replies to actual spam of the kind to which we've sadly become accustomed. It was then that he started analyzing the responses, and I'm pretty sure this is what inspired his anti-spam work.
Messagefire, the anti-spam service he started, really rocks. It's too bad that they've stopped accepting new customers. Sigh. Because I know him, I got in on the ground floor, and am still using it to filter my spam. It's wildly successful, and I'm very grateful to him for setting it up. I hope at some point they start selling service again.
Re:isn't it obvious? (Score:5, Informative)
Re:Nonexistent domains (Score:2, Informative)
h4wh4w@[127.0.0.1] is the proper way to use an IP instead of a domain name. I use that (or @localhost) myself.
Re:The winner is foo@bar.com (Score:2, Informative)
mugu@mugu.com [google.com] -- 11,400
See the wiki [wikipedia.org] about it for more info.
Re:The winner is foo@bar.com (Score:4, Informative)
Crispin
example.com handling has changed (Score:5, Informative)
Useful solution: Spamdam (Score:3, Informative)
Re:isn't it obvious? (Score:5, Informative)
There's some good info here:
http://www.oreillynet.com/pub/wlg/4051 [oreillynet.com]
and here:
http://www.faqs.org/rfcs/rfc2606.html [faqs.org]
Don't be rude - Check first! (Score:3, Informative)
Please don't be rude to people who own real domains by using them, even if they're cute-sounding domains like no.com or nowhere.com, many of which are owned by old internet hackers who got the names when you could still get cool names like foo.com. It's fine to use example.com, which was set up specifically for that purpose. If you use domains that actually don't exist, you'll be hitting the TLD name servers, which really don't need that abuse either.
If you do want to be rude and pick an existing domain, at least pick somebody who's got the resources to handle it. President@whitehouse.gov, billg@microsoft.com, uce@ftc.gov. Alternatively, pick a service like mailinator.com or dodgeit.com that accept email for anybody, put it on a web page where you can retrieve it (with no password, so don't use it for anything real private), and garbage-collect old space after a while.
Re:isn't it obvious? (Score:1, Informative)
Poor bob!
Somewhere.Com - The Scoop (Score:5, Informative)
Spam didn't exist at the time. The first warning signs were when we'd occasionally get email bounces. Some versions of 'mail' on Unix, when unable to figure out who to return a bounce to, would send it to somewhere!name-of-the-user. Sendmail would helpfully turn that into somewhere.com, and we'd get the email.
When spam started, we started getting bounce backs. Spammers were using it as a "fake" domain. In those days somewhere's mail system was a Mac 8500 on a cable modem. Life would get very interesting when all of AOL's mail servers started throwing bounces at me as fast as they could. I had originally been bouncing messages back with messages asking people to stop--that had to change to straight rejections.
As a result of the time I was spending handling somewhere's email problems, I got into the anti-spam business. Initially writing tools to track spammers (http://www.spamwatcher.com/ is still up, although I don't know how well the spam analysis stuff is working). Later I co-founded Messagefire, an end-user anti-spam service.
In the meantime somewhere's email flow continued to climb. It's doubled every year. Hoaxes like the one about "wormalert@somewhere.com" (put it in your address book, and the fact that it's fake will cause viruses to die) didn't help. Nor did Microsoft FrontPage shipping with webmaster@somewhere.com as the default address in its templates. Axis shipped an internet enabled video camera that that (if you turned on the email feature) defaulted to sending all your security pictures to somewhere.com. (They've fixed it, but there are still cameras out there sending us a picture every 5-10 seconds.). Viruses that picked up all the references to somewhere.com off of people's address book and web caches started to account for more than a third of the email. People signing up for things with "fake" addresses accounted for a lot as well. (Why anyone would use an email address at a domain and not check to see if the domain existed first, I have no clue. Neither, apparently, do a lot of people who enter fake email addresses.) By last year we were rejecting 100,000 messages a day, of which close to 40,000 were going to someone@somewhere.com. I upgraded my DSL line to 768k just to handle the flow, and I had to limit my mail server to 100 simultaneous connections at a time.
This year we sold Messagefire to a Seattle company called MessageGate, and I now work for them. We use somewhere.com to stress test our enterprise anti-spam and compliance software. That happened only just in time; my router was starting to fail frequently under the load. Now the mail's on a high-bandwidth connection with multiple machines to handle the load--I just pick up the legitimate addresses after the spam has been filtered out.
I haven't looked in on it in several months, but we did let the email run unthrottled once early this year. After a few hours we were looking at enough bandwidth saturate several T1's, and volume of at least one million messages a day.
A couple things in summary.
1. Don't use fake email addresses. If you don't trust the site you are giving your email address too, then why are you doing business with them? If you're afraid of spam because you're posting your address publicly; then buy some anti-spam software. If I can manage to use legitimate email accounts on somewhere.com and not worry about spam, then obviously there's some out there that works well. I've been posting on usenet and the web using nazgul@somewhere.com for the past 9 years. The spammers definitely have my address. So what?
2. If you're going to make up a domain name, then *check* first to see if it's real! Better yet, don't. Just because it's not real now doesn't mean it won't be later. Use example.{com,net,org} if you must.
3. I see a number of people here s