Where Do Dummy Email Addresses Go?

ajain writes "Maybe a year and a half back or so, I started using someone@somewhere.com as a dummy email id in online blogs, guestboks, forums, and sundry pages. But then I started wondering what if someone actually tried to email me on that email address. I was sure that it would bounce because I assumed that there wouldn't be an actual email address like that. In any case, just for fun, I decided to google on someone@somewhere.com. And lo behold, there are some 4090 results! I have written a small article at my blog and a reader says NoOne@NoWhere.com is another contender. Do you use some common dummy email IDs too, to get around the privacy problem online? Isn't there a potential for malicious misuse of someone's email ID in this way?"

fake email

[hawkeyeMI]

I usually use no@no.com. Never checked if it exists.

Mail Somewhere

[mfh]

Strangely enough, somewhere.com [somewhere.com] offers anti-spam services as well as other consulting things. Could it be that they have set up someone@somewhere.com as a black hole to track spammers? That sure would rock. There is always some misuse when you post your email address online. Don't do it. Simply code a form for contacting you via email and let PHP or whatever send it to you behind the scenes. This halts any kind of email harvesting, and results in the use of faked email addresses, or obvious ones, like admin@DOMAIN.com or whatever. If you have a catchall, you should disable it and let them all bounce. When enough email bounces, someone somewhere will figure out something to solve the problem of spam, or run of the mill spammers will just give up.

I always used...

[velo_mike]

I always used root@localhost as the replyto when I posted to usenet, let the spambots pick that one up...

Depends how dummy

[t_allardyce]

Most programs and sites happily take -@-.- which isnt even valid.

The winner is foo@bar.com

[DeadSea]

1. foo@bar.com [google.com] - 15,800
2. someone@somewhere.com [google.com] - 4,170
3. nobody@nowhere.com [google.com] - 2,900
4. root@localhost.localdomainm [google.com] - 2,860
5. mickey@mouse.com [google.com] - 2,470
6. somebody@somewhere.com [google.com] - 2,240
7. john@doe.com [google.com] - 2,120
8. billgates@microsoft.com [google.com] - 1,790
9. me@mine.com [google.com] - 1,400
10. noone@nowhere.com [google.com] - 975
11. fake@fake.com [google.com] - 710
12. jane@doe.com [google.com] - 423

o/~ Don't dump your muck in my dustbin...

[YankeeInExile]

Once Upon A Time, a friend of mine had a domain that spelled a major ISPs name backwards (he registered it on purpose, and joked that he was the "anti-big vendor" and gave shell accounts to friends, friends of friends, etc.

Then, someone started posting to usenet a lot, who was a customer of Big Vendor , and he 'spam-proofed' his address by ever so cleverly spelling it backwards.

Suddenly dozens if not hundreds of undeliverable messages started landing on Mike's server for some clown over at ReallyBigISP.

So, like any good sysadmin, he corrected this oversight, adding a sendmail rule to deliver mail for jrluser@psigib.com to jrluser@bigisp.com.

The moral of the story: Do not create harm for some innocent third party with your spam evasion techniques. It may come back to haunt you.

Re:They go to the

[Anonymous Coward]

Another comon one, asdf.com [asdf.com] (you need to use qwerty and not dvorak to see why :)

I get a lot of it!

[Crash Gordon]

I own a domain that relates to a popular TV show -- many people use characters' email addresses when polluting registration databases (instead of using BugMeNot [bugmenot.com]) and I get that email.

I also set up an AOL screenname "ignoreallemail@aol.com" and I use it when I'm polluting a database myself. I don't think that one can be killed. AOL dumps the inbox for me as it fills, but since I don't read any email there, I don't care.

The Quickest to Type

[vigilology]

Why spend time typing nonsense emails like someone@somewhere.com and noone@nowhere.com when you can just type 1@2.com?

poop@poop.com

[GuyFawkes]

is a pretty common one here in england....

by and large (eg with the proviso that only non existent domains are used for this) I applaud such things as the best way to fight all these loons building ever larger and ever more interconnected databases of internet users and profiling and tracking and analysing them is by filling those databases with as much junk as possible...

I will commonly complete you-must-register-to-get-access forms with;

a nonsensical name, eg mickey_moose_99
a DOB circa 1900
the wrong sex
an unlikely city and country, such as Krasnyy, Iran
a 90210 area code
an 0898 696969 telephone number

It would be nice to hear from someone with access to a large database, eg online newspaper, what proportion of registration data is bogus.

Re:fake email

[pegr]

Even better, don't use a fake email. I use me@privacy.net. If you send mail there, you get an auto-reply that says the submitter likes their privacy and you generally suck for being an email harvester. Go ahead, send me@privacy.net an email and see what I mean...

Itsnot@real.com

[chrispl]

One I have used for years. I am sure Mr. Irvin Tsnot at Real Networks [real.com] is wondering why he gets so much junk Email...

heywood@jablome.com

[Anonymous Coward]

You can actually retrieve stuff from that address later, if you need it. According to the site, "Jablome.com [jablome.com] is a publicly accessible inbox for heywood@jablome.com [jablome.com].

"Use this email address any time you just need a quick, disposable place to send stuff. Get the info you want and never be bothered by the resulting torrent of spam and/or other weird stuff."

Re:They go to the

[ketamine-bp]

or else you get aoeu, which is the row on a dvorak keyboard

Technically, its illegal

[nurb432]

1 - you are falsifying your identity with intent to deceive.

2 - you are assuming the identity of someone else, again with intent.

3 - improperly using others resources, or causing harm to others resources..

Doubt anyone would ever be tried and convicted under the law, but in this day and age, when people are jailed just for speaking, and the government will monitor what books you read, anything is possible..

Re:asdf

[phsdv]

I am using a "azerty" keyboard, does qsdf.com exsists as well?

Re:isn't it obvious?

[ketamine-bp]

if i recalled correctly,

according to his book published around 1995-1996, the email should be askbill@microsoft.com....

Re:RFC 2606

[menkhaura]

I've used root@127.0.0.1 here and there... This exists on all *nix machines, but is there a single address that means superuser at localhost on every platform?

Begin the Google Fight!

[TubeSteak]

I'm surprised no one has started this earlier

someone@somewhere.com VS none@none.com [googlefight.com]
4090 to 6660
Round 1 goes to None@None.com

Re:This is what example.com is for

[tignom]

uce@ftc.gov is my favorite when someone with no legitimate use for my email is requesting it. If that won't take, next in line are postmaster@site.com, webmaster@site.com and root@site.com - where site.com is whatever site is demanding my email. After that comes abuse@aol.com, abuse@hotmail.com and abuse@earthlink.net. I don't expect AOL or any of the other big ISPs to do anything, but on the off chance they do, it means a site that's trying to abuse my email will run afowl of someone who can cut them off from a large number of customer/victims.

Re:isn't it obvious?

[Anonymous Coward]

It may be just a fake address for the book. Doesn't mean he ever used this address.

Re:What we really need

[EvilTwinSkippy]

Even better.

I have my dummy addresses point to a particular mailbox that is periodically dumped over to spam-assassin's auto-learn script.

Muhhahaha.

Nonexistent domains

[blorg]

Heh. I actually registered that [nonexistentdomain.com] to put up a parody/protest about sitefinder. The domain turns out to get a lot of spam; some stuff from people who obviously just typed it into a form, but also however from people who had their mail systems configured to divert their spam/bad mail to nonexistentuser@nonexistentdomain.com (or some variant). All were happy to stop when asked, but if you must configure your mail like this, possibly better use an *impossible* domain (I did get a fair bit of private email bounced on to me by badly configured mail systems).

Re:The winner is foo@bar.com

[mollymoo]

i use fuck@off.com, fuck@you.com, etc...I've wondered, does a "real" person see this email address and say "you dastardly kids! you foiled me again!"

I used to run the mailing lists for a couple of websites. Of course most of it was automated and a human never saw most of the data, but I would search through the databade for certain words (like fuck) and weed out the obviously fake entries. These were opt-in mailing lists and competition entries though, so the SNR was pretty good. I wasn't trying to save bandwidth or anything, but some of the things people put it are pretty funny - it passed the time.

So yes, a real human may see your address (and the rest of your form entries), but I wouldn't count on it. I can't say I ever said "you dastardly kids! you foiled me again!" :)

Re:Nonexistent domains

[Waltre]

hmmmm...all this bandwidth being wasted.

I feel it's my duty to the internet to point these clowns to h4wh4w@127.0.0.1.

You'd be suprised how many sites will actually allow this, since the regular expressions that check them usually allow for identifier@sub.dns.com.country, with each allowing [a-zA-Z0-9].

user@host.com

[mashy]

I've always used user@host.com but lately it seems validators are disallowing this option.

Re:RFC 2606

[raoulortega]

Thre are also registered domain names that resolve to 127.0.0.1. They aren't as obviously phoney. By using one, I figure I'm hurting no one but the person who's sending me crap.

Re:a@b.com

[aberant]

i use this alot.. but i mix it up by also putting abuse@(the domain asking for my email) and then i sign up for every newsletter they have... i figure it saves me alot of time by just letting them report the spam to themselves... 8)

Re:Technically, its illegal

[syukton]

Funny, I didn't know "email address" was synonymous with "identity."

When somebody asks for your email address, they're asking for a way to contact you--like a phone number. They're not asking for you to uniquely identify yourself as you would with a driver's license or passport, they're only asking how they can reach you.

Email is not identity, and using a dummy email address is not illegal.

Re:isn't it obvious?

[strobert]

Ah reminds me oh a time back in the day (was before spam in the early 90's).

I was using a time sync script that used the daytime service instead of ntp (ntp clients for linux weren't as prevelent at that time).

well in the script it listed (I think it was):
system1.com
system2.edu
system3.net
as servers to get daytime info from. Well that config worked. It didn't dawn on me when I was setting it up that those were just examples and should be changed. Mainly becuase it did work, I mean even back then responsible folks were shutting down "extra" services and or only allowing access from proper locations.

Well the net admin who ran what system1.com pointed to got really irate at someone hitting that service on his machine. He contacted the ISP I was on (an old community based one called punk.net).

And the guy was too much of an idiot to understand the explaination of what had happened. said things like 'what system1.com?'. Not only had he forgotten he had pointed it at his system (it was the same org by checking whois), but he didn't even know how to check what system1.com was aand where it pointed. To top it off he then threatened to drive up from LA and physically assault me and started port scanning my network. (and yes this was after I had pointed elsewhere for time updating). So I sent him a nice e-mail saying to go ahead and try and I would be contacting the police if he continued... never heard from him again...

One of my first exposures to someone who was runnng a box on the Internet that didn't understand basics (like how to run a whois/hostname lookup).

So my point is yeah example.com is now a IANA reserved, so you should use it. or point it at a spamtrap service you run or have permission to use. it is what I do, provides for some interesting data analysis.

Re:Begin the Google Fight!

[ultranova]

If I'm posting to UseNet, I usually make up some alias to stick in front of @nowhere.com.

I sorta pity whoever owns @nowhere.com

(Actually, there is someone who owns @NoWhere.com, registered back in 1994 according to WhoIs. However, there are no NS, MX or SOA records so e-mail to that domain goes nowhere.)

I just had a business idea.

1. Start a webshop - it doesn't have to be good, it's just a frontend - and put it to www.NoWhere.com.
2. Set the NoWhere.com up so it correctly handles mail, and set the webshop to handle all its orders through e-mail.
3. Add the NoWhere.com domain to applicable do-not-call lists.
4. Sue everyone who sends spam for harming your business - it should be pretty much impossible to find the legitimate orders and feedback from all the spam.
5. Profit and get prestige as the guy who costs spammers money.

If even a litigation based company can be made to serve public good, then I guess everything's possible.

I use...

[ZeLonewolf]

foo@bar.com. It's a classic. Also, sometimes I use a@b.c, but some sites don't allow it.

Re:Nonexistent domains

[Anonymous Coward]

root@127.0.0.1

Anyone who tries to spam me gets their site/email host pissed at them.