Sophos Cloud Optix![Do you have a special email address for websites that might send you spam? [POLL]](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2012/09/spambot-thumb.jpg?w=250&h=250&crop=1)
We’ve all had more than our fill of spammers offering to sell us Viagra, telling us that we’ve won millions in a lottery we never entered or inherited a fortune after an African dictator came to a grizzly end.
But many internet users are also nervous about handing out their email address to every website they use, fearful that they will be deluged with unwanted newsletters or – worse – that the sites will be hacked and their contact details fall into the wrong hands.
So, what do you do about this problem?
You could give a phoney email address – arnold@aardvark.com is a favourite of mine (apologies if anyone owns that domain and receives messages that were intended for me) – but that won’t always work well, as some sites send an email to confirm your email address before they grant you full access.
There are even websites like 10minutemail which give you a handy temporary email address that expires after ten minutes – but you’ll be in a right pickle if you later forget your password to the site you wish to access, and want to be emailed a password reset.
Or you could create a special email address which you then filter directly into your junk folder. Knowing, for instance, that any email LinkedIn tries to send you will automatically be shoved where the sun don’t shine is quite a pleasant feeling.
So, we were wondering, has this been an issue that you have tackled? Do you have a special email address for websites that might send you spam?
Take our quick poll and let us know.
And don’t just make your vote – tell us why you made your choice by leaving a comment below.
Previous polls:
Which web browser do you recommend?
like many i'm sure, i use a catch-all domain and give each site i register on their own address.
I use a catchall and give each website a custom address so I can catch the offenders and blackhole them.
I use the disposable email address feature of yahoo mail. There, I use one email per service so in case I start receiving junk on a particular address, I know where it comes from and I can just delete the disposable address. Also, if my password of a site gets cracked, it can not be used to connect to my email even if I reused the same password as there is no account behind the disposable email address.
But don't reuse the same password! That's why we have password managers.
I own a number of domains (registered each time I have a great idea) and use unique addresses such as website_name@my-parked-domain.com.
When I get spam it's obvious where it came from, so I can go back, moan at them, and delete my account.
mailinator.com gives you a "temporary" email address.
It helps to keep the spam in my other accounts down and I don't have to look through loads of crap to find the email I do want to read.
Mailinator is my favourite!
mailinator.com no password required. make up any email you want, then just go check it. or they'll assign you a random email address to use.
I just put sjobs@apple.com in the forms. If they actually validate the address, I create a new address in our domain, get the confirmation email, then delete the account. Great fun.
10 minute mail…Gives you enough time to register on a website & set up a profile/password, then if they send spam, who cares?!
What do you do if you need to recover your password or something at a later date?
I had to make a spam/other email address because I had to search through hundreds of emails to find the important ones. Sometimes I’d miss them, so I’d be hooped! So now, I don’t have to do that anymore! =)
We have a fake email for websites, and boy does it get 1000's of spam messages a week. We did one better and kept our old landline phone, and give that phone number to every bank, CC, website we have to. It is in the back of the garage with the ringer off and we go out every few days and clear the messages. No one but friends and family get our cell or home phone now. If we have to call a business where our number might be displayed, we use the phone in the garage. Funny, it logs over 75 calls a day, but no messages left. Thank goodness we don't have to answer it!!
I have four email addresses:
*Personal – family & friends & official communications
*Business only
*Sign ups for web pages I am actually interested in
*Junk
Seems to work quite well for me & as i check them frequently I hardly notice the spam in the wrong one if one does creep in.
Like others who have already commented, I use a catch-all domain and give each website a unique e-mail address so the spam is trackable. I also have a fictional date of birth for anyone who asks for it. I use the same (incorrect) date almost everywhere to make it easy to remember, and only provide the correct date to my bank, insurance company etc.
I used (and still kinda do) dot.tk email forwarder but recently I have started getting spam to email address I have never even entered to any website which is strange, leak/hack on dot.tk?
I had catchall email on my old webhost but not on the new host so I just create temporary emails for some domain names I have on my webhost and delete later on.
I get a boat load of annoying emails from places I've never been or have never given my email address too. You can only block so many @annoying email.com addresses before you run out of room…. and if you delete some of them to make room for more then you get annoying mail from the addresses you've deleted!
I blogged about this last week. I have email address' under my own domain for such things and recently had the joy of searching for car insurance… I don't want to get spammed by these price comparison sites so created a temporary address which is now removed with a single click when I have my chosen quote.
The same goes for registering with websites, I have a single address that gets directed to an appropriate folder in my mailbox and keeps my inbox free from crap and I can remove this address at any time or create a new one for a different function if required.
http://50percent.co.uk/?p=99
I started this long before the Internet became part of out lives. I remember walking into an AA office to sign up in the 1970s and giving my house name as "Junkmail". The girl at the counter typed it into her computer without a blink. I was subsequently able to chuck away mountains of mail unopened.
I use a unique valid email address for each site and keep them active unless I start to get spam. That’s only happened twice in the 6 or 7 years I’ve been doing this, both from very well known shopping sites.
spamgourmet.com is the shizzle
I used to use separate email addresses for individual sites that I've signed up to. The problem I had was that the number of websites I was signing up to was increasing very quickly. I've since reverted to using just a specific email address for sign-ups and allow the spam to filter through. I really need to find a way that's easier to administer!
As many people have said, they use a catch-all system to allow custom email addresses, I took it the step further and use a specific domain. This complete seperates my "signin" addresses and my personal email address.
Very handy.
I use Sneakemail.com to generate unique address for all/most non-personal contacts I make. $2/month is money well spent. I've also used Mailinator a times.
I love Sneakemail so much that I subscribe — have been using it for many years.
I use a disposable address for people with whom I need to communicate on a temporary basis, or who I suspect might become harassers.
spamgourmet.com is great, you can create disposable e-mail addresses on the fly. All e-mails sent to the addresses are then forwarded to your real e-mail address. You can limit the amount of e-mails the disposable addresses are able receive before being cut off. It's even possible make them permanent and/or limit addresses that are allowed to send to them. Pretty cool and free; check it out.
I used to use spam@spam.com, but several sites started blocking that, so I switched to mailinator. I haven't seen much spam in my chosen random inbox, so I'm probably just paranoid, but I don't like sites that force me to give an email address just to comment.
Yes like many others I use a new email address for each site and forward to a catch all and so always know who is responsible for any spam I receive. Handy and interesting!
Because I own my own domain and I use Goggle Apps for my email, I take advantage of the catch all address to relieve me of the need to create and manage one or more spam magnet accounts. I can simply use any otherwise invalid email address, but I generally use the sites name in the address so I know where the spam (if any) is comming from. Google is pretty good about catching spam, but using this technique allows me to create a filter for any addresses that continue to recieve unwanted emails.
As others have done, I have my own domain name that allows me to create an unlimited number of email addresses. When I need to register at a site I don’t care about, I give a totally fictitious email address (it’s silly and creative fun). Otherwise, I have a stable of ‘shopping’ addresses (post-fixed with numbers) that I use exclusively for shopping. Once in a while I have to delete one or more because of wildly excessive spam. However, I’ve found that after 5 or 6 months, the spam is radically reduced from hundreds per week to less than 10. Certainly a manageable number to filter. I create a new email address for any special purpose when required and delete it if no longer needed. As a computer geek, I find this is easy to manage. But I can empathize with those who find trying to be a bit more anonymous to be a hideous chore. When it comes to phone calls, that’s what caller ID is for. Sometimes when a salesperson calls, I just ask them to wait and I’ll get the person they’re calling, then just put the phone down on the table and go about my business while they waste their time waiting. Other times I tell them the person they want just died and how dare they call so soon. It’s always a fun time on the phone at my house! I guess we’re just easily entertained.
An interesting site is http://www.spamprimer.com/
This has a LOT of good practical advice. One thing that I liked was how to let gmail filter spam from your non-gmail email addresses. Very clever use of someone else’s servers for free.
I have a spam email address that I use more for all of those stores where I shop, and want to know about deals and coupons, but only when I have the time to go, not every day. I haven't had to use it for too many other places. Even stores are becoming more flexible, allowing you to request that you only get messages once a week or just the online deals, etc.
It would appear, however, that the person who held my job before me used her work address for EVERYTHING. I've been in my new job four months and am still cleaning up her spam.
I have kept my old hotmail account from when i was a teenager many moons ago. I use it for everything that may spam. It is set up with a white list, everything goes to junk unless that particular service/newsletter has proven itself. The main exception, my personal gmail account I use alias' when signing up to services (ie. myaccount+alias@gmail.com) makes it easy to find the source of spam and organise your inbox.
Add me to the list of people with a domain and an individual email address for every site, shop, forum, tom, dick and harry on the internet who wants my email address. It’s real handy for pulling up websites who break their own security policy by passing the email address only they should have on to spammers and also makes it easy to /dev/null them when I need to.
I generate a different email forwarder for each company or service I use. The forwarder is in the format: Random_Code+Company_Domain@My_Domain.com. For example:
9230843company.com@my_domain.com
Though I initially started doing this just to catch companies that were selling my email address in the act, I found that it has several other useful side effects:
1) As mentioned, catching companies that were selling my email address and being able to take them to task for it. Has only happened a handful of times (less than 5 in the last decade), but I like being able to alter crooked practices with a little evidence.
2) This is really a continuation of #1, but once I start getting spam from said crooked company, I delete the forwarder and create a new one. I've *never* (knock on wood) gotten a repeat spam from said companies, meaning:
a) I believe I really am changing company policies
b) having never given out my real email address, I have never had to ditch it because of too much spam
3) Easier to fish false positives out of the spam bin – less spam means it's easier to look through my spam filter and fish out false positives
4) Internal data breach – I once caught a VERY big company in an internal data breach situation. As a matter of fact, they didn't know about it until I reported the issue and explained how I knew the email address was stolen from them.
An employee started his/her own small consulting firm on the side. I guess they thought it would help get off the ground if they could email a highly targeted list of customers (i.e. known consumers of this type of service), so they just grabbed a bunch of email addresses out of the company's database and sent an email touting their services. Guess they didn't think it would be so easy to track back the source of the breach. Whoops!
5) External data breach – Although I use different, randomly generated passwords on each site, it makes it much harder on criminals to use the email information elsewhere to attempt to recover passwords or hack other accounts.
6) Searching/filtering – Many times companies send from multiple addresses email addresses and/or from non-company domains, so searching on "9230843company.com@my_domain.com" yields all emails from that company rather that just some sub-section.
7) Anti-phishing – I regularly get very convincing looking emails "from" Facebook or Linked in, but they are sent to something other than my Facebook or LinkedIn email address. Because of this, I automatically know they are fake and I spend no time mousing over links to see where they go.
8) There are probably more reasons, but for me, even just the benefits listed above outweigh the slight inconvenience by a longshot.
As a side note:
I could have posted this comment from my Twitter account (as I have done in the past) but the last thing I need is an attacker with just a little more info about how I do business. The recent Sophos horror story about Mat Honan (http://nakedsecurity.sophos.com/2012/08/06/journo-totally-owned-thanks-to-over-helpful-icloud-support/) only strengthens my convictions.
Some may say I'm paranoid… Yes. Yes, I am. 🙂
It's less common now for sites to accept [space]@[space].[space] but I love it when that works. Otherwise I use a random chain that will go to nowhere on a domain that's mine. If I need a confirmation email I can set up something that works for only as long as I need it.
As an aside – I am not Arnold, but for many years I had an Aardvark email.
I own a domain name, have done for over 15 years … from the outset, the obvious mydomain@mydomain.com address seems to have been used as a throwaway address by several people in the past., so I've never been able to use it… Thanks folks!
I try to use a rob+website.com@mydomain.com address for most sites, but some won't accept emails with '+' in them.
On the opposite side of the fence, though, the vast majority of stuff in my spam folder is email bounces from spam message being sent from a third party to other addresses that don't exist, but using one of my public contact emails as the "from" address. So the bounce comes to me. Absolutely nothing I can do about it, and I've had to swap from a free DNS to a paid one because of the sheer volume of DNS lookups it causes! (I've set up DKIM & SPF to indicate to their recipients that only *my* emails are valid, but it's not deterred them.) Here you are, SPAM I'm not even seeing that is costing *me* a measurable amount of cold hard cash. And it's been happening for about a year now. It's not even worth me spending the time deleting the address, and then going through changing everywhere that legitimately quotes that address – I'd still be getting the DNS hits, and might instead miss out on contacts that I want to hear from.
Like others, I give a unique email address to each one I sign up for. It's handy for competitions, I get an email saying I've won tickets to watch the olympics. Can it be true? Well, it's in the email address I used solely to enter competition with the prize being tickets to the olympics. Had this been a standard email address, it would have gone into the bin. But as it was a unique email address, and the only incoming emails to that email address were "confirm it's you", and then "congratulations", I enjoyed an evening watching Bolt zoom-zoom round the track 🙂
There's piece of mind, as well as the ability to strip out the spammers (Facebook, Panasonic, Curse, Amazon, Interflora… you know who you are!)
I’ve found the easiest is a white-list mailbox and a quick header scan through the rest for anything important.
With my own domains I am now creating new and exclusive email addresses for every service I subscribe to.
Servers which send SPAM to those addresses can then be blacklisted on my firewall to get the OpenBSD spamd ultra slow tarpit pain put on them.
I also get the insight into who either knowingly passes my email addresses on, or who cannot keep them secure.
I use my main address. I don't find it difficult or annoying to delete the two or three spams that sneak through each week.
I have a draft with all the e-mail addresses of people I dislike, scammers, or those with whom I disagree. I always reply to those folks and then send them the addresses of all the others as I've listed above.
I then add the address of the person I just wrote to my draft so they are included with the next submission I make.
It just seemed like common sense to create a seperate account for probable junk. Works very well.
I've been using my Hotmail address for spam for over 12 years now. It receives about 20 spam mails a day.
I log on once a month to delete them all. :o)
I once needed to pay a bill, but had no cash. Since I had an online biz and a biz account with Paypal, I sent a bill to myself for $400 for "services" using a "special" fake e-mail address and name. Then I paid myself with my own credit card. This way I didn't need to pay that high interest for cash! I was pretty proud of myself.
I have an aol ID that I use for subscriptions to websites, contests at the county fair, and similar things. I can get my password reset if I need to but otherwise just log in and delete all the spam that hits that address keeping only things I want in folders. It works well and keeps spam out of my personal and professional email boxes.
I'm feeling left out. I have one e-mail for my business, one for personal, and between them I get maybe twenty spam messages a year, and they are mostly recognised as such by Norton Internet Security. I must be doing something wrong.
"Alex – like many i'm sure, i use a catch-all domain and give each site i register on their own address."
Yep, that's what I do too. So it's bbc@mydomain.org or whatever. If they pass it on I can instantly see where that they did so.
After being swamped with mostly unwanted junk-etc.-e-mail, I finaly setup a new
e-mail address on a new very secure computer and am using the older computer with
several disposable e-mail addresses and using different Providers, this has solved 90% of my problems!
As I can have as many email addresses as I want, I make a new address for everything that I deal with or subscribe to. If I get junk email – I just delete that email address (usually after telling them why). AND… I never use Catch All.
Been using hma (hide my ass) for about a year seems to work well for trial software and subscriptions. For my normal email addresses gmail filters work almost 100%
My 'junk' address is actually the first address I had, obtained for job hunting. When I moved to a site with more flexibility and fewer ads, I kept the old one as a junk mail drawer, and for sending new passwords too if I forgot them for the newer account. Since I posted resumes online (not my brightest move) that old address apparently landed on a LOT of mailing lists.
I generally use a catch-all to a ‘signup mail’ account & create a new address for each website – e.g. you are nakedsecurity@mydomain.co.uk. If you’re interesting and don’t send me too much mail, you get forwarded to my real email address. Once you try my patience,you get relegated to the signup mail account again and if you really annoy me, you get auto- deleted or unsubscribed depending on how trustworthy you are.
The system’s worked well for 15 odd years of having my own domain
Occasionally I use a google email address with plus addressing too and very occasionally use my ISP linked email address for stuff I know I never want to see (I only check it 2 or 3 times a year)
When I can I use the 'plus addressing' but unfortunately many badly designed email address validators wrongly think that the '+' character is not a valid character inside an email address…
(I have the regret to say that Sophos' comment system uses such a BADLY designed email address validator :/ )
Addresses like MyAdress+WebSiteName@MyDomain.com are very effective to filter emails based on senders.
When I can't use + addressing I create an alias or if I don't care much about the emails a website would send me I use a specific email account that I only use for registering…
However, as my email provider's spam defenses are quite effective, depending on the website I might not take all these precautions anymore…
I currently use disposable e-mail addresses that you get with BT's emai service.
Every site has it's own email address so I just delete ones that become a problem. Also I know where the issue originated so I can take any appropiate action.
I have a couple of e-mail accounts, for different kinds of spam. One for computer marketing, one for political/news marketing, one for general marketing, my work one, and my personal one.
Once you get the hang of it, it's not hard to manage. It just depends on what you are doing.
I have a standard Yahoo! address that I offer to any commercial enterprise — my designated spam dump. I am grateful for unlimited storage, because I can’t sort out the grain from the chaff and delete the irrelevant and unwanted fast enough. I use other e-mail addresses for people I know personally or higher-priority communications, and include a line in my sig file, “Please *BCC* any lists to this address. Thank you to those who already do.”
I used to use multiple email accounts for different services. But these days I just use the one email address for everything. It’s a lot easier to just manage the one inbox than trying to manage multiple addresses especially as spam filters are pretty good these days.
I do have a catch-all setup on a subdomain to allow me to register multiple Twitter, Youtube and other accounts but that’s just to by-pass the “That email is already in use” restriction..
Yes, I use a very old and first email address I had. I do not use it for day to day communcation, but check it once a month to clear out the spam. I also use through my email service disposable email addresses which I can delete if it gets too spammy.
This is what I do and what I teach my kids to do as well:
– keep your personal email address(es) private. same for name and phone numbers; limit the number of apps on your smartphones that ever need to read your account info to carefully selected apps; the ripples of your poor judgement may affect your whole contact list…
– if you do "business" online, as in buying anything and /or expecting or availing of support for some services, etc – use your real name and a dedicated email address for such purposes that you may check at least once a week; never sign up for their newsletters with such email address, never tick to allow them to share your details with 3rd parties for marketing purposes, etc..; if they do not offer the choice but rather state they are sharing your details with 3rd parties for marketing purposes, then look for an alternative provider or think if they really need to know your true identity.
– do you play games online or need often information, or regularly reading certain subjects, etc and you're asked for email, name, etc … for sign up… then think 3x before ever submitting ANYTHING real about you, be it name, address, phone number or email. The password you choose also should NOT have to do with anything that is real data / info about you. Use some alias that you may remember, use a dedicated address for such where you care less about spam, etc … set filters if you're not willing to check such inbox more often than once a month.
Quick point / principle: people / businesses or government bodies will potentially lose your data either via mishandling or via malicious actions, etc…; more, there maybe years or decades passed until it happens: your identity and your privacy is very important: protect yourself what you can, while you can.
And another point to be made: while maybe you think that 99% of the ones you entrust with your data would be "trustworthy" if met "face-to-face", while moved into the digital era, the great majority of them do not have the means and do not have the knowledge nor the power to protect what you entrust them with…
I'm with Philip on this one too!!
I have 4 email accounts and I still use independent aliases in yahoo for each subscription, the trick is to NEVER use your main ID/Email for anything.
Also use generic DOB for everything non official.
1- Gmail: Work/uni/courses
2- Hotmail: Friends/ Family/Acquaintances
3- Outlook.com: Formal (banks/hospital/billsetc)
4- Yahoo: Bloggs/shopping/communities (all aliases)
Also I thought about merging Hotmail and Outlook contacts, as you can also have alias email addresses, but the issue for me is:
– If there was a security glitch, skydrive documents could be viewed.
– Hacks/Viruses spam all your contacts and I don't want to compromise confidentiality.
– You cannot share documents on skydrive with an Alias..
Anyway just my tuppence worth, from a paranoid 30+ female.UK
If you want to take much from this paragraph then you have to apply these methods to your won webpage.