Disposable email address

Last updated April 23, 2024

This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)

This article may require copy editing for tone. You can assist by editing it.(January 2024) ( Learn how and when to remove this template message )

This article needs additional citations for verification . Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Disposable email address" – news · newspapers · books · scholar · JSTOR (December 2010) ( Learn how and when to remove this template message )

( Learn how and when to remove this template message )

Disposable email addressing, also known as DEA, dark mail or masked email, refers to an approach that involves using a unique email address for every contact or entity, or for a limited number of times or uses. The benefit is that if anyone compromises the address or utilizes it in connection with email abuse, the address owner can easily cancel (or "dispose" of) it without affecting any of their other contacts.^[1]

Uses
Advantages over traditional email
Using "sub-addressing"
Multiple email aliases
Concerns
Restrictions by site administrators
Effectiveness
Logging in/resetting password
See also
References

Uses

Disposable email addressing sets up a different, unique email address for every sender or recipient combination. The method is useful in scenarios where someone may sell or release an individual's email address to spam lists or other unethical entities. The most common situations of this type involve online registration for sites offering discussion groups, bulletin boards, chat rooms, online shopping, and file hosting services. A jeopardized email address can result in email spam or identity theft, both of which internet users can avoid or protect themselves against by using disposable email addressing.^[2]

Disposable email addresses can be canceled if someone starts to use the address in a manner not intended by the creator. Some examples of this are the accidental release of an email to a spam list or if the address was procured by spammers. Alternatively, the user may decide not to receive further correspondence from the sender. Whatever the cause, DEA allows the address owner to take unilateral action by simply canceling the address. The owner can choose whether to update the recipient or not.

Disposable email addresses typically forward to one or more real email mailboxes where the owner receives and reads messages. The contact with whom a DEA is shared never learns the user's real email address. If a database manages the DEA, it can also quickly identify the expected sender of each message by retrieving the associated contact name of each unique DEA.^[3] If used properly, DEA can also help identify which recipients handle email addresses carelessly or illegitimately. Moreover, it can serve as a tool for spotting fake messages or phishers.

Advantages over traditional email

Ideally, owners share a DEA once with each contact or entity. Thus, if the DEA should ever change, only one entity needs to be updated. By comparison, the traditional practice of giving the same email address to multiple recipients means that if that address subsequently changes, many legitimate recipients need to receive notification of the change and update their records — a potentially tedious process.

Additionally, because the access has been narrowed down to one contact, that entity then becomes the most likely point of compromise for any spam that the account receives (see "filtering" below for exceptions). This allows users to determine the trustworthiness of the people with whom they share their DEAs. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned as undeliverable if the DEA is deleted outright.^[3]

Further, because DEAs serve as a layer of indirection between the sender and recipient, if the DEA user's actual email address changes, for instance, because of moving from a university address to a local ISP, then the user need only update the DEA service provider about the change. Afterward, all outstanding DEAs will continue to function without updating.

Using "sub-addressing"

A number of email systems support "sub-addressing" (also known as "plus" or "tagged" addressing)^[4]^[5]^[6] where a tag can be appended to the "local part" of an email address — the part to the left of the "@" — but with the modified address being an alias to the unmodified address. For example, the address joeuser+tag@example.com denotes the same delivery address as joeuser@example.com. The text of the tag may be used to apply filtering, or to create single-use addresses.

If available, this feature can allow users to create their own disposable addresses;^[7] however, it reveals the user's delivery address to email recipients.

Multiple email aliases

Another approach is to register one main email address and many auxiliary email addresses, which will forward all mail to the main address, i.e., the auxiliaries are used as aliases of the main address. The advantage of this approach is that the user can easily detect which auxiliary email is 'leaking' with spam and block or dispose of it.

Some services require additional time to set up forwarding, but others allow the creation of new addresses "on the fly" without registering them with the service in advance. This method allows storage and access of all emails from a single main account. Although, to manage forwarding for some services, the user has to remember the password for each alias.

A variation is to use a catch-all address, then forward to the real mailbox using wildcards. Many mail servers allow the use of an asterisk (*), meaning "any number of characters". This makes the whitelist automatic and only requires the administrator to update the blacklist occasionally. In effect, the user has one address, but it contains wild cards, e.g., "me.*@my.domain", which will match any incoming address that starts with "me." and ends with "@my.domain." This is very similar to the "+" notation, but it may be even less obvious since the address appears to be completely normal.

Concerns

Restrictions by site administrators

Some forum and wiki administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, Internet trolls, vandals and other users that may have been banned may use throwaway email addresses to get around the ban.^[8] Using a DEA provider only makes this easier; the same convenience with which a person may create a DEA to filter spam also applies to trolls.^[9] Website operators expecting to generate revenue by selling the user email addresses that they gather, may choose to ban DEAs as well, due to the low market value of such addresses. There are several free lists available to help detect DEA domains, as well as managed services.

Effectiveness

Although DEA or specifically sub-addressing can help individuals detect when breaches occur and avoid incoming spam, they may not always be effective. Hackers that breach an entity's Databases and acquire email addresses may strip the aliases portion of the email address before selling or releasing them publicly.^[10] This would mean that emails are forwarded directly to the primary address and the individual does not benefit from their use of sub-addressing.

Logging in/resetting password

If an account is created using sub-addressing, then all access to the account occurs through the email and sub address. It is important that an individual who uses a sub-addressing strategy remembers their sub-addresses because logging in or resetting a password will utilize the email address along with the chosen sub-address.^[10]

Related Research Articles

An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineering Task Force (IETF) in the 1980s, and updated by RFC 5322 and 6854. The term email address in this article refers to just the addr-spec in Section 3.4 of RFC 5322. The RFC defines address more broadly as either a mailbox or group. A mailbox value can be either a name-addr, which contains a display-name and addr-spec, or the more common addr-spec alone.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them, but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source.

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. Forging a sender address is also known as email spoofing.

A challenge–response system is a type of that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

Email forwarding generically refers to the operation of re-sending a previously delivered email to an email address to one or more different email addresses.

An email alias is simply a forwarding email address. The term alias expansion is sometimes used to indicate a specific mode of email forwarding, thereby implying a more generic meaning of the term email alias as an address that is forwarded in a simplistic fashion.

Outlook.com, formerly Hotmail, is a free personal email service offered by Microsoft. This includes a webmail interface featuring mail, calendaring, contacts, and tasks services. Outlook can also be accessed via email clients using the IMAP or POP protocols.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

<span class="mw-page-title-main">Gmail interface</span> Overview of the interface of Googles email service Gmail

The Gmail interface makes Gmail unique amongst webmail systems for several reasons. Most evident to users are its search-oriented features and means of managing e-mail in a "conversation view" that is similar to an Internet forum.

Spam reporting, more properly called abuse reporting, is the action of designating electronic messages as abusive for reporting to an authority so that they can be dealt with. Reported messages can be email messages, blog comments, or any kind of spam.

With the invention of online message-transfer methods like email, an array of anti-spam techniques has been developed in regard to email spam. Email spam refers to the unwarranted inundation of unsolicited bulk emails. These are methods created on the client arrangement of a situation, rather than the server-side.

A cold email is an unsolicited e-mail that is sent to a receiver without prior contact. It could also be defined as the email equivalent of cold calling. Cold emailing is a subset of email marketing and differs from transactional and warm emailing.

References

↑ Nield, David. "How to Avoid Spam—Using Disposable Contact Information". Wired. ISSN 1059-1028 . Retrieved 2024-01-24.
↑ "Disposable e-mail addresses foil marketing plans". Network World. 2006-12-04. Retrieved 2007-02-02.
1 2 Nath, Bipasha (2022-12-13). "Disposable Email Addresses (DEA) Explained in 5 Minutes or Less". Geekflare. Retrieved 2024-01-25.
↑ "Using an address alias". google.com.
↑ "Create, use, edit, or delete temporary email addresses in Yahoo Mail - SLN28815". Yahoo Help. Retrieved 14 December 2023.
↑ "Plus addressing and subdomain addressing". fastmail.fm.
↑ Neil J. Rubenking (2004-03-22). "Disposable E-mail Addresses". PC Magazine. Archived from the original on 2007-07-12. Retrieved 2007-02-06.
↑ "Successful Forum Tip #3 — Troll Prevention and Extermination". 2004-08-09. Retrieved 2007-02-02.
↑ "Add New Ban". SMF 1.1 Online Manual. Simple Machines LLC. Retrieved 2007-02-02.
1 2 Krebs, Brian (2022-08-15). "The Security Pros and Cons of Using Email Aliases – Krebs on Security" . Retrieved 2024-01-24.

Unsolicited digital communication

Protocols

Email spam	Address munging Bulk email software Directory harvest attack DNSBL DNSWL Email spoofing Image spam Joe job Pink contract Spambot
Other	Auto dialer Cold calling Flyposting Junk fax Messaging Mobile phone Newsgroup Robocall Spambot Telemarketing VoIP

Anti-spam

Spamdexing

Internet fraud

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.