digg

Join DiggAbout

Introducing Digg Dialogg!
Check out the first Digg Dialogg with Nancy Pelosi. More guests to be announced soon!

Find out who gives away your email address with Gmail trick

hedir.com — When you give your email address to a website, you hope that they don't sell or trade your address to a bunch of spammers. Well if they do, here is a simple way to see what sites are responsible for what particular piece of email. This requires you have a Gmail account.

Bury
show profanity settings
expand all
  • oakj423, on 10/12/2007, -4/+22old news, but i do it all of the time

    setup filters to catch the +xxx address. i use it for email+netflix@...., email+ebay, email+crap, email+bills...
    • Jaymoon, on 10/12/2007, -4/+24I use a similar method as well... Except that I just use cpanel from my site.

      I create forwarders for ebay@mydomain.com, netflix@mydomain.com, etc.., then I forward all of them to a real address.

      If I start getting spam through one, I simply just edit the forwarder to go to none@email.com. Seems to work better than just deleting the redirect, because the server tends to keep all mail sent to ___________@mydomain.com, regardless if the account exists or not.
    • o2sk8, on 10/12/2007, -4/+30I did the same thing as you until I used email+Amazon and ended up not being able to get a rebate for my cellphone because the rebate page would not accept the plus addressing. $150 flushed. That pissed me off.
    • plamoni, on 10/12/2007, -1/+27This is kind of old news, but the other problem is that it's widely known. Any smart site that distributes people's email address will automatically strip the flag before selling/giving it away...

      s/+.*@/@/

      I like Jamoon's method better...
    • griz, on 10/12/2007, -14/+3What to do when your friends enter your e-mail address into web sites to "share this with a friend". If you have a primary address that you use with your friends, won't that still get plugged up with spam after a while?

      One idea might be to issue individual e-mails to every one of your friends.

      mynamefriendsname@domain.com

      Then filter on each one. Tedious, but it would be effective.
    • dmorel, on 10/12/2007, -2/+4@Jaymoon:
      Just send it (no longer wanted alias) to the blackhole account instead of bouncing it back out there to email.com.
    • phlux, on 10/12/2007, -0/+47@jaymoon,

      A few years ago I was doing the same thing. I had setup the email address "DMV@mydomain.com" and supplied it to the DMV when I was working with them on a case against a car dealer who never registered the new car I bought as sold...

      I was actively comminicating with the DMV lawyers in sacramento on this case via email, with that address.

      A few weeks into it I got a Cease and Desist letter from the DMV stating that my using the DMV@ was infringing on thei copyright and theat they would agressively "protect their brand" and that my use of that email address would "confuse consumers"

      I emailed them a bunch on this issue and tried to explain a few things about how email works. I also tried to explain that they cannot "own" the initials "DMV" as there are many "David Victor Menske" or other proper names out there who have just as valid a reason to use the initials.

      I also explained to them in great detail how I was using the email address *only* to communicate with the DMV on the case that was being worked... finally I explained to them that they are a government/public service agency and as such thay have no brand. They didnt like that.

      The never relented and just kept threatening to sue me.

      So I changed the email address to DMVASSHOLES@mydomain.com and began using that email address only - they stopped emailing me after that. but it was an interesting experience in that I had no idea that the DMV thinks of them selves as a brand and a "product that consumers need to differentiate from other services"

      strange... but I would LOVE to go to court over something like this.

    • sillypickle, on 10/12/2007, -5/+1@ Jaymoon
      It seems you could do a similar thing without having a web server by just creating a bunch of gmail addresses(you get 100 invites after all) and setting them all to forward all email received to your main one so you don't have to log into all of them. Then if you start getting spam(that gets through gmail's spam filter, which is tough), you just set the address it's coming to not to forward to your main one. No web server needed!
    • Monolith2, on 10/12/2007, -8/+3Dont even need to read the article to know theyre talking about the old +*** trick. Christ, how many times will this get dugg to the front page? Didn't anyone notice when google themselves announced this feature when gmail was released? And are there this many gmail users who still havent read the FAQ, which lists this as well...?
    • gfixler, on 10/12/2007, -1/+4You don't absolutely need a gmail account, if you have your own domain, though my way isn't 100% free. I've been doing this with my domain since 2000, and have used the technique for every email since then (started it the day I got my domain), and it's kept my spam count in all that time to only a few per day. When Christmas rolls around, and I have to order presents for friends and family, or when I sign up for things like digg, flickr, forums, and the like, or if something requires a valid email address, I give them theirnameSIGNUP@mydomain.com. Since these are unknown accounts, they all forward automatically via my host to the default account. I can add extras before SIGNUP, if I want to get particular. On one forum, I use theirnamePostTitleSIGNUP@mydomain to comment. This way, if a spammer ever grabs the address from one post, I can lock it down, and not have the whole thing ruined for me.

      Whenever a particular address has started receiving a lot of spam, I've added a mailing list through my host with that name (I have unlimited via hostrocket), and made it unjoinable, bouncing all posts by non-members (everyone), which closes it up forever.

      The amazing bit is that 99% of these hundreds of sites I've dealt with are completely scrupulous. The only 2 really big infringers were kazaa and morpheus, which started spamming when they split years ago. I simply made listserves with those addresses (kazaaSIGNUP@mydomain, etc), and everything to them just bounces back without me having to see it. I also got a small amount of googleSIGNUP spam, when I signed up for something back ~'02, but it turned out to be the result of a cookie insecurity that got closed up pretty quickly. I buy stuff from ebay via paypal all the time, and have a steady supply of parts, materials, and electronic components coming to me from venders big and small all the time, and literally none of them has ever resulted in their specific email being used to spam me.

      Pretty much all the spam I get comes in as some random crap before my name, but it's a very small amount. I *do* occasionally get some spam from one of these signup addresses, but even then, almost all of the time it's a very related business - say one financial service gives my name to an affiliate financial service - and usually it says somewhere in there "You are receiving this message, because you signed up with ______, and have chosen to allow affiliates bla bla bla." I've even occasionally clicked links to stop receiving a particular thing, like a newsletter that came with signing up for an online service, and those addresses have never again received anything. It's nice to see that the majority of people and businesses seem to have some sense of humane conduct. Even that godawful MySpace has never used their particular address against me.

      The reason I put SIGNUP in there is so my POP app at home can sort everything to SIGNUP into a separate folder, and inside that, I have some folders that sort a few into extra things, like financial stuff (bank, etc), electronic stuff (all the receipts and notices from vendors), blog comment notices, etc. It's nice to have everything so automatically sorted all the time.

      Just to be extra nuts, I also have a spamcop account, and my "real" address is actually a forwarder to that, which then gets forwarded back to a private account. In my POP, and online clients, I send from that one, but have the reply tos set to the more public name. This is probably not very secure, as the "real" name is still listed in the headers (I think), but in 6 years, it hasn't been a problem.

      Oh, and recently I switched to Linux, and have been allowing the few lingering spams to come through, to train Thunderbird, which is getting better each day at detecting the usually
    • gfixler, on 10/12/2007, -0/+1... < 5 daily spams.

      It clipped me.
    • G-RaZoR, on 10/12/2007, -1/+2I can't help but realize that this was posted in this month's issue of Maximum PC (magazine). He most likely got it from there...
    • Scottamus, on 10/12/2007, -1/+4Buried

      1. It's a repeat. (yea, so what? I know but also)
      2. Inaccurate, it's not a gmail trick per se. A great many servers can do this. It's part of the email RFC.
      3. The more people that advertise you can do this, the more spammers etc will catch on and drop the +...

      Please bury me if you agree.
  • ericpan, on 10/12/2007, -1/+38Sometimes e-mail validators in forms won't allow the + symbol in an e-mail… bummer. Good for people to know otherwise.
    • jedikv, on 10/12/2007, -2/+2yeah i have experienced that too.
    • Cimlite, on 10/12/2007, -0/+3Yeah, exactly what I was thinking. A lot of sites just don't accept + in the email address. Those sites only make me suspicious though.

      My solution to that problem is to use the service sneakemail.com . Allows you to create however many temporary emails you want that forward to your regular one for any length of time. So if they seem to behave the email stays and if they don't I just delete the temporary email and away they go.
    • dougmc, on 10/12/2007, -0/+4I'm pretty sure the problem is that + is the urlencoded version of a space. So the validator gets the +, runs in through a urldecoder, sees the space and cries foul.

      You can often get around that by using %2B instead of a + -- the %2B decodes to a plus -- but at some point it's just not worth it.

      Really, I just need to hack up sendmail.cf to use - like + works now.
    • MadCowDzz, on 10/12/2007, -0/+0I've debated our webteam and email-support team at the company I work for. Turns out we can't allow plus in a client's email because of our system's LDAP restrictions...

      It sucks, but we didn't have a choice.
  • miken32, on 10/12/2007, -7/+5How about "This requires you have an account on almost any *nix-based mail server."
    • praseodym, on 10/12/2007, -0/+3Very true, it works on many mailservers - I've tried Apple's .Mac mail, Webmail.us and some hosting providers and they all worked. With IMAP-based services (i.e. where you can create your own folders) using a + will direct the mail into that folder, e.g. +spam to spam and +newsletters to your newsletters folder.
  • earlgreyrooibos, on 10/12/2007, -1/+3Thanks for mentioning that. Still, I had never heard of this trick before, and I'm definitely going to try it out.
  • Wilcox, on 10/12/2007, -4/+33http://www.duggmirror.com

    Here is the full text...

    When you give your email address to a website, you hope that they don't sell or trade your address to a bunch of spammers. Well if they do, here is a simple way to see what sites are responsible for what particular piece of email. This requires you have a Gmail account.

    If your Gmail login name was username@gmail.com and you went to samplesite.com to fill out a registration form, instead of just entering username@gmail.com as your email, enter it as username+samplesitecom@gmail.com instead. When Gmail sees a "+" in an email address, it uses all the characters to the left of the plus sign to know who to send it to. In this example it would still send it to username@gmail.com.

    Now whats cool is if you search Gmail for username+samplesitecom, you will see all massages that were sent to that email address.

    To see who is responsible for sending a specific message click the Show Details link and you will see the complete address.

    Neat! Smile
  • grooviekenn, on 10/12/2007, -5/+19".... you will see all massages that were sent to that email address. "

    I wish someone would send me a massage!

    • Cglass, on 10/12/2007, -4/+2Edit: That said massage?
    • transeunte, on 10/12/2007, -0/+1Just give me your email and I'll send you tons
  • op12, on 10/12/2007, -0/+23For those who don't know, gmail also lets you add and remove periods from your email address. So if you signed up as firstname.lastname@gmail.com, you still have to use firstname.lastname to log into your account, but an email sent to f.i.r.s.t.n.a.m.e.l.a.s.t.n.a.m.e@gmail.com will still get to you. As would firstnamelastname@gmail.com

    Not sure if you can filter on that.
    • hansamurai, on 10/12/2007, -0/+8I just tested this and I can confirm that if you signed up as say kevin.rose@gmail.com and sign up at a site as k.evin.rose@gmail.com, the email's header is full of k.evin.rose@gmail.com.

      This definitely works and is probably a better way to see who's spamming you as it is so easy for the spammer to just hack off anything after the + sign. Just harder to keep track of.
  • ToadX, on 10/12/2007, -2/+3What I found bad about this trick is that, you'll forget what e-mail address you put into a site since you entered different e-mail addresses into every site. Very annoying.
    • dmorel, on 10/12/2007, -0/+8You just have to know your own style, after a while it's not an issue. You might use the sites initials, or the sites full name, or whatever but this kind of thing becomes pretty natural once you start doing it regularly.


    • Cglass, on 10/12/2007, -1/+8Yea it's gotta be rough, I know when im at ebay I'm always trying stuff like johnsmith+aol@gmail.com, and like johnsmith+pricegrabber@gmail.com..

      *rolls eyes*
    • dJCL, on 10/12/2007, -0/+1I use the domain name version - so it's always:
      djcl-digg.com@domain.name - really easy to remember what one I used at any given site and the "-" is never stripped out.
  • jimmiejaz, on 10/12/2007, -3/+3RFC 2822 http://www.faqs.org/rfcs/rfc2822.html
    http://www.faqs.org/rfcs/rfc2822.html

    Why is this here?
  • dmorel, on 10/12/2007, -0/+4This trick from the article (aka forum post) is fairly clever but appears to be a known specification.

    In the old days, we used to do this by having a catch all account on our domains. We all thought we were pretty clever having these catch all accounts so we could do stuff like digg@yourdomain.com, yourBank@yourdomain.com and "catch" who ever gave our address away. It rarely happened.

    Then, there was spam, LOTS of spam sent to random account names and it was time to shut down the catch all... sigh, those were the days, now all aliases have to be set up manually but it's still helpful.

    • dmron, on 10/12/2007, -0/+4That's exactly the problem I had with using a catchall. I never had any addresses that I gave away be used for spam. The problems started when spammers just started sending emails to EVERYTHING_AND_ANYTHING@mydomain.com.... I eventually said ***** it and turned off the catchall as well. Wasn't worth it. Now I just use two email addresses. One for my "real" email, and the other for any company that requires my email for any reason.

      PS - I dont think this article is accurate in that it requires gmail. I think most mail servers support this, although I am no expert, so I might be wrong.
  • hansondr, on 10/12/2007, -4/+1Since gmail gives you a load of invites why not just make additional accounts? email_netflix@gmail.com, etc...
    • jstohler, on 10/12/2007, -1/+7Because then you have to log out to check each one and they're contained under different logins. This trick allows you to centralize everything.
    • drlha, on 10/12/2007, -0/+9That would work if gmail allowed underscores! Bah.
    • Electrox3d, on 10/12/2007, -3/+1cause I'm gonna steal all the email addresses in the world!!! then only ONE person will be able to have multiple emails reguarding netflix and the like.
    • snerge, on 10/12/2007, -0/+8@jstohler

      forward all those additional accounts to your primary one and filter them with labels ...
    • Mejogid, on 10/12/2007, -4/+2You could redirect the other accounts to your primary one.
    • kualla, on 10/12/2007, -0/+1@snerge

      "forward all those additional accounts to your primary one and filter them with labels ..."

      Only problem there is if you forget to log into your account after so much time (6 months I think) then the account gets auto deleted. So if you have like 25 emails you set up that might be a pain having to every few months log in to ensure your accounts remain active...

      But otherwise that is a great idea :)
    • sillypickle, on 10/12/2007, -0/+2@kualla

      Solution for the login to keep accounts active problem:
      Set up a POP email program that you don't otherwise use to check all of your addresses but leave all mail on server, then all you have to do is run that program every few months. You could even schedule it so it happens automatically super early in the morning when you're asleep.
  • drlha, on 10/12/2007, -0/+6A better question is how spammer find out gmail email addresses that have ever been made public. I use gmail for a few internal email processing scripts at work because its easier than going through the bureaucracy of applying for a company email. These accounts only ever recieve email from one email address, and are never made public, and yet I still get spam to them.

    Do spammers have scripts that send to "aaa@gmail.com, aab@gmail.com... etc" or is there some other way to find out valid gmail account names?
    • Cglass, on 10/12/2007, -0/+3It's not hard to find the 10,000,000 most common words/names that could be used as an email address and then throw a @gmail.com on the end.
    • pengas, on 10/12/2007, -0/+1i would assume google blocks these kind of attemtps to massively email everyone on google. your network will be black listed which means trouble. however, as mentioned in here, its not hard to test most common 100,000 email names, or transfer existing, working emails to other domains.. pengas@yahoo works? lets sapm pengas@excite etc.
    • ckedge, on 10/12/2007, -0/+1YES!! I just noticed the other day that my gmail account has been getting spam for over a month now (shows how good their spam filters are, or how infrequently I use the account).

      I have *never ever* used that address elsewhere. I've given it to maybe three people, none of whom would sign me up for anything.

      @Cglass: I never would have imagined that my address was "guessable" - it's a first name (not a very common one) plus the word "from" plus the country I was born in. I'd be amazed if spammers were running those kind of "address discovery" sweeps. I guess it's entirely possible, all they have to do is send e-mails that aren't actually spam and then wait for the "no such address" replies, then they know which ones hit a positive and they've got something to sell to the other spammers.

      I guess the next address I use will need to include "salt" -- if you know what that is.
  • argblat, on 10/12/2007, -5/+1This is great until you forget your password and have to enter your email address to get it back and have absolutely no idea what your 'email address' is for that particular site
  • welshbaloney, on 10/12/2007, -0/+6Or, if you want to try to avoid the spam emails alltogether, use spamgourmet.com.

    So for samplesite.com, I might enter "samplesite.1.@spamgourmet.com"

    Emails will go to spamgourmet.com, who will deliver only 1 (in this example) email to my real address. All others afterwards are sent to a black hole. Good for getting that 1 email that includes a download link (say).
  • joshwalderbach, on 10/12/2007, -3/+4Very very old news why are people digging this? This trick doesn't work with many sites such as myspace. The problem is most sites see a "+" as an invalid character and throw it out.
    • Cglass, on 10/12/2007, -1/+15Ah I'm glad you use reputable and informative websites like MySpace.
  • Alphateam, on 10/12/2007, -0/+2I use a great service called www.endjunk.com
    It does a similar thing. The e-mail you give out is WHATEVER@username.endjunk.com
    (I use the website name for WHATEVER) Then it will auto forward to your e-mail address. If you start getting spam to that address you just disable that address and the spam is gone.
    You can have an unlimited number or addresses and it auto creates it the first time it is used.
  • pcrow, on 10/12/2007, -0/+2I use my own domain. I've found that very few reputable web sites leak addresses. The only serious problem I've had is with TDameritrade. They have repeatedly leaked my addresses.
    • bibendum, on 10/12/2007, -1/+2Interesting, pcrow.

      I do the same with my own domain as well. Out of perhaps 100 aliases I have set up, the only two that have leaked are TDAmeritrade and United Airlines.
  • REALLYTANGY, on 10/12/2007, -2/+1This isn't specific to Google, but I use Spamgourmet. Their page navigation isn't the best but you can setup "disposable" E-mail address e.g. company name.number of messages that can be sent to said E-mail.username@spamgourmet.com. It may seem complicated but once you come with your own standard its pretty simple. You can also add "safe senders", filter words, and reply address masking so even if you reply from Gmail your real address wont be disclosed.
  • drewskyjones, on 10/12/2007, -0/+1I use the free email accounts that my ISP gives me for signups and avoiding spam when dealing with a site I would infrequently need stuff from. I never use ISP email accounts for anything meaningful because my ISP keeps changing (excite, @home, at&t, comcast, time warner in 5 years), so I would be having to tell everyone "oh, my email address changed again". I get the one email I was looking for and delete everything else in the ISP account. Also, I can change the email addresses to whatever I want at any time. At one point I was using a hotmail account, but if you forget to check it for a long time, they may disable it. The ISP email accounts will stay active as long as I'm paying the ISP.

    I have tried this gmail hack and it worked for a while...until the spammers became aware of it.
  • instinet, on 10/12/2007, -0/+2If anyone has actually caught a site selling your address using this method, pls post them. I tried this a yr ago and have not caught anyone... looks like a waste of time...
    • pcrow, on 10/12/2007, -0/+2I've caught TD Ameritrade and Amazon. With Amazon, it seemed that they used a partner for some promotion or survey, and it hasn't happened again. WIth TD Ameritrade, it's happened twice, and each time they gave out all three addresses I have registered with them.
    • altintx, on 10/12/2007, -0/+1I posted below before I noticed this, but Ameritrade.com, UNM.edu and Wickedmoon.com have all given out my address.
    • chrisirmo, on 10/12/2007, -0/+1I just caught allofmp3 yesterday. Not that that one was really a big surprise...
    • chrisirmo, on 10/12/2007, -0/+1Also, livejournal.com sold me out a while back.
    • evilllama, on 10/12/2007, -0/+0I had Koolance do this. I complained and have since ordered with them under a different address and have yet to see spam under the new email address.
  • geodescent, on 10/12/2007, -0/+2Another service that does the same thing (sort of) is called SneakEmail. Probably more cumbersome, but still quite useful and free.
  • beejay54, on 10/12/2007, -0/+1This will actually work on any Postfix server.
    • dougmc, on 10/12/2007, -0/+1Not just postfix either. Sendmail has done this for a long time, for example. I'll bet most *nix MTAs (or their local mailer equivilent) do it.
  • sdbarker, on 10/12/2007, -0/+1And all any smart spammer has to do is s/+.*(@gmail.com)/1/ and you've still got the same problem.
  • altintx, on 10/12/2007, -0/+1I have a catch-all set up that forwards everything to gmail. Then for email addys that get sold, I just create an an account with a small quota and then the emails bounce back to sender with a "mailbox is full" message.

    Not many companies actually have sold me out. I've been doing this since 2001, and only three organizations have sold me out: Ameritrade (ameritrade.com), UNM (unm.edu) and WickedMoon (wickedmoon.com)
  • sclark, on 10/12/2007, -1/+1This quickly becomes a problem with a lot of usage. At some point it collapses and you'll be forced to turn on a catchall to keep your email flow alive. At that point you're open to dictionary attacks which can bring down your mail server/spam filter.

    This requires such a huge amount of work that I cannot see any practical purpose. Postal lists are shared all the time on the open market, and there are many other ways to get/exchange email addresses. One leak and you're hosed.
  • heliox, on 10/12/2007, -0/+1Talk about closing the barn door after the horse has run away.

    So now you know who sent you the spam. Only your email address is sold 100 times at this point.
    • altintx, on 10/12/2007, -0/+2But you can avoid future business with the company, block the spammed address, and alert others to what the company does. It doesn't prevent spam from happening, but it makes it easier to keep it from continuing.
    • seanmac, on 10/12/2007, -0/+1Yeah, but then you can filter out emails to that address
  • int19h, on 10/12/2007, -2/+2spamgourmet.com
  • Punisher2K, on 10/12/2007, -2/+1And what exactly does seeing who sold your email get you? Exactly.
    • cyn0sure, on 10/12/2007, -0/+3Umm, it lets you know where you don't want to spend you money.
  • Raian, on 10/12/2007, -0/+4I wish someone with some spare time would create a list of companies that are involved in this practice so we could blacklist them before the fact.
  • eh270, on 10/12/2007, -0/+0I wish Gmail would incorporate something like http://mailexpire.com/ into their system, so you can generate a disposable (or one that can at least be deactivated) email address for this purpose.
  • kualla, on 10/12/2007, -1/+1I know this is old news but THANK YOU for reposting it... I couldn't remember this trick for the life of me nor could I find it doing a search!

    This tip alone makes gmail 10x more valuable than it already is.
  • venukb, on 10/12/2007, -0/+1The link which was digg-ed few months back
    http://21st.blogspot.com/2006/09/use-gmail-generate-unlimited-e-mail.html

    and my take on it :)
    http://www.venukb.com/blog/2006/09/07/gmail-unlimited-email-addresses/
  • mbmatt, on 10/12/2007, -2/+1If somebody adds your address in as a BCC, you cannot filter and cannot view the address it was sent to. Since many spammers use BCC, this doesn't always work well.
  • CheapScott, on 10/12/2007, -0/+1I love the amazing Emailias!......I use Emailias.com (yeah, I know there are others, but this is the one I use and it doesn't let me down). I can create unlimited alias addresses to my real address. Route the email to more than one of my addresses (home/work). Browser-based bookmark lets me create an alias fast on the page I'm visiting. Remembers the website the alias was given to so I don't have to. Takes care of replies so it appears to be from the alias that originally received it. I can use my own domains (i.e. some places don't like to accept free gmail/hotmail addresses). I've used this for years and have upwards of 300 aliases...it just works. Now I just don't worry about giving up an email address...sweet! And yes, I've caught several leaks of my aliases by other sites...but I don't have to worry about it anymore. I'll never browse without it again.
  • billlyboobs34, on 10/12/2007, -0/+1This is how I found out Stardock sold my email address. Lying bastards
  • bliz, on 10/12/2007, -0/+1the problem is that it is too easy to circumvent as spammers can truncate anything after the + sign.

    I'm not trying to advocate yahoo or anything but yahoo mail allows you to create up to three hundred disposable address.

    it works like this: create a disposable address alias: alias
    then create disposable addresses like: alias-ebay, alias-paypal etc...and you have created alias-ebay@yahoo.com, etc...and you can send mail from these addresses too...

    the advantage this has it that as the keywords after the hyphen has to be predefined by the user, spammers who figure out that you are using yahoo address guard would have a hard time figuring out how to reach you after you close the affected address, if you chose more cryptic names after the hyphen.

    of course the advantage google mail has over yahoo's method is that you do not need to predefine the 'new addresses'.
  • yugiohdan6, on 10/12/2007, -0/+1with gmail you can also place periods in different spots in the email and make a filter for messages... granted this can't have an impossible amount of combinations but it can still have a lot for example if you had the email address of yyyyyyyyyyyy@gmail.com you could have 2048 combinations by placing periods in the different spots
    • bliz, on 10/12/2007, -0/+1the problem i think is that while these systems (either adding the dots or the +something method) may work for some not-so-savvy address sellers, they wouldn't work other companies.

      this is because gmail is too common. hence, this trick is not exactly a secret. spammers can easily write scripts to parse out the dots and the plus-somethings to reconstruct your real email address.
  • mddleNameIsEarl, on 10/12/2007, -0/+1This is a lot of people doing the same work with the same goal: to determine which (for the most part) major vendors are selling out our email addresses. Has anyone simply compiled a list of those vendors for the public good? Finding the root is one thing. People speaking with their wallets and not using those services is the real thing. Publicly publishing a list of the offenders seems like the missing step.
  • laserone, on 10/12/2007, -0/+1I've been using spamex.com to do this type of thing for years. It's great when u get spam and know immediately where it came from. Then I just turn off that alias and then I get no more spam. "I get no spam" ;)
    Edited to add; I wonder w/ the gmail trick, though, how soon spammers will know to drop the +whatever to get to your real addy. That can't happen w/ the spamex service that I use.
  • dirrtydirrty, on 10/12/2007, -0/+0It seems like a little too much work when you can easily click the delete button. How annoying can that get when you have so many different e-mail accounts just to prevent spam. I feel that the real problem is the "spam" that we get in our actual mailboxes from credit card companies, primarily. I wonder how many thousands of pounds of paper are being wasted on credit card applications that are just thrown in the trash and not recycled.
  • TheCiscoKid, on 10/12/2007, -0/+1FYI: It's not just periods that are interchangeable in Gmail addresses... yourname@gmail.com and yourname@googlemail.com are also the same address... So if you think the @googlemail.com address has more style, feel free to give out that one... Go ahead, give it a try and send yourself a message ;)
  • archibal, on 10/12/2007, -0/+1awesome tip!
  • juliob, on 10/12/2007, -0/+1Bad idea.

    I've been using the + scheme for over a decade with the sendmail server.
    The problem is half the sites don't accept the '+' sign as a valid email character.

    But WORSE, many sites will accept it one day, then reject it another.

    I can't change my myspace email because the system no longer recognizes the '+' sign and myspace support sucks of course. myspace is not the first web site to do this to me.

    It's way too risky to use the '+' sign.

    I now have a system that does the same thing with the '-': postfix.
    It works much better.

    Also, you need a scheme where stripping the '+whatever' part will yield an invalid email address, i.e. 'bob+ebay@gmail.com' is valid but 'bob@gmail.com' is invalid. Otherwise, spammers will easily circumvent your filter. Of course, gmail doesn't allow that.

    Dumb, retarded, and broken scheme.
  • doubleblack, on 10/12/2007, -1/+0This is Lame, this is older than my Mom...
  • seanmac, on 10/12/2007, -0/+1Smart spammers just strip of the stuff after the + character. You ever seen an email address that legitimately had a + in it?
  • taosk8r, on 10/12/2007, -0/+0I just use 3 services for these purposes. When I simlply want a single registration type email back (ie I'm not signing up for forums where I'm worried about being able to setup email notifications to thread replies) I use http://mailinator.com.

    If I do want to spam-track, or setup one random email addy to use for a bunch of sites I think might spam me, I use http://www.sneakemail.com ..

    Lastly, now that I have the "Temporary Inbox Extension" toolbar for Firefox, I've been using that some as well.. (Sorry, I dont have the link handy, but you can probably find it by searching on the firefox extensions site).
  • tybris, on 10/12/2007, -1/+1Except that 90% of forms block the + in the e-mail address field.
  • laplacian, on 10/12/2007, -0/+1This part of the email spec, has nothing specifically to do with gmail, and isnt very useful in practice. . . so why does this story have 1000+ diggs??
  • bobbygeorgina, on 10/12/2007, -0/+1I have been doing this for awhile now, it is very helpful.
  • pHr34kY, on 10/12/2007, -0/+1Okay, this would take a spammer about 2 seconds to filter out.

    1. Check is email address has a '+' before the '@gmail.com' (and they both exist)
    2. Remove everything between the '+' and the '@'
    3. Send spam.

    Spammers have a tendency to cater for tricks like this.
  • Fetching more discussions...
    Show 51 - 62 of 62 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.