What is Digg?112 Comments
- phlux, on 10/12/2007, -0/+46@jaymoon,
A few years ago I was doing the same thing. I had setup the email address "DMV@mydomain.com" and supplied it to the DMV when I was working with them on a case against a car dealer who never registered the new car I bought as sold...
I was actively comminicating with the DMV lawyers in sacramento on this case via email, with that address.
A few weeks into it I got a Cease and Desist letter from the DMV stating that my using the DMV@ was infringing on thei copyright and theat they would agressively "protect their brand" and that my use of that email address would "confuse consumers"
I emailed them a bunch on this issue and tried to explain a few things about how email works. I also tried to explain that they cannot "own" the initials "DMV" as there are many "David Victor Menske" or other proper names out there who have just as valid a reason to use the initials.
I also explained to them in great detail how I was using the email address *only* to communicate with the DMV on the case that was being worked... finally I explained to them that they are a government/public service agency and as such thay have no brand. They didnt like that.
The never relented and just kept threatening to sue me.
So I changed the email address to DMVASSHOLES@mydomain.com and began using that email address only - they stopped emailing me after that. but it was an interesting experience in that I had no idea that the DMV thinks of them selves as a brand and a "product that consumers need to differentiate from other services"
strange... but I would LOVE to go to court over something like this. - ericpan, on 10/12/2007, -1/+38Sometimes e-mail validators in forms won't allow the + symbol in an e-mail… bummer. Good for people to know otherwise.
- Wilcox, on 10/12/2007, -4/+33http://www.duggmirror.com
Here is the full text...
When you give your email address to a website, you hope that they don't sell or trade your address to a bunch of spammers. Well if they do, here is a simple way to see what sites are responsible for what particular piece of email. This requires you have a Gmail account.
If your Gmail login name was username@gmail.com and you went to samplesite.com to fill out a registration form, instead of just entering username@gmail.com as your email, enter it as username+samplesitecom@gmail.com instead. When Gmail sees a "+" in an email address, it uses all the characters to the left of the plus sign to know who to send it to. In this example it would still send it to username@gmail.com.
Now whats cool is if you search Gmail for username+samplesitecom, you will see all massages that were sent to that email address.
To see who is responsible for sending a specific message click the Show Details link and you will see the complete address.
Neat! Smile - plamoni, on 10/12/2007, -1/+27This is kind of old news, but the other problem is that it's widely known. Any smart site that distributes people's email address will automatically strip the flag before selling/giving it away...
s/+.*@/@/
I like Jamoon's method better... - o2sk8, on 10/12/2007, -4/+30I did the same thing as you until I used email+Amazon and ended up not being able to get a rebate for my cellphone because the rebate page would not accept the plus addressing. $150 flushed. That pissed me off.
- op12, on 10/12/2007, -0/+23For those who don't know, gmail also lets you add and remove periods from your email address. So if you signed up as firstname.lastname@gmail.com, you still have to use firstname.lastname to log into your account, but an email sent to f.i.r.s.t.n.a.m.e.l.a.s.t.n.a.m.e@gmail.com will still get to you. As would firstnamelastname@gmail.com
Not sure if you can filter on that. - Jaymoon, on 10/12/2007, -4/+24I use a similar method as well... Except that I just use cpanel from my site.
I create forwarders for ebay@mydomain.com, netflix@mydomain.com, etc.., then I forward all of them to a real address.
If I start getting spam through one, I simply just edit the forwarder to go to none@email.com. Seems to work better than just deleting the redirect, because the server tends to keep all mail sent to ___________@mydomain.com, regardless if the account exists or not. - Pattyo13, on 05/14/2009, -4/+22old news, but i do it all of the time
setup filters to catch the +xxx address. i use it for email+netflix@...., email+ebay, email+crap, email+bills... - Cglass, on 10/12/2007, -1/+15Ah I'm glad you use reputable and informative websites like MySpace.
- grooviekenn, on 10/12/2007, -5/+19".... you will see all massages that were sent to that email address. "
I wish someone would send me a massage! - drlha, on 10/12/2007, -0/+9That would work if gmail allowed underscores! Bah.
- dmorel, on 10/12/2007, -0/+8You just have to know your own style, after a while it's not an issue. You might use the sites initials, or the sites full name, or whatever but this kind of thing becomes pretty natural once you start doing it regularly.
- snerge, on 10/12/2007, -0/+8@jstohler
forward all those additional accounts to your primary one and filter them with labels ... - hansamurai, on 10/12/2007, -0/+8I just tested this and I can confirm that if you signed up as say kevin.rose@gmail.com and sign up at a site as k.evin.rose@gmail.com, the email's header is full of k.evin.rose@gmail.com.
This definitely works and is probably a better way to see who's spamming you as it is so easy for the spammer to just hack off anything after the + sign. Just harder to keep track of. - Cglass, on 10/12/2007, -1/+8Yea it's gotta be rough, I know when im at ebay I'm always trying stuff like johnsmith+aol@gmail.com, and like johnsmith+pricegrabber@gmail.com..
*rolls eyes* - jstohler, on 10/12/2007, -1/+7Because then you have to log out to check each one and they're contained under different logins. This trick allows you to centralize everything.
- drlha, on 10/12/2007, -0/+6A better question is how spammer find out gmail email addresses that have ever been made public. I use gmail for a few internal email processing scripts at work because its easier than going through the bureaucracy of applying for a company email. These accounts only ever recieve email from one email address, and are never made public, and yet I still get spam to them.
Do spammers have scripts that send to "aaa@gmail.com, aab@gmail.com... etc" or is there some other way to find out valid gmail account names? - welshbaloney, on 10/12/2007, -0/+6Or, if you want to try to avoid the spam emails alltogether, use spamgourmet.com.
So for samplesite.com, I might enter "samplesite.1.@spamgourmet.com"
Emails will go to spamgourmet.com, who will deliver only 1 (in this example) email to my real address. All others afterwards are sent to a black hole. Good for getting that 1 email that includes a download link (say). - dmorel, on 10/12/2007, -0/+4This trick from the article (aka forum post) is fairly clever but appears to be a known specification.
In the old days, we used to do this by having a catch all account on our domains. We all thought we were pretty clever having these catch all accounts so we could do stuff like digg@yourdomain.com, yourBank@yourdomain.com and "catch" who ever gave our address away. It rarely happened.
Then, there was spam, LOTS of spam sent to random account names and it was time to shut down the catch all... sigh, those were the days, now all aliases have to be set up manually but it's still helpful. - dougmc, on 10/12/2007, -0/+4I'm pretty sure the problem is that + is the urlencoded version of a space. So the validator gets the +, runs in through a urldecoder, sees the space and cries foul.
You can often get around that by using %2B instead of a + -- the %2B decodes to a plus -- but at some point it's just not worth it.
Really, I just need to hack up sendmail.cf to use - like + works now. - dmron, on 10/12/2007, -0/+4That's exactly the problem I had with using a catchall. I never had any addresses that I gave away be used for spam. The problems started when spammers just started sending emails to EVERYTHING_AND_ANYTHING@mydomain.com.... I eventually said ***** it and turned off the catchall as well. Wasn't worth it. Now I just use two email addresses. One for my "real" email, and the other for any company that requires my email for any reason.
PS - I dont think this article is accurate in that it requires gmail. I think most mail servers support this, although I am no expert, so I might be wrong. - Raian, on 10/12/2007, -0/+4I wish someone with some spare time would create a list of companies that are involved in this practice so we could blacklist them before the fact.
- cyn0sure, on 10/12/2007, -0/+3Umm, it lets you know where you don't want to spend you money.
- Cimlite, on 10/12/2007, -0/+3Yeah, exactly what I was thinking. A lot of sites just don't accept + in the email address. Those sites only make me suspicious though.
My solution to that problem is to use the service sneakemail.com . Allows you to create however many temporary emails you want that forward to your regular one for any length of time. So if they seem to behave the email stays and if they don't I just delete the temporary email and away they go. - praseodym, on 10/12/2007, -0/+3Very true, it works on many mailservers - I've tried Apple's .Mac mail, Webmail.us and some hosting providers and they all worked. With IMAP-based services (i.e. where you can create your own folders) using a + will direct the mail into that folder, e.g. +spam to spam and +newsletters to your newsletters folder.
- gfixler, on 10/12/2007, -1/+4You don't absolutely need a gmail account, if you have your own domain, though my way isn't 100% free. I've been doing this with my domain since 2000, and have used the technique for every email since then (started it the day I got my domain), and it's kept my spam count in all that time to only a few per day. When Christmas rolls around, and I have to order presents for friends and family, or when I sign up for things like digg, flickr, forums, and the like, or if something requires a valid email address, I give them theirnameSIGNUP@mydomain.com. Since these are unknown accounts, they all forward automatically via my host to the default account. I can add extras before SIGNUP, if I want to get particular. On one forum, I use theirnamePostTitleSIGNUP@mydomain to comment. This way, if a spammer ever grabs the address from one post, I can lock it down, and not have the whole thing ruined for me.
Whenever a particular address has started receiving a lot of spam, I've added a mailing list through my host with that name (I have unlimited via hostrocket), and made it unjoinable, bouncing all posts by non-members (everyone), which closes it up forever.
The amazing bit is that 99% of these hundreds of sites I've dealt with are completely scrupulous. The only 2 really big infringers were kazaa and morpheus, which started spamming when they split years ago. I simply made listserves with those addresses (kazaaSIGNUP@mydomain, etc), and everything to them just bounces back without me having to see it. I also got a small amount of googleSIGNUP spam, when I signed up for something back ~'02, but it turned out to be the result of a cookie insecurity that got closed up pretty quickly. I buy stuff from ebay via paypal all the time, and have a steady supply of parts, materials, and electronic components coming to me from venders big and small all the time, and literally none of them has ever resulted in their specific email being used to spam me.
Pretty much all the spam I get comes in as some random crap before my name, but it's a very small amount. I *do* occasionally get some spam from one of these signup addresses, but even then, almost all of the time it's a very related business - say one financial service gives my name to an affiliate financial service - and usually it says somewhere in there "You are receiving this message, because you signed up with ______, and have chosen to allow affiliates bla bla bla." I've even occasionally clicked links to stop receiving a particular thing, like a newsletter that came with signing up for an online service, and those addresses have never again received anything. It's nice to see that the majority of people and businesses seem to have some sense of humane conduct. Even that godawful MySpace has never used their particular address against me.
The reason I put SIGNUP in there is so my POP app at home can sort everything to SIGNUP into a separate folder, and inside that, I have some folders that sort a few into extra things, like financial stuff (bank, etc), electronic stuff (all the receipts and notices from vendors), blog comment notices, etc. It's nice to have everything so automatically sorted all the time.
Just to be extra nuts, I also have a spamcop account, and my "real" address is actually a forwarder to that, which then gets forwarded back to a private account. In my POP, and online clients, I send from that one, but have the reply tos set to the more public name. This is probably not very secure, as the "real" name is still listed in the headers (I think), but in 6 years, it hasn't been a problem.
Oh, and recently I switched to Linux, and have been allowing the few lingering spams to come through, to train Thunderbird, which is getting better each day at detecting the usually - Scottamus, on 10/12/2007, -1/+4Buried
1. It's a repeat. (yea, so what? I know but also)
2. Inaccurate, it's not a gmail trick per se. A great many servers can do this. It's part of the email RFC.
3. The more people that advertise you can do this, the more spammers etc will catch on and drop the +...
Please bury me if you agree. - Cglass, on 10/12/2007, -0/+3It's not hard to find the 10,000,000 most common words/names that could be used as an email address and then throw a @gmail.com on the end.
- Alphateam, on 10/12/2007, -0/+2I use a great service called www.endjunk.com
It does a similar thing. The e-mail you give out is WHATEVER@username.endjunk.com
(I use the website name for WHATEVER) Then it will auto forward to your e-mail address. If you start getting spam to that address you just disable that address and the spam is gone.
You can have an unlimited number or addresses and it auto creates it the first time it is used. - earlgreyrooibos, on 10/12/2007, -1/+3Thanks for mentioning that. Still, I had never heard of this trick before, and I'm definitely going to try it out.
- sillypickle, on 10/12/2007, -0/+2@kualla
Solution for the login to keep accounts active problem:
Set up a POP email program that you don't otherwise use to check all of your addresses but leave all mail on server, then all you have to do is run that program every few months. You could even schedule it so it happens automatically super early in the morning when you're asleep. - pcrow, on 10/12/2007, -0/+2I use my own domain. I've found that very few reputable web sites leak addresses. The only serious problem I've had is with TDameritrade. They have repeatedly leaked my addresses.
- dmorel, on 10/12/2007, -2/+4@Jaymoon:
Just send it (no longer wanted alias) to the blackhole account instead of bouncing it back out there to email.com. - pcrow, on 10/12/2007, -0/+2I've caught TD Ameritrade and Amazon. With Amazon, it seemed that they used a partner for some promotion or survey, and it hasn't happened again. WIth TD Ameritrade, it's happened twice, and each time they gave out all three addresses I have registered with them.
- geodescent, on 10/12/2007, -0/+2Another service that does the same thing (sort of) is called SneakEmail. Probably more cumbersome, but still quite useful and free.
- altintx, on 10/12/2007, -0/+2But you can avoid future business with the company, block the spammed address, and alert others to what the company does. It doesn't prevent spam from happening, but it makes it easier to keep it from continuing.
- instinet, on 10/12/2007, -0/+2If anyone has actually caught a site selling your address using this method, pls post them. I tried this a yr ago and have not caught anyone... looks like a waste of time...
- mickwalks, on 10/12/2007, -0/+2this was on digg already
- CheapScott, on 10/12/2007, -0/+1I love the amazing Emailias!......I use Emailias.com (yeah, I know there are others, but this is the one I use and it doesn't let me down). I can create unlimited alias addresses to my real address. Route the email to more than one of my addresses (home/work). Browser-based bookmark lets me create an alias fast on the page I'm visiting. Remembers the website the alias was given to so I don't have to. Takes care of replies so it appears to be from the alias that originally received it. I can use my own domains (i.e. some places don't like to accept free gmail/hotmail addresses). I've used this for years and have upwards of 300 aliases...it just works. Now I just don't worry about giving up an email address...sweet! And yes, I've caught several leaks of my aliases by other sites...but I don't have to worry about it anymore. I'll never browse without it again.
- pHr34kY, on 10/12/2007, -0/+1Okay, this would take a spammer about 2 seconds to filter out.
1. Check is email address has a '+' before the '@gmail.com' (and they both exist)
2. Remove everything between the '+' and the '@'
3. Send spam.
Spammers have a tendency to cater for tricks like this. - ckedge, on 10/12/2007, -0/+1YES!! I just noticed the other day that my gmail account has been getting spam for over a month now (shows how good their spam filters are, or how infrequently I use the account).
I have *never ever* used that address elsewhere. I've given it to maybe three people, none of whom would sign me up for anything.
@Cglass: I never would have imagined that my address was "guessable" - it's a first name (not a very common one) plus the word "from" plus the country I was born in. I'd be amazed if spammers were running those kind of "address discovery" sweeps. I guess it's entirely possible, all they have to do is send e-mails that aren't actually spam and then wait for the "no such address" replies, then they know which ones hit a positive and they've got something to sell to the other spammers.
I guess the next address I use will need to include "salt" -- if you know what that is. - seanmac, on 10/12/2007, -0/+1Smart spammers just strip of the stuff after the + character. You ever seen an email address that legitimately had a + in it?
- seanmac, on 10/12/2007, -0/+1Yeah, but then you can filter out emails to that address
- inactive, on 10/12/2007, -0/+1This is how I found out Stardock sold my email address. Lying bastards
- venukb, on 10/12/2007, -0/+1The link which was digg-ed few months back
http://21st.blogspot.com/2006/09/use-gmail-generate-unlimited-e-mail.html
and my take on it :)
http://www.venukb.com/blog/2006/09/07/gmail-unlimited-email-addresses/ - laplacian, on 10/12/2007, -0/+1This part of the email spec, has nothing specifically to do with gmail, and isnt very useful in practice. . . so why does this story have 1000+ diggs??
- bobbygeorgina, on 10/12/2007, -0/+1I have been doing this for awhile now, it is very helpful.
- kualla, on 10/12/2007, -0/+1@snerge
"forward all those additional accounts to your primary one and filter them with labels ..."
Only problem there is if you forget to log into your account after so much time (6 months I think) then the account gets auto deleted. So if you have like 25 emails you set up that might be a pain having to every few months log in to ensure your accounts remain active...
But otherwise that is a great idea :) - juliob, on 10/12/2007, -0/+1Bad idea.
I've been using the + scheme for over a decade with the sendmail server.
The problem is half the sites don't accept the '+' sign as a valid email character.
But WORSE, many sites will accept it one day, then reject it another.
I can't change my myspace email because the system no longer recognizes the '+' sign and myspace support sucks of course. myspace is not the first web site to do this to me.
It's way too risky to use the '+' sign.
I now have a system that does the same thing with the '-': postfix.
It works much better.
Also, you need a scheme where stripping the '+whatever' part will yield an invalid email address, i.e. 'bob+ebay@gmail.com' is valid but 'bob@gmail.com' is invalid. Otherwise, spammers will easily circumvent your filter. Of course, gmail doesn't allow that.
Dumb, retarded, and broken scheme. - gfixler, on 10/12/2007, -0/+1... < 5 daily spams.
It clipped me. -
Show 51 - 100 of 110 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is