Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
We have a low common denominator: 2

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                                         

True revokable e-mail addresses

Manage unlimited, revokable e-mail addresses in a user-friendly way
  (+3, -2)
(+3, -2)
  [vote for,
against]

Some Internet services require users to register with an e-mail address, the validity of which is verified by sending a test e-mail with a verification URL for the user to visit to complete the registration. Naive users may give their addresses away to unscrupulous businesses who may turn around and sell off their database to spammers. Paranoid users may simply avoid all such services, even if they provide a valuable service.

Lucent once came up with a solution called the Lucent Personalized Web Assistant, later spun off into an independent entity called ProxyMate. Users would use LPWA/ProxyMate as a proxy server and sign in with their true e-mail address and a master password. The proxy could automatically generate a working encrypted e-mail address when a user registered on a Web site. The address would not reveal the user's real identity, but did have it encrypted in such a way that ProxyMate could decrypt it and forward e-mail to the real address. They touted this feature as "revokable e-mail addresses," the idea being that if an encrypted e-mail address was exposed to a spammer, it could be "revoked" by using a simple e-mail filter such as is standard with most mail clients. Unfortunately, because the e-mail addresses were encrypted, it was not always possible to tell which encrypted address came from which Web service just by looking at the address. The ProxyMate service had other problems, technical and business-related, and eventually closed its doors.

True revokable e-mail addresses are possible today with certain mail servers, such as Qmail. Qmail supports a feature called "extension addresses." Every user on the system can configure an unlimited number of e-mail addresses for themselves by adding an extension to their username consisting of a dash and an arbitrary string. Thus someone with account "phil" at the service "host.com" could have a main e-mail address of "phil@host.com" but could also make any number of alternative e-mail addresses for himself such as "phil-amazon@host.com," "phil-toysrus@host.com," "phil-cyberpromo@host.com," etc., and give out each address to only one Web service. If he later decided that the business to which he gave "phil-amazon@host.com" could no longer be trusted with his e-mail address, he could configure Qmail to simply bounce any mail to this address. The downside of this is that Qmail requires a Unix shell account and a basic understanding of Unix (usage and shell programming) and how e-mail works, skills that today are limited to a minority of Internet users.

The ideal solution in my mind would be to create a service that combines this useful feature of Qmail with a Web interface and database to enable any novice Internet user to log in and maintain their own arbitrarily large list of custom e-mail addresses. Each configured address could do one of three things: forward the mail to the user's real e-mail address, bounce with a customized bounce message, or bounce with a standard "User not found" message. "Wildcard" e-mail addresses could also be possible, since Qmail supports this functionality. (For example, it's possible to make rules such that "phil-anything@home.com" could be forwarded to Phil's address, no matter what "anything" is. And of course more specific rules could be made to override that in specific cases.)

Hope that all makes sense. :-) Yes, I know it's also possible to establish this objective by going to X number of free-mail sites and registering for "throwaway" accounts, but I think this would be a much more pleasant alternative.

l2g, Oct 21 2000

dot-qmail(9) http://www.qmail.or...man9/dot-qmail.html
From the Qmail distribution: documentation on the use of personal ".qmail" files, the means by which users configure their extension addresses. (Not intended for people unfamiliar with Unix or with weak hearts.) [l2g, Oct 21 2000, last modified Oct 04 2004]

Postfix http://www.postfix.org/
The Postfix mailer also supports "extension addresses", much like Qmail. [egnor, Oct 21 2000, last modified Oct 04 2004]

XNS white paper on e-mail permission filtering http://www.xns.org/...tepapers/filtering/
An alternate scheme for "taking back" e-mail addresses, proposed by the XNS people. I really like the idea of XNS, but no public specifications for it have been released yet, so I worry about its long-term availability. And for users, I think the XNS learning curve will be very high. The scheme I describe above requires no new protocols and will work now with today's standard applications. [l2g, Oct 21 2000, last modified Oct 04 2004]

mailexpire http://www.mailexpire.com
Link appears to be down right now, but I don't know if that's permanent or not so I'm recording it here while I remember. Anyway, it was a disposable receive-only webmail site, with a specifiable time limit for the lifetime of the account -- perfect for signing onto websites. [Cheradenine, Oct 21 2000, last modified Oct 04 2004]

Sneakemail http://sneakemail.com
Is this what you mean? [bookworm, Oct 21 2000, last modified Oct 04 2004]

TMDA http://tmda.net/
Tagged Message Delivery Agent [quarl, Nov 09 2004]

TinyURL www.tinyurl.com
Something like this for email... [monkeybutler, Nov 09 2004]

www.bugmenot.com http://www.bugmenot.com/
Provides pre-registered username and password combinations, so you don't have to. [zen_tom, Jul 22 2005]

[link]






       The idea itself is sound, but the implementation would be a real nightmare. Most email users fall into the 'lowest common denominator' category, and rely on their ISP's tech support for most of their concerns. It would be one hell of a stretch to believe that the average user to even be *capable* of managing several email aliases without bombarding their tech support with needless calls. A service like this should be for experienced Internet users only- and they're quite a rare breed when compared to the majority of Net users. Why? Because tech support calls will totally eat up your revenue if they get out of hand.   

       Also, while smaller ISPs have enough leeway to give multiple aliases to users for spam control, larger ones don't quite have that freedom. ISPs with 300,000+ users (like the one I work for) often have a shortage of non-duplicate usernames for new users as it is. To add multiple aliases for hundreds of thousands of customers simply spells 'administrative nightmare' to most net admins- which translates to 'higher costs' for your Internet service.   

       This idea could conceivably be offered as a value-added, user-administrated service, but then you run the risk of getting your tech support department bogged down again by inexperienced users, most of whom just cannot be bothered to learn how to use the new service and would rather simply let some overworked technician 'walk them through' a process that they will most likely forget in 5 minutes anyway.   

       Of course, as ISPs lower their prices for DSL and cable modems and allow more of their users to host their own servers on their high-speed connections, experienced users who don't mind administering their own mail servers will be more able to do so. All you need is your own domain name and your own mail server- Qmail is an excellent option here- and you can configure as many aliases as you like and implement l2g's scheme.   

       (In fact, the last bit is what I do right now, for the reasons I provided........)
BigThor, Oct 21 2000
  

       Ignore the naysayers; I think this is an idea which is about to break into the mainstream.   

       (If we listened to the BigThors and PeterSealys of the world, we'd never have introduced computers or e-mail in the first place.)   

       I've also heard the term "tear-off addresses" used to describe this concept.
egnor, Oct 21 2000, last modified Oct 25 2000
  

       Thank you all for the comments thus far. BigThor-- Yes, I do the exact same thing. I just thought it was too useful a technique for us "uber-geeks" to keep to ourselves, especially now that the media is making such a hubbub over Internet privacy and "ordinary" people are starting to think about it. egnor-- "tear-off addresses"... I like that; I'll have accounting cut you a royalty check. ;-)
l2g, Oct 21 2000
  

       He explained this, but it was waaaay down at the bottom, long after I lost interest. I happened to see it while reading an annotation. He means that if your address is 'foo@bar.com', you can create your own sub-addresses, such as 'foo-baz@bar.com', or 'foo-qux@bar.com' and have them either forward to your main account, bounce with a customized message or bounce with a generic 'does not exist' message.   

       I rather like the idea, it's kind of a pain to have to go to the bunches of different web email servers...I have addresses I forgot about years ago. <Tried to sign on to one, found the name was already taken, tried one of my generic passwords and got in...to find twenty five THOUSAND spam. Bleah.>
StarChaser, Oct 22 2000
  

       I think this is baked. I use a site called sneakemail to submit addresses to web sites. The mail gets forwarded to my real mailbox with an annotation letting me know who leaked the address. Too much junk and I revoke the address. It also lets me apply filters, so that if I give an address to a site then ONLY that site can use the address.   

       Of course, it relies on the goodwill of the server operators.
bookworm, Oct 23 2000
  

       [StarChaser], mail aliases work just as well for this as regular mailbox accounts. There are many ISPs that will allow several aliases per email account, as well as the web-based tools to add or remove these.   

       The spam still comes to your mailbox and you usually get stuck downloading it- since aliases only forward to your main mail account- but killing an alias only takes a minute or so. Mailbox accounts take more time, but they isolate spam a lot better.   

       Either way, you wind up losing mesages from legitimate users when you kill an email address. Is this a big problem? No. Just give the dummy address to questionable sites and keep the good address for legit users.   

       [PeterSealy], most good email programs have a mail filter list that you can add spam adresses to which will automagically trash them when they're received. The problem? The user has to manually enter each address or domain themselves.   

       The big ISPs mail servers usually come with a dynamically updated mail filter that periodically updates itself with known spammer addresses and domains (like a virus checker updates itself with new virus definitions and signatures every few days). Mail server administrators get updates from a central database, and they also send adresses and domains of new spammers to the database as well.   

       If such databases and filters were made available to home users, THAT would make things almost foolproof, I agree.   

       Such a thing would make the spam checking part of the email programs themselves as well, like you mentioned.
BigThor, Oct 24 2000
  

       I hadn't heard of Sneakemail before, but it comes very close to the ideal service I imagined when I came up with this idea. Thanks, bookworm.
l2g, Oct 24 2000
  

       A tip from the trades. Customize your address with two dots, e.g. anarchy..i@slowserver.com.
Cavæt, I'm told this doesn't work with all mail handlers. It should give you limited assignability and some filtering recourse for mopping up.
reensure, Oct 24 2000
  

       i..anarchy@slowserver.com is not a valid e-mail address. Two adjacent dots must not occur unquoted in the local-part of an email address as defined by SMTP and RFC 822. "i..anarchy"@slowserver.com would be valid, but unless you have very disciplined correspondents that will always remember to put the quotes in, I recommend you pick a diffent pattern.
jutta, Oct 25 2000
  

       Quotes? Quotes are legal? You're kidding.
egnor, Oct 25 2000
  

       You're right, Jutta. And right on. My server wouldn't allow the dot(s). (dot)i(dot)e maybe, no quotes allowed either. Perhaps quotes are available for translation, as in: anarchy@slowserver.com "IcNoLaw@Tall" for the user agent.
reensure, Oct 25 2000
  

       Aliases or secondary smtp addresses work quite well for that purpose. The question is only whether the mail admins expose creation and deletion of aliases to their users.   

       Maybe a site kinda like tinyurl.com, but for email addresses, would fit the bill. The site could auto-expire temp email addresses each week...
monkeybutler, Nov 09 2004
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle