Disposable email address explained

Disposable email addressing, also known as DEA, dark mail or masked email, refers to an approach that involves using a unique email address for each contact or entity, or using it for a limited number of times or uses. The benefit to the owner is that if anyone compromises the address or utilizes it in connection with email abuse, the address owner can easily cancel (or "dispose" of) it without affecting any of their other contacts.[1]

Uses

Disposable email addressing allows a different and unique email address for every sender or recipient combination. The method can be employed in scenarios where someone may sell or release an individual's email address to spam lists or other unethical entities. The most common situations of this type involve online registration for sites offering discussion groups, bulletin boards, chat rooms, online shopping, and file hosting services. Once an email address has been jeopardized by being sold, the result is often email spam or identity theft, both of which internet users can avoid or protect themselves against by using disposable email addressing.[2]

If a disposable email address normally used for non-controversial purposes starts to be used in a manner not intended by the creator, it can be easily canceled. Examples of this are the accidental release of an email to a spam list or if the address was procured by spammers. Alternatively, the user may decide not to receive further correspondence from a sender. Whatever the cause, DEA allows the address owner to take unilateral action by simply canceling the address. The owner can choose whether to update the recipient or not.

Disposable email addresses typically forward to one or more genuine email mailboxes where the owner receives and reads messages. The contact with whom a DEA is shared never learns the user's real email address. If a database manages the DEA, it can also quickly identify the expected sender of each message by retrieving the associated contact name of each unique DEA.[3] If used properly, DEA can also help identify which recipients handle email addresses carelessly or illegitimately. Moreover, it can serve as a tool for spotting fake messages or phishers.

Advantages over traditional email

Ideally, owners share a DEA once with each contact or entity. Thus, if the DEA should ever change, only one entity needs to be updated. By comparison, the traditional practice of giving the same email address to multiple recipients means that if that address subsequently changes, many legitimate recipients need to receive notification of the change and update their records — a potentially tedious process.

Additionally, because the access has been narrowed down to one contact, that entity then becomes the most likely point of compromise for any spam that the account receives (see "filtering" below for exceptions). This allows users to determine the trustworthiness of the people with whom they share their DEAs. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned as undeliverable if the DEA is deleted outright.

Further, because DEAs serve as a layer of indirection between the sender and recipient, if the DEA user's actual email address changes, for instance, because of moving from a university address to a local ISP, then the user need only update the DEA service provider about the change. Afterward, all outstanding DEAs will continue to function without updating.

Using "sub-addressing"

A number of email systems support "sub-addressing" (also known as "plus" or "tagged" addressing)[4] [5] [6] where a tag can be appended to the "local part" of an email address — the part to the left of the "@" — but with the modified address being an alias to the unmodified address. For example, the address joeuser+tag@example.com denotes the same delivery address as joeuser@example.com. The text of the tag may be used to apply filtering, or to create single-use addresses.

If available, this feature can allow users to create their own disposable addresses;[7] however, it reveals the user's delivery address to email recipients.

Multiple email aliases

Another approach is to register one main email address and many auxiliary email addresses, which will forward all mail to the main address, i.e., the auxiliaries are used as aliases of the main address. The advantage of this approach is that the user can easily detect which auxiliary email is 'leaking' with spam and block or dispose of it.

Some services require additional time to set up forwarding, but others allow the creation of new addresses "on the fly" without registering them with the service in advance. This method allows storage and access of all emails from a single main account. Although, to manage forwarding for some services, the user has to remember the password for each alias.

A variation is to use a catch-all address, then forward to the real mailbox using wildcards. Many mail servers allow the use of an asterisk (*), meaning "any number of characters". This makes the whitelist automatic and only requires the administrator to update the blacklist occasionally. In effect, the user has one address, but it contains wild-cards, e.g., "me.*@my.domain", which will match any incoming address that starts with "me." and ends with "@my.domain." This is very similar to the "+" notation, but it may be even less obvious since the address appears to be completely normal.

Concerns

Restrictions by site administrators

Some forum and wiki administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, Internet trolls, vandals and other users that may have been banned may use throwaway email addresses to get around the ban.[8] Using a DEA provider only makes this easier; the same convenience with which a person may create a DEA to filter spam also applies to trolls.[9] Website operators expecting to generate revenue by selling the user email addresses that they gather, may choose to ban DEAs as well, due to the low market value of such addresses. There are several free lists available to help detect DEA domains, as well as managed services.

Effectiveness

Although DEA or specifically sub-addressing can help individuals detect when breaches occur and avoid incoming spam, they may not always be effective. Hackers that breach an entity's Databases and acquire email addresses may strip the aliases portion of the email address before selling or releasing them publicly.[10] This would mean that emails are forwarded directly to the primary address and the individual does not benefit from their use of sub-addressing.

Logging in/resetting password

If an account is created using sub-addressing, then all access to the account occurs through the email and sub address. It is important that an individual who uses a sub-addressing strategy remembers their sub-addresses because logging in or resetting a password will utilize the email address along with the chosen sub-address.

See also

Notes and References

  1. Nield . David . How to Avoid Spam—Using Disposable Contact Information . 2024-01-24 . Wired . en-US . 1059-1028.
  2. Web site: 2006-12-04 . Disposable e-mail addresses foil marketing plans . 2007-02-02 . Network World.
  3. Web site: Nath . Bipasha . 2022-12-13 . Disposable Email Addresses (DEA) Explained in 5 Minutes or Less . 2024-01-25 . Geekflare . en-US.
  4. Web site: Using an address alias. google.com.
  5. Web site: Create, use, edit, or delete temporary email addresses in Yahoo Mail - SLN28815. Yahoo Help . 14 December 2023.
  6. Web site: Plus addressing and subdomain addressing. fastmail.fm.
  7. Web site: Neil J. Rubenking. PC Magazine . Disposable E-mail Addresses . 2004-03-22 . 2007-02-06. https://web.archive.org/web/20070712222637/https://www.pcmag.com/article2/0,1759,990137,00.asp. 2007-07-12. dead.
  8. Web site: Successful Forum Tip #3 — Troll Prevention and Extermination . 2004-08-09 . 2007-02-02.
  9. Web site: Simple Machines LLC . Add New Ban . SMF 1.1 Online Manual . 2007-02-02.
  10. Web site: Krebs . Brian . 2022-08-15 . The Security Pros and Cons of Using Email Aliases – Krebs on Security . 2024-01-24 . en-US.