Disposable email address

Disposable email addresses, also known as DEA, dark mail or masked email, are unique email addresses employed for specific contacts or uses. This is primarily done so that if the email address becomes compromised or utilized in connection with email abuse, the address owner can easily cancel (or "dispose" of) it without affecting their other contacts.[1]

Uses

DEAs allows a unique email address for every sender or recipient combination. It can be employed in scenarios where someone may sell or release an individual's email address to spam lists or other unethical entities. The most common situations of this type involve online registration for sites offering discussion groups, bulletin boards, chat rooms, online shopping, and file hosting services.

If a DEA is jeopardized/used in a manner not intended by the owner, it can be easily canceled at any time.[2]

DEAs typically forward to one or more genuine email mailboxes where the owner receives and reads messages. The contact with whom a DEA is shared never learns the owner's real email address. If a database manages the DEA, it can also quickly identify the expected sender of each message by retrieving the associated contact name of each unique DEA.[3] If used properly, DEAs can also help identify which recipients handle email addresses carelessly or illegitimately. Moreover, it can serve as a tool for spotting fake messages or phishers.

Advantages

Ideally, owners share a specific DEA with each contact or entity. Thus, if the DEA should ever change, only one recipient needs to be updated. By comparison, the traditional practice of giving the same email address to multiple recipients means that if that address subsequently changes, many legitimate recipients need to receive notification of the change and update their records.

Additionally, because DEAs serve as a layer of indirection between the sender and recipient, if the DEA user's actual email address changes for any reason, the user need only update the DEA service provider about the change. Afterward, all outstanding DEAs will continue to function without updating.

As DEAs can be restricted to one recipient, owners can more easily identify likely point of compromise for any spam that the account receives. This allows users to determine the trustworthiness of the people with whom they share their DEAs. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned as undeliverable if the DEA has been deleted.[3]

Methods

Sub-addressing

A number of email systems support sub-addressing, also known as "plus" or "tagged" addressing,[4][5][6] where a tag can be appended to the local portion of an email address (the part to the left of the "@") but with the modified address being an alias to the unmodified address. For example, the address [email protected] denotes the same delivery address as [email protected]. The text of the tag may be used to apply filtering, or to create single-use addresses.

If available, this feature can allow users to create their own disposable addresses.[7] However, this system reveals the user's delivery address to email recipients.

Multiple email aliases

Another approach is to register multiple auxiliary email addresses as aliases which forward all mail to one main address. The advantage of this approach is that the user can easily detect which auxiliary email is receiving spam and block or dispose of it.

Some services require additional time to set up forwarding, but others allow the spontaneous creation of new addresses without having to register them with the service in advance.

Although this method allows storage and access of all emails from a single account, some services require separate passwords for each alias.

Wildcards

Another method is to use a catch-all address and forward mail to the real mailbox using wildcards. Many mail servers allow the use of an asterisk (*), meaning "any number of characters". This makes the whitelist automatic and only requires the administrator to update the blacklist occasionally. In effect, the user has one address, but it contains wild-cards, e.g., "me.*@my.domain", which will match any incoming address that starts with "me." and ends with "@my.domain." This is very similar to the "+" notation, but it may be even less obvious since the address appears to be completely normal.

Concerns

Restrictions by site administrators

Some forum and wiki administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, Internet trolls, vandals, and other banned users may use throwaway email addresses to circumvent bans,[8] and using a DEA provider can streamline this process.[9] Website operators expecting to generate revenue by selling user email addresses may choose to ban DEAs due to their low market value. There are several lists available to help detect DEA domains, as well as managed services.

Effectiveness

Although sub-addressing can help individuals detect when breaches occur and avoid incoming spam, they are not always effective. Hackers that obtain email addresses in a data breach may strip the alias portion of the email address before selling or releasing them publicly, allowing emails to be forwarded directly to the primary address. [10]

Logging in/resetting passwords

If an account is created with a sub-address, account access occurs through both the main email and sub-address. This means that the owner will need to remember the specific sub-address used in order to log in or reset a password.[10]

See also

References

  1. ^ Nield, David. "How to Avoid Spam—Using Disposable Contact Information". Wired. ISSN 1059-1028. Retrieved 2024-01-24.
  2. ^ "Disposable e-mail addresses foil marketing plans". Network World. 2006-12-04. Retrieved 2007-02-02.
  3. ^ a b Nath, Bipasha (2022-12-13). "Disposable Email Addresses (DEA) Explained in 5 Minutes or Less". Geekflare. Retrieved 2024-01-25.
  4. ^ "Using an address alias". google.com.
  5. ^ "Create, use, edit, or delete temporary email addresses in Yahoo Mail - SLN28815". Yahoo Help. Retrieved 14 December 2023.
  6. ^ "Plus addressing and subdomain addressing". fastmail.fm.
  7. ^ Neil J. Rubenking (2004-03-22). "Disposable E-mail Addresses". PC Magazine. Archived from the original on 2007-07-12. Retrieved 2007-02-06.
  8. ^ "Successful Forum Tip #3 — Troll Prevention and Extermination". 2004-08-09. Retrieved 2007-02-02.
  9. ^ "Add New Ban". SMF 1.1 Online Manual. Simple Machines LLC. Retrieved 2007-02-02.
  10. ^ a b Krebs, Brian (2022-08-15). "The Security Pros and Cons of Using Email Aliases – Krebs on Security". Retrieved 2024-01-24.