Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Mailinator and email validation

So, Mailinator (via Joel). It’s a brilliant concept; whenever a site you don’t trust insists on you giving them an email address you invent something-random@mailinator.com and give them that instead. Then you go to the Mailinator site, enter the something-random and see the emails recently sent to that address.

As someone who dislikes having to tell sites my email address I love it. As someone who has run sites which insist on an email address I’m not so sure. Forced email registrations are frequently abused for harvesting emails for unwanted mail-outs, but they serve a very valuable purpose in protecting sites from abuse. If user’s have to provide a “real” email address to sign up, you’ve got something concrete with which to ban them should they abuse your service. Sure, these days many people have a multititude of addresses but it’s still a very useful deterrent against abuse. As services like Mailinator become more widespread, I can see web application maintainers needing to fight a constant battle to ban specific email providers from being used to sign up for accounts. It’s that, or move to manually vetting every account which adds delays and seriously reduces people’s motivation for signing up in the first place.

Posted 24th July 2003 at 3:59 pm

This is Mailinator and email validation by Simon Willison, posted on 24th July 2003.

View blog reactions

Next: Learn to search!

Previous: Comment Authentication Prototype

13 comments

  1. MAILINATING THE VILLAGE! TROGDOR! TROGDOR!

    TROGDOR! - 24th July 2003 16:11 - #

  2. There are other variations of this out there, currently my favorite is Spamhole. It sends messages directly to your email address for a set period of time. And there is SpamGourmet.

    Brian - 24th July 2003 17:15 - #

  3. I tend to sign up for services using a variant on sil-nameofservice [a t] kryogenix [d o t] org, since all addresses of that type get to me, and then, as a bonus, I get to know who sells their list to spammers. This only works if you have your own domain or subdomain, but that's not a major problem these days...

    sil - 24th July 2003 17:54 - #

  4. I use Spamgourmet religiously now. Basically, you sign up at Spamgourmet.com with a username of your choosing and your real e-mail address, and then when a web site asks for your e-mail address you enter <something>.<#>.<username>@spamgourmet.com, where <something> is a word of your choosing associated with the site and <#> is the number of e-mails you want to receive at that address. So if I'm registering for, ehm, let's say the Days Of Our Lives Fan Forum and I knew they'd send one of those e-mail confirmations where you have to click on the link to confirm your registration, I'd enter something like daysforum.1.myusername@spamgourmet.com. So I'd get one and only one e-mail (the registration confirmation) at that address, and then no more, so if they sold the address to a thousand spammers afterward, it'd be useless to them. And if I'd set the number to more than one, I could check my inbox spam and see if it was them who put me on the list. The best advantage of this is that I signed up at Spamgourmet.com once and never had to visit the site again. If I want, I can go there and see some stats about messages received and do some maintenance, but I haven't had reason to do so yet.

    Jordan - 24th July 2003 20:15 - #

  5. Couldn't you just send an email out every six months to verify that the email address is valid? I mean these types of services can't possibly keep the email addresses valid for too long because they would simply get overloaded.

    Paul Scrivens - 24th July 2003 20:42 - #

  6. Paul -- not true. The mail server accepts mail at any address. It may be that the server dumps old mail (say, a month old), but that doesn't mean the server won't accept at the same old address a month later.

    Plus, you're adding to the spam abuse at that point. Imagine all the sites you've ever signed up for sending you an email "just to check" periodically. I know I'd stop using those sites, or at least block all email from them.

    Jeremy Dunck - 26th July 2003 17:24 - #

  7. Simon, There's a 3rd alternative, and it is, I think, the right solution. Identity on the web. There's lots of work going on for it. Obviously Passport was a ham-fisted land grab, but indentity doesn't have to be Corporate-ware, and it doesn't have to be Big Brother. It just has to provide some web of trust. This entry is pretty darned good at explaining what I mean: http://doc.weblogs.com/2002/12/31#mydentityOurdent ityVsTheirdentity

    Jeremy Dunck - 26th July 2003 17:39 - #

  8. Forgot to preview: Mydentity & Ourdentity vs. Theirdentity

    Jeremy Dunck - 26th July 2003 17:40 - #

  9. cvbc

    cvbcvb - 21st September 2003 13:34 - #

  10. n/a

    Lloyd - 2nd December 2003 15:15 - #

  11. If you own your own domain name and are hosting pretty much anywhere, there is a GREAT way to not only eliminate SPAM, but to also see WHO is violating their anti-spam policies and giving out your e-mail (even though you checked that little box telling them not to).

    Pretty much every modern mail server has the ability to have a "catch all" account - that is, an alias that will always forward any mail not intended for an existing address @yourdomain to a specific address. You could literally "hitabunchofkeys@yourdomain.com" and the message would be delievered to you.

    Using this, whenever you register for a site that requires an e-mail address enter thesitename@yourdomain.com. The message will be delivered to your primary Inbox, and you'll even see thesitename@yourdomain.com in the "To" field in Outlook/Outlook Express, and most other mail clients. Now, if you start receiving unwanted messages at that address, just set up a filter (server or client side) to delete the mail that comes to thesitename@yourdomain.com before it ever hits your screen :)

    Ever since I've been doing this, it's pretty much eliminated the SPAM. Once I see SPAM coming in, I immediately know who violated their own "we dont give out your email address" policy because the site name is right in the email address itself. Do what you will with this info!

    Ron

    iWebTrack.com

    Ron - 19th January 2004 05:28 - #

  12. I tend to use myTrashMail.com for all my temporary emails. Mailinator is not bad but its functionality is limited (no forwarding, deletion etc). Spamgourmet is also cool but I do not like to sign up any services with my own email address....Am I just too lazy? :)

    Anonymous Email - 12th May 2005 09:44 - #

  13. Hey, thanks for the comment about myTrashMail...its realy cool!

    Ben - 13th May 2005 05:01 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2003/07/24/mailinator

A django site