Forgot your password?
typodupeerror
Microsoft Spam Communications Privacy The Internet News

Hotmail Launches Accounts You Can Throw Away 286

Posted by timothy
from the at-last-a-feature-that-leads-gmail dept.
suraj.sun writes with this excerpt from CNET: "Today, Hotmail is getting a new feature aimed at 'e-mail enthusiasts,' which lets anyone create multiple e-mail accounts that can be read, replied to, and managed from their everyday e-mail inbox. These additional e-mail addresses can be had in the same manner as signing up for new accounts, but they require no extra log-ins or upkeep. ... The idea is to give users a safe way to provide third parties with an e-mail address, without giving up the address they've provided to family and friends, which, if compromised, can end the usefulness of that particular account. Each user will be able to create up to five aliases, any of which can be deleted and replaced with another at any time. Over time, Microsoft will increase that limit to 15 aliases per account, making it so that the true heavy users won't need to juggle between two or more Hotmail accounts."
This discussion has been archived. No new comments can be posted.

Hotmail Launches Accounts You Can Throw Away

Comments Filter:
  • Cool idea (Score:4, Interesting)

    by trollertron3000 (1940942) on Thursday February 03, 2011 @09:38PM (#35099398)

    I've used it elsewhere but integrated into a client like hotmail is a good idea. Besides, I already use hotmail for my spam address. Now Google, steal this please.

      • Re:Here. (Score:5, Informative)

        by Anonymous Coward on Thursday February 03, 2011 @09:44PM (#35099470)

        Interesting but not quite the same thing. If an account gets really jacked up then you would have to make another gmail account, remove the old one, then add the new one. Kind of a pain in the ass.

        With the Hotmail feature you simply delete the old one and make a new one right there. It's much more straightforward and quick.

        • by TheLink (130905)
          These throwaway hotmail accounts are too little too late for me.

          I get so much spam on my hotmail account that it's kind of my throwaway account already. Nowadays I only bother to check it once every few months :).

          In contrast my yahoo and gmail accounts don't get even the same magnitude of spam passing the spam filters.
          • by Z00L00K (682162)

            Wouldn't this be great for spammers too that needs to provide a verification email account?

            I'm just waiting for sites that sets up rule that verification can't be done through hotmail and that that you need to provide another email account.

            Those huge sites like hotmail and gmail are great catch-alls for spammers too.

        • Re:Here. (Score:4, Interesting)

          by Anonymous Coward on Friday February 04, 2011 @12:02AM (#35100398)

          I have a DynDns subdomain (free) for which I registered a Google Labs account (free) and set up Gmail (free). I get up to 50 Gmail accounts @ my DynDns subdomain. Adding or removing them is easy, and with multiple sign-in, switching between them is easy. Plus I can set them to forward messages to my main e-mail address.

          • by omglolbah (731566)

            I have a domain that forwards *@example.com to my gmail address.

            I sign up using the site name as the account-name whenever I have to provide one.

            When spam arrives from an email in annoying quantities I add a specific rule to send that email address into a dead account.

        • by mcvos (645701)

          With the Hotmail feature you simply delete the old one and make a new one right there. It's much more straightforward and quick.

          It is, but my email provider (xs4all.nl) has had that feature since forever. At least 10 years, I think. I have a simple list of all my email aliases, and can add and delete them as I like. It's still not anything new.

      • i believe stuff going to something#youremail@gmail.com will still get to you, so if you make up your own addresses for each site you can move all emails from that address to the bin if it gets spammy.
      • Much better is spamgourmet [slashdot.org]. There are several things which are key and are missing from the hotmail implementation.
        1. there is no master address; every address has a code.
        2. addresses are unilmited. This means you can use a separate email address for every correspondent. This means you can work out exactly which correspondent gave away your email address
        3. addresses last by default for 20 mails; enough for a simple correspondence, but not enough to fill your mailbox before you realise and delete the address
    • Re:Cool idea (Score:5, Informative)

      by Abstrackt (609015) on Thursday February 03, 2011 @09:42PM (#35099450)
      While not exactly an implementation of a throwaway address, you can use plus sign addressing (subaddressing, i.e. name+slashdot@gmail.com) with Google. I use it for every site I sign up on so I can see who gives out my email address so I can filter everything from that alias into the trash.
      • Re:Cool idea (Score:5, Informative)

        by Manfre (631065) on Thursday February 03, 2011 @09:49PM (#35099510) Homepage Journal

        I've encountered several sites that do not allow a + in the email address, or come even remotely close to implementing the RFC.

        This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx [haacked.com]

        • This is a worthwhile read and the regex was fun to implement. http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx [haacked.com]

          This is the regex that Mail::RFC2822::Address uses, which seems to be the most comprehensive: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html [ex-parrot.com]

          I have no idea how that was authored...

          In any case, probably the only 100% way to validate an email address is to accept any string and try to send an email with an "is-valid" link in it.

        • by mysidia (191772)

          I've encountered several sites that do not allow a + in the email address, or come even remotely close to implementing the RFC.

          Those (several) sites then are clearly broken; clear violation of the robustness principal as well.

          Basically, (anything)@example.com

          Is valid; providing the contents of (Anything) are recognized by (example.com) SMTP servers.

          There may be some quoting of special characters such as spaces required in (anything), required when using the e-mail address over SMTP; h

      • Re:Cool idea (Score:4, Insightful)

        by shutdown -p now (807394) on Thursday February 03, 2011 @10:00PM (#35099586) Journal

        Unfortunately, it still exposes your primary address. Whereas it seems that the reasoning behind this Hotmail feature is primarily privacy.

      • by garcia (6573)

        I worked for a college and coded around those filters to get at the real address. I'm sure any intelligent marketer would too.

      • Re:Cool idea (Score:5, Interesting)

        by Patoski (121455) on Thursday February 03, 2011 @10:23PM (#35099768) Homepage Journal

        While not exactly an implementation of a throwaway address, you can use plus sign addressing (subaddressing, i.e. name+slashdot@gmail.com) with Google. I use it for every site I sign up on so I can see who gives out my email address so I can filter everything from that alias into the trash.

        Additionally you can also place a period anywhere in the user portion of your email address and gmail will route it to your address.

        For instance, if your email address is "bufordpusser@gmail.com", you can also give out "buford.pusser@gmail.com", "b.u.ford.pusser@gmail.com", etc. and all of them will route to your original address.

    • by Cinder6 (894572)

      Gmail does have it, but you have to be using a custom domain to get the feature. I use it; it's nice. I'm not sure why it hasn't been integrated into the Gmail proper; usually, feature lag goes the other direction.

      • Re:Cool idea (Score:5, Informative)

        by Anonymous Coward on Thursday February 03, 2011 @10:11PM (#35099666)

        Do you mean the catchall? If so, yeah I do it too and love it.

        You get *@yourdomain forwarded to your inbox. Then you just make one rule in your filters. In the "has the words" box for filter creation, you put deliveredto:({[one],[two],[three],[four]})

        One, two, three, and four being @yourdomain "accounts" that are abandoned due to spam. Just tell gmail to send those directly to the trash, which keeps your spambox empty.

        It doesn't get any better than that. No need to create new email addresses, they all already exist. Just filter out the ones that start causing you trouble.

    • Re:Cool idea (Score:4, Informative)

      by Graff (532189) on Thursday February 03, 2011 @09:51PM (#35099522)

      I've used it elsewhere but integrated into a client like hotmail is a good idea. Besides, I already use hotmail for my spam address. Now Google, steal this please.

      Gmail already has had this feature for a long time. it's called plus-addressing [lifehacker.com]. You take your e-mail address, put a plus sign at the end of it and then add a phrase. For example:

      foobar@google.com
      foobar+slashdot@google.com
      foobar+amazon@google.com

      All of these will get sent to foobar@google.com and you can create a filter on each term (eg: filter on +slashdot) to send them into their own mailbox.

      • And as soon as I see your email in this format, I strip away the "+" part and have your original address which I can merrily spam.

        • Re:Cool idea (Score:4, Interesting)

          by Graff (532189) on Thursday February 03, 2011 @10:24PM (#35099778)

          And as soon as I see your email in this format, I strip away the "+" part and have your original address which I can merrily spam.

          Spam away on it, the original, no "+" address is to a spam mailbox.

          Only addresses with the "+" part go to actual mailboxes that I read. I never hand out the bare address to anyone.

          • A neat trick for sure. But now your "real" address (i.e. the one you give out to actual people) has a plus in it, making it slightly less readable, and possibly confusing people (or badly written apps that they use to email you).

          • by icebike (68054)

            Spam away on it, the original, no "+" address is to a spam mailbox.

            Only addresses with the "+" part go to actual mailboxes that I read. I never hand out the bare address to anyone.

            Spam on Gmail?
            I get virtually NO spam on Gmail that is not automatically detected and routed to the spam box.
            It is astoundingly accurate, and false positives are so vanishingly small I never bother to check the spam mailbox.

            I don't need to reserve the root name for a spam catch.

            • by Graff (532189)

              I get virtually NO spam on Gmail that is not automatically detected and routed to the spam box.

              Oh sure, this is just overboard paranoia-type stuff. I only do this on my "commercial" e-mail account. I have a separate e-mail account that is for friends and family where I don't bother with any of these kinds of tricks.

              • by icebike (68054)

                Actually Plus Addressing seems intermittently broken on Gmail of late.

                It seems if you access your Gmail from IMAP all bets are off with regard to the message actually ending up in any folder other than the inbox. Even message sent via gmail to gmail seem to fail the Plus Addressing for me.

        • by sxeraverx (962068)

          Except spammers are too lazy to implement this (for now). Any email address can be found and spammed, unless it's completely unused. The only way to prevent spam is to exploit spammers' laziness. As long as the majority of email addresses they buy don't use the '+' exploit, they won't notice, and even if they do, it will be cost-ineffective for them to strip out the '+' addresses.

          This is not a method to safeguard your privacy. It's a method to reduce your spam.

      • Re:Cool idea (Score:4, Informative)

        by Anonymusing (1450747) on Thursday February 03, 2011 @10:01PM (#35099596)

        There is actually a patent on something like this. AT&T developed it a long time ago, sat on it for a decade, then sold the patent to Zoemail (a now-defunct Internet startup) in the early 2000s, which then sold the patent to someone else. The advantage of the Zoemail/AT&T approach was that the "keyed" addresses would be created to each recipient you sent to, and they would know you by that keyed e-mail, but you could turn those off whenever you wanted. Or give them expiration dates. The keyed address would be listed in your address book with each recipient.

        It was a beautiful concept, frankly, but could have been implemented better.

        • by msauve (701917)

          There is actually a patent on something like this. AT&T developed it a long time ago, sat on it for a decade, then sold the patent to Zoemail (a now-defunct Internet startup) in the early 2000s, which then sold the patent to someone else.

          Then, there's no patent on it, or won't be very soon. Patent terms from that period were 17 years. "Early 2000s" should mean 2004 or before, so that's at least 10+7 (minus some number of month?) = expired.

      • by vux984 (928602)

        All of these will get sent to foobar@google.com and you can create a filter on each term (eg: filter on +slashdot) to send them into their own mailbox.

        Yes, I'm sure no one would ever think to actually strip out the +component out to get the real address, especially since its a documented feature.

        The hotmail alias system is more useful, because the real address can't be harvested trivially from address you give out.

        • by Obfuscant (592200)

          Yes, I'm sure no one would ever think to actually strip out the +component out to get the real address, especially since its a documented feature.

          And I'm sure that no one would ever think to use a +-form address as his main one and bit-bucket anything that doesn't have the + in it? Spam away at foo@example.com, my filter accepts email only to foo+something@example.com.

          The hotmail alias system is more useful, because the real address can't be harvested trivially from address you give out.

          I have no idea why this new hotmail thing is important, since I've never had any trouble creating throw-away hotmail addresses when I want them. They are so completely throw-away that I simply walk away from one when I no longer want it. I never see it again.

          • Many websites don't accept the plus in the email address field.

            Personally, I used to use mailinator, now I have a catch-all in my domain.

            • by Obfuscant (592200)

              Many websites don't accept the plus in the email address field.

              At which point I determine if my dealing with that website is valuable enough TO ME to open up my unplussed address for the short period of time it takes to deal with whatever email they are sending, or valuable enough to them that a complaint about their defective website will get around that error (if you call customer service, many times they can bypass the web nazi).

              Most of the stupid ones I deal with are demanding an email address so they an verify my registration, after which any email from them tru

          • by vux984 (928602)

            And I'm sure that no one would ever think to use a +-form address as his main one

            Oh I'm sure someone thought of it, and then promptly got frustrated at all the places it didn't work and/or got rejected.

            (Also, have you looked at the hassles involved in sending from a gmail plus address...)

          • Re: (Score:3, Funny)

            by Magic5Ball (188725)

            Then would you say that you are nonplussed about this feature?

      • by timeOday (582209)
        To make it work, you have to give a different email address to every website, every friend, every family member, so you could cut any of them off individually.

        I used separate throw-away (though functional) addresses for each website, but a single "real" one for all friends and family. Eventually, a friend's hotmail account was compromised, his address list scanned, and my "real" address was open to spam forevermore.

        • by Graff (532189)

          I used separate throw-away (though functional) addresses for each website, but a single "real" one for all friends and family. Eventually, a friend's hotmail account was compromised, his address list scanned, and my "real" address was open to spam forevermore.

          Yeah, you basically need to choose a balance between complete security and ease-of-use. I generally create categories of addresses and take the risk that one of the categories might get compromised. If that happens then I deal with it as best as possible by creating a new address for that category or just living with spam filtering on the old one.

    • This seems like the credit card number aliases that many banks offer, a temporary number that locks to the first merchant to use it. Hopefully it works out as well.
    • Besides , I thought it was Microsoft who stole ideas

    • i believe you can use a hash in your gmail to categorise the email, ie you can sign up to something with say ign#myemail@gmail.com and if it ever gets spammy just move email from that address to the bin
  • I guess... (Score:5, Funny)

    by msauve (701917) on Thursday February 03, 2011 @09:38PM (#35099400)
    this is the first time I've seen a Microsoft focused article after the /. redesign. Bill as Borg doesn't seem right - he's not even in charge any more. Where's Ballmer with a chair (and not sitting on it)?
  • Hrmmm (Score:5, Insightful)

    by WiglyWorm (1139035) on Thursday February 03, 2011 @09:40PM (#35099426) Homepage
    Isn't that what people do with their hotmail account anyway? Throw it away?
  • by Anonymous Coward on Thursday February 03, 2011 @09:44PM (#35099466)

    Now we're going to be emailing grandmacatherineandgrandpajohn1320924delta@hotmail.com

  • Own domain (Score:5, Interesting)

    by Dan East (318230) on Thursday February 03, 2011 @09:44PM (#35099472) Homepage Journal

    I've been doing a similar thing with my own domain / webserver for the last decade. I'll make up email addresses right on the spot, usually like "slashdot.org@mydomain.com" or "sprint@mydomain.com", etc. I have a catch all account that receives all emails to non-existent accounts, and I can split any of the addresses off into an actual account whenever needed (or disable it if it becomes inundated with spam). That was always one of the big perks of owning your own domain.

    • Re:Own domain (Score:5, Interesting)

      by SydShamino (547793) on Thursday February 03, 2011 @11:37PM (#35100254)
      Yup, I do exactly this for about the same length of time. The only difficulty is when I have to give an address to someone verbally, and they think I'm giving them a fake one since it's yourcompany@mydomain.com. I usually get around this by giving those people randomthreedigits@mydomain.com or similar. As it happens I've only ever lost one address this way to spam, but it was obvious right away who sold my address.
    • by sstamps (39313)

      Yep.. been doing this for a long time now. It actually made my email use enjoyable again. I simply don't get spammed anymore. If I start seeing spam come in on an address, I "cycle" it and give the person/company it was assigned to a warning. If they do it again, I don't give them another address.

  • Beaten to it? (Score:4, Interesting)

    by Firehed (942385) on Thursday February 03, 2011 @09:45PM (#35099488) Homepage

    This seems pretty similar to Gmail's aliasing - append anything after a plus sign to your email address (ex firehed+slashdot@gmail.com) and it goes to your main inbox. If that address is compromised, just filter anything addressed to that account.

    Microsoft seems to have a few advantages here, though. First, it's a lot more seamless. Second, there are tons of websites that incorrectly validate email addresses and treat + as an illegal character, which it is not (hell, you can go directly to an IP address instead of a domain, although nobody ever would), so by extension it's harder to use as a throw-away address. And third, it's pretty obvious you've done it, and websites can just s/\+[A-z0-9.-]+@gmail.com/@gmail.com/g it into oblivion.

    Of course, in order to get this functionality, you need to use hotmail. Aren't those already throw-away accounts by definition?

    • That is nice, but I've had experiences with websites that won't allow the + sign as part of an email address. Unfortunately, emails are one of the hardest things to validate with regex, and most implementations get it wrong.
      • From the comment you replied to:

        Second, there are tons of websites that incorrectly validate email addresses and treat + as an illegal character, which it is not (...)

        • by Obfuscant (592200)
          Plus there is at least one turnkey spam-filtering mail server system that has no clue what a + address is. It simply bounces everything that is not a literal match to a valid username.

          People who do not understand the RFCs for email should NOT be selling mail servers.

          • by LO0G (606364)

            Mod parent up +1 Funny. After all, if the parent had actually *read* the RFC, they would know that the RFC explicitly states [ietf.org] that:

            "Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address."

            That means that the spam filter is following the RFC. The + address is a convention of a number of email systems but Foo+Bar@do

            • by Obfuscant (592200)
              What you quote from the RFC has to do with INTERMEDIATE hosts modifying or interpreting the local parts of addresses, not the use of + addresses themselves.

              Unless you are maybe arguing that "MUST be interpreted and assigned semantics only by the host specified in the domain part of the address" really means that the "domain part host" is allowed to freely ignore any interpretation assigned by any RFC, since that host would be the only thing that can assign any. That would be a ridiculous interpretation, es

            • by Obfuscant (592200)

              That means that the spam filter is following the RFC. The + address is a convention of a number of email systems but Foo+Bar@domain.com and Foo@domain.com are unrelated email addresses according to RFC2822.

              BUSTED! The text you claim appears in 3.4.1 of RFC2822 does not appear therein, nor does it appear in RFC 5322. RFC5322 says:

              Note: A liberal syntax for the domain portion of addr-spec is given here. However, the domain portion contains addressing information specified by and used in other protocols (e.g., [RFC1034], [RFC1035], [RFC1123], [RFC5321]). It is therefore incumbent upon implementations to conform to the syntax of addresses for the context in which they are used.

              What you quoted comes from RFC5321 (SMTP protocol) para. 2.3.11, and is preceded by the following sentence:

              The standard mailbox naming convention is defined to be "local-part@domain"; contemporary usage permits a much broader set of applications than simple "user names".

              In other words, RFC5321 explicitly says that mailboxes (the local part of the email address) are much broader in scope than simple "user names" in contemporary usage. RFC5233 documents the use of + addressing and thus makes it an RFC (proposed) standard item. And none of the R

              • by LO0G (606364)

                Ok, I'l bite. Where in 5233 does it document the + addressing?

                The only text I could find about local-part has:

                The local-part portion is a domain-dependent string. In addresses, it is simply interpreted on the particular host as a name of a particular mailbox.

                There is text in 5231 about local-part:

                "local-part@domain"; contemporary usage permits a much broader set of applications than simple "user names". Consequently, and due to a long history of problems when intermediate hosts have attempted to

    • by artor3 (1344997)

      Those "few advantages" are the only valuable aspects. Plus addressing is borderline worthless, because it requires you to reveal your real address.

    • by dudpixel (1429789)

      but any human could see that if you remove everything after the +, you get the person's real email address. How long before spammers set up automated servers to do the same?

      hotmail's approach uses completely different email addresses, which is much better.

      I want this in gmail :)

    • To get around some of those issues you mention, I actually have two accounts set up: my main one, and my dummy one that I use with the + trick.

      The way I have it rigged, I give out my dummy one with a +whatever appended to any site that asks for an address. I have that account configured to forward everything with a +whatever to my main account, while holding indefinitely in limbo anything that lacks the +whatever. That way, if the sites ever do decide to just remove the +whatever and spam me, it'll all go i

  • Always Microsoft realizing last the good internet ideas. Probably they are the last ones left on the world that didnt throwed away their hotmail account yet.
  • by MrKaos (858439)
    I wonder if they are still using the BSD backend that Hotmail originally used?
  • God, Yahoo had this for years! This is quite lame :S
  • I for one, welcome our new throw-away email overlords.
  • (Blatant plug) Our product [roaringpenguin.com] has had this for years, only we do it properly. Our feature is called "Locked Addresses" and it works like this:

    • The system generates a random email address using a strong random-number generator. The address is unlikely to be guessed.
    • Initially, the address is in the "unlocked" state.
    • The very first time the system receives a message for the address, it locks to the sending address or domain (your choice.)
    • If anyone else tries to use the address (ie, someone other than the loc
  • by dmomo (256005) on Thursday February 03, 2011 @11:10PM (#35100112) Homepage

    I threw away my hotmail account 10 years ago.

  • What am I missing here? Hotmail accounts are throw away in the first place but what's the big deal about email aliases? My ISP has had this forever.

  • Similar to the "put periods anywhere in your e-mail address" and "put a + followed by anything" features offered by Google, this Hotmail feature will soon be exploited by forum spammers to create a multitude of e-mail addresses without having to solve captchas.

    One of the few weapons that forum maintainers have in their anti-spam arsenal is to be able to collaboratively blacklist e-mail addresses, IP addresses, and usernames. This feature would further hinder blacklisting by e-mail address, in a manner even

  • Mailinator has been providing me this service for years. AFAICT they get by on a very unobtrusive banner at the top of their home page, donations, and perhaps some funding from their corporate parent which presumeably also finds the service useful. I guess it doesn't take too much money to run such a service. They're obviously dumping spams into the bitbucket after a timeout, and limiting the size of the messages (most spam is small anyway). The only problem I've had is that a few parties filter them;

  • by okmijnuhb (575581) on Friday February 04, 2011 @12:01AM (#35100384)
    Hotmail IS my junk mail account!
  • So they've invented a less useful spam gourmet? They have only been doing this for what, 7, 8 years now?
  • And spamgourmet [spamgourmet.com] has been doing something like this as well, but better and more anonymously:

    1. If you haven't done it yet, create a spamgourmet account. Enter your user name and the email address you want to be protected. You will be asked to identify the word in a picture and pick a password.
    2. Spamgourmet will forward to this address all the emails sent to your spamgourmet disposable addresses -- that way you don't have to tell anyone else what it is -- this is why it's called the protected address. Of course,
  • Hotmail has had accounts you can throw away for years. Just ask every porn site I've ever signed up for.
  • I've been using Sneakemail [sneakemail.com] for years now. The concept is the same, and it really works well. I love being able to delete an email address that someone started spamming, after they got my address by making me sign up just to get a quote for some service I never ended up buying anyway.
  • I've done that already the minute Hotmail was bought by Redmond.

    Wouldn't want to repeat it.
  • We're not eliminating the root cause here, are we? It sounds like more places or new names for 'Trash bin'.

    It's like the terrorists had won

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel

Working...