SpamMotel – best solution yet

Topic

New Reply

I forgot whether I read this in NNT or Naked PC, but I’ve been using SPAMMOTEL. This is a great way to end spam. Basically, you download a free front end, that connects you to their site. Their site generates email addresses on demand. Whenever you have to fill out a form, buy something, register on a website, you generate a unique email address, with a one liner that tells you what it’s for.

All email goes to their website, which forwards the email to your true email address. If you start getting spam, you go to their site & delete the email address. It works best, of course, if you get rid of your old email addresses & start fresh. You can find it at http://www.spammotel.com[/url%5D.

Reply | Quote

Replies

Sounds an awful lot like Sneakemail. I’ve been using that myself, and it looks as though the principle is the same. Now I’m going to have to give SM a whirl to see if it’s better!

Reply | Quote

It also sounds a lot like the service I use – Spamgourmet. Create disposable email addresses on the fly whenever they are needed. Since I started using it some time ago they’ve also added a handy feature that allows replies to be sent back through their service, for when a site needs an email confirmation. Reply from your own mail program and the message goes to Spamgourmet first, where the headers are re-written (yes, it looks like a forged header) before being sent on to the intended recipient.

One interesting point though, is that so far I have not had any indication that these bogus addresses have gotten into circulation beyond who I had originally given them to. Good luck in only dealing with respectible sites? Since I dumped Yahoo my spam count has dropped to almost none.

Reply | Quote

Oh, I did get a chance to test it…. Some fella in China wanted me to buy high quality gears. Evidentlyhe had combed my email address from a forum on the website, since I had posted a few comments here and there. Haven’t heard from him since, and I notified the site that this fool was collecting email addresses from them.

Reply | Quote

Mark ~

Regarding theses spam ‘filter’ options, it seems that it may be a lot of extra hassle to go through what doesn’t seem to amount to that much. I am getting that you use these apps for one-maybe-two times to fill out forms on the web then dump the address from the host site once spam arrives, yes? Is it really worth the effort and time to generate, keep track of, manage, and delete these addresses? Isn’t it about the same amount of time spent but at the front end? Now, by comparison, I guess I don’t receive that much junk, just perhaps 20 or so a day of your garden variety porn, mortgage and ‘free’ stuff. I rarely sign up for anything – how else are they procuring my address? How do you address the issue of those you may require contact from w/ a particular address if you delete it due to spam receipt, especially if you have really no idea of what address you used for whoever on whichever day??

Reply | Quote

Lemme give you a taste of something I did. For the past two NFL seasons, I participated in a fantasy league at Sandbox.Com and I suppose I’ll do it again this year (soon). I LOVE playing fantasy NFL football! Since I had been warned ahead of time, I setup a pseudo email address at my alhoffman.org domain and filtered it to vaporize. Well, both seasons I received an average of 20 to 30 emails a DAY at that address, from a ton of peddlers and you can’t even contact Sandbox.Com to complain about their giving away/selling of email addresses. This year, I’ll probably use Mailwasher to “bounce” those messages and see what happens.

I realize this has no relevance to anything sane, I just wanted to get it off my chest! Whenever I buy something through a vendor on the internet, or am otherwise required to “register” at some web site (like the Chcago Tribune) I ALWAYS use one of my pseudo email addresses, so that If I start getting a lot of spam to that address, not only do I vaporize it, but I know to STAY AWAY from that web site in the future. It does NO GOOD to complain to anyone or any site! When I first started to use The Lounge, I put in an email address of AEH_WOPR@ALHOFFMAN.ORG but I realized right away that that wasn’t necessary! Obviously!

Reply | Quote

Bruce, I’ve suggested these tools to others because spam is a real pain in the rear for many people, and it could be of use to someone else. I can’t say if the effort is worth it or not. I don’t get a lot of spam because I take steps to prevent my main email address from getting out there to begin with.

That doesn’t mean I’m safe, though. Spammers harvest e-mail addresses from:

• Fooling you when you click “click here to unsubscribe”
• Scripts that run in HTML mail and shout out “got a live one here”
• Chat rooms, discussion forums, Web sites, portals.
• AOL user profile lists.
• Corporate Web site e-mail directories.
• Internet white/yellow pages.
• CD-ROM list purchases.
• Trading and selling.
• Pinging mail list servers to request mailing lists.
• Extracting addresses from Web browsers via anonymous FTP or Java script.
• Using an Ident daemon or Internet Relay Chat client.
• Chain letters hoaxes that require a reply to get a free gift.
• Headers that browsers send to the Web server visited.
• Finger daemons that query for logon names of specific users on that host.
• Guessing addresses, then monitoring for returned mail and errors.
• Using software that auto-generates e-mail addresses (john@xyz.com, johna@xyz.com, johnb@xyz.com).
• Modifying mail headers to request a delivery confirmation from the mail system or client.
• Removing protective phrases added to e-mail addresses to avert harvesting.[/list]And this list will change tomorrow, next month, and next year. There will always be a new way to harvest your address and new ways to combat the junk.

Reply | Quote

I ain’t Bruce, but…..

AMEN, Brother! You go Guy!

Reply | Quote

That’s a pretty good list of how they get addresses to begin with, but here’s a couple of tricks that I’ve heard are now being used to confirm that they have managed to find a real, live address to continue to spam.

• Return receipts – Spam sent out to request a return receipt from the recipient. The default setting for Outlook, I do believe, is to automatically handle such requests. This could easily reveal your real address to the spammer despite the spam having been sent to a ‘dummy’ address and then forwarded to your real address.
• Web beacons – Virtually invisible 1×1 pixel graphics downloaded when you open html email. While offensive, most just give away your ip address as the host computer sees where the beacon is being pulled to. The more insidious ones that spammers tend to use attach your emal address to the request, therefore they know exactly which messages to which email addresses are being viewed. Preview in Outlook and they’ve got you.
  [/list]

Reply | Quote

Hi David:
Do you know if it’s possible to avoid the confirmation by the invisible 1×1 pixels. What I do is after my messages are downloaded from the server, I go offline to open up the suspicious ones, & then delete it before going back online. Do you know if that avoids the “confirmation”?

Reply | Quote

If the message is really suspicious I will preview it in Mailwasher (right click, ‘View Complete Header’, with ‘Display full header and message source’ checked). You can read all the html source and see if there are any of these tracking bugs hidden within. So long as the message isn’t too long, or composed entirely of image pieces that ‘reassemble’ into the actual message, you can also get away with reading the message online without triggering any bugs.

For actual web pages, I have Proxomitron replace any 0x0 through 2×2 graphics with its own transparent gif, killing web bugs while keeping the page formatting intact… but unfortunately this doesn’t work with email.

Reply | Quote

Tell us about Proxomitron?

Reply | Quote

[indent]

---

Tell us about Proxomitron…

---

[/indent]

A comprehensive application to control pop-up adverts, banners and cookies when visiting web sites. The beta version is probably the best version to get.
#67, my site. Don’t click the Home link.

Click My Sig

Reply | Quote

Ah. I’m happy enough with AdAware and NoAds.

Reply | Quote

Sadly, though, email headers in spam are often forged, and viewing the header information doesn’t provide much help. I wonder if an email to the MailWasher folks suggesting this would have any impact? For non-technical users reading the source might be a scary proposition too – and particularly for folks who don’t know HTML (or any other code).

I found Proxomitron to be very intrusive and hard to configure. Agnitum’s Outpost firewall does a lot of the legwork for me, but it doesn’t seem to mention anywhere whether or not it handles web bugs. I seem to remember that ZoneAlarm 3.x does that. Outpost’s filtering excellent but they need to clean up the user interface and explain the functions a bit better.

Edited to add the following:
I dug a bit deeper into Agnitum’s website and found some useful information for adding specific ad sizes at the following URL: http://www.agnitum.com/forum/showthread/?threadid=3566%5B/url%5D

Seems the feature is there….just not easy to find. And most certainly not for the average user who doesn’t feel comfortable digging in their software’s settings.

Reply | Quote

If you are offline, you should get the red X instead of the mini-gif. That is a good strategy, as long as Outlook doesn’t auto-dial.

Reply | Quote

Mark ~

I agree that spam is a pain in the hinder for many people and I certainly don’t like to see Farmsl*** in my inbox every other day. My query wasn’t critical or rhetorical, I was asking. I have had Mailwasher for awhile now but haven’t installed it. I guess what I was trying to ask was considering I have little or no idea how this software works and the work required to set up and monitor yet another program taking up residence on the local, at what point is there a breakpoint or payoff or fair exchange or whatever where one determines it is worth it – 20 e-mails? 40? 90? 150? At this point it seems, for me – now – that it is easier to delete what I get. If I were to go to the extreme of performing a cost/benefit analysis figure, it might not seem justifiable in time, labor, and resources….but then I don’t know what is required to handle that spam. I suppose I was looking to read rave reviews of simplicity, ease and worthiness as occurred w/ AVG. I guess didn’t wanna be guinea pig this go around.

Reply | Quote

That was a point that I had hoped to make – that there is no magic number of spam that makes a utility to fight it worthwhile, and that no one tool is 100%, nor will it ever be. If deletion works better for you – excellent! One less program sucking up resources. My solution for now is to use Sneakemail. I like this solution because I can instantly determine who sold me out if crap shows up in my inbox. Of course I calmly and politely tell them what I think after I discover this too. Really, I do. The real solution is to do what works for you as an individual.

Reply | Quote

I went to visit Sneakemail to check it out but found no mention of bouncing. Does it bounce? Or is ‘damming’ bouncing? Or just a hold until you decide what to do?

Reply | Quote

No, it doesn’t bounce. The mail-dam is a holding area of sorts. It’s more for disposable email addresses than anything else – it comes into your normal inbox, and you can see in the message header who it came from. You reply the same way, and remain anonymous.

Reply | Quote

Hi Bruce
[indent]

---

….I have little or no idea how this software works…

---

[/indent]
Mailwasher, PopCorn and similar are e-mail clients which for the time being replace OE and so on. They read the headers of the messages waiting for you on your POP server(s) and print them out as a list, without actually having downloaded anything to your system. You can then prune the list, consigning to oblivion any that are unwanted or in any way suspicious. You can set the client to ignore messages from known and acceptable sources (‘friends’) and also to do the opposite.
Personally, I do not use the ‘bounce’ – if the sending back is unsuccessful (as it often is) you get a message in your Inbox telling you, thus increasing the clutter. Maybe someone will tell me how they turn it off….
As far as infections go (as distinct from spam) I’m not sure you need to go through the hassle. Simply set your OE or whatever to use only ‘text’ messaging (i.e. not HTML – which is where nasties can lurk) and NEVER open an e-mail attachment – Save it to disk and run your VS over it first. Even if the sender is your own mother, still do this : worms can infect people without their knowledge, and this can be passed on inadvertently. I suggest you visit my site, click the Attack and Defence button and read the page.

Click My Sig

Reply | Quote

OK. Here’s a challenge for you guys, because I sure don’t understand it. After all this discussion of all the possible avenues of exposure I have to ask.

I don’t get spam.

I do get some solicited advertising e-mail, but not spam. My public e-mail is through remailer pobox.com, which appears to run some kind of filter/metering system (I get spam rankings) , and my actual ISP has a yahooligans filter which I have never tweaked. I use Outlook at home. I don’t hang around chat rooms or porn sites.

Why don’t I get spam?

(NO, of course I’m not looking to get spam, but based on this thread I’m astonished that I don’t.)

Reply | Quote

John, if I had to guess, I would say that it’s because you don’t give out your email address willy-nilly to any old website that asks for it. I myself zealously guard my main mailbox so that it doesn’t wind up in the hands of bulk mailers. I don’t get much myself. In fact, since I changed addresses two years ago, I don’t believe it’s happened more than a few times. But I do get it at the office, and amazingly did so in the first week. Dictionary spam, this is – our company’s domain is in someone’s database, and they just hammer away with different variations on email handles. Just goes to show how creative they are since my last name is very uncommon and even people who know me can’t spell it right (the hardest five letters in the English language to pronounce, I declare).

But, sure as nightfall, you’re suceptible to it. Since you don’t bother with chat rooms and porn sites, you’re less at risk – but I think the real reason is probably because you’ve taken preventive measures from the get-go.

Reply | Quote

Hi John:
I’m jealous–no spam. Actually, I get very little spam & I don’t go to porn sites or chat rooms. In fact, most of my time online is either reading email or here in the Lounge. I get about 2-6/day, which are filtered into my trash. I’m guessing that the stuff I do get is because of freeware/shareware that I’ve downloaded & probably missing the opt-out box when I go to buy something. I think by using SpamMotel or one of the similar sites, I’m hoping to reduce it even more.

I’ve never changed my email address, so I’ve had it about 4 years. I’d hate to change it & have to redo all my subscriptions, etc. Wish I had your situation, though.

Reply | Quote

Hi Mark:
Yes, it is. Thanks for this additional site for producing disposable addresses (& David, thank for one more site). I like to keep a list because you never know when one will go belly up or start charging (I can’t figure out how they keep in business anyhow; there seems to be nothing to sell). I hope that websites don’t start blacklisting email addresses from these sites. I do recall not being able to use a hotmail account for ordering once.

Cheers,

Reply | Quote

Phil, I can tell you one site that doesn’t like Sneakemail, at least – eBay. Some sellers will refuse to deal with you if you have a disposable email address. In those cases I just offer up my Hotmail address, which is set to exclusive since it’s a spam-o-rama anyway. I advise them of this before the transaction so that I can add the correct recipients to the safe list, and anything from ebay.com will also go through. I can’t recall which site refused my ability to sign up with a Sneakemail address, but I do remember that it wasn’t good enough for one of them….so I took my business elsewhere. I have a right to protect my inbox.

I know I’m not David, but if you delete suspicious messages offline, they won’t talk to the mothership. That will only happen with a live connection to the net, and when you are viewing the message. A while back Woody also mentioned the need to disable scripting in HTML mail, which is not the default in most versions of Outlook – I believe OLXP is the only version that does so by default. Those invisigle 1×1 pixel images that David was referring to have been around for a long time on normal web pages – if I’m not mistaken, the term used to refer to them is “web bug”. Both Outpost and Zonealarm will defeat web bugs but are vague on just what they mean by that.

HTH,

Reply | Quote

Hi Mark:
Thanks for all the information.

I got rid of hotmail after I read Woody’s article about how they changed the preferences. It got so all my messages there were spam. I can’t recall when, but when I bought some software directly from a manufacturer, they wouldn’t let me use a hotmail account. But knowledgeable users who want to fight spam are still a small minority. I can’t even get my family to delete the 100s of forwarded names before passing on junk.

I use Netscape Messenger for mail (an old version…4.75) so I haven’t had too many problems. I’ve disabled “javascripting for news & mail” & never click a suspicous message while online. The only thing I can’t do with Messenger that I would really like is color code message subjects & change the subject headings (sometimes it’s nice to save messages, but having one that says “…on the other hand” isn’t too useful.

Reply | Quote

I’ve run across some newsletter services that ‘refuse’ subscriptions to any web-based email accounts, for very well developed reasons. What they wanted was an ISP-provided email address or they wouldn’t accept the subscription request. I did find that this may not always be an absolute truth despite what the site says – I managed to subscribe with my web-based myrealbox.com account without any difficulty. I suspect that the main sources for disposable addresses (Yahoo, Hotmail, and other ‘mainstream’ services) were blacklisted, but not the lesser-known ones.

Reply | Quote