spam-proof email address

Discussion in 'NZ Computing' started by will, Sep 7, 2004.

  1. will

    will Guest

    hi,

    i'm setting up an email address exclusive to GPRS access, naturally i
    don't want any spams to get there.

    what's the best approach to prevent easily guessable email address, as
    it's a common practice for spammers nowadays. any special
    combination/length of characters that spammers don't usually bother?

    thanks

    will.
    will, Sep 7, 2004
    #1
    1. Advertising

  2. will

    Harry Guest

    will wrote:

    > hi,
    >
    > i'm setting up an email address exclusive to GPRS access, naturally i
    > don't want any spams to get there.
    >
    > what's the best approach to prevent easily guessable email address,


    .... maybe to use an un-guessable email address?

    > as it's a common practice for spammers nowadays.


    Really? So home come they haven't guessed my 2 character email address yet?

    > any special combination/length of characters that spammers
    > don't usually bother?


    Spammers don't sit there manually trying to hit your email address.
    But apparently they don't bother with the letter 'u'.

    Here is an email address for you:

    Harry, Sep 7, 2004
    #2
    1. Advertising

  3. will

    Gurble Guest

    On Wed, 08 Sep 2004 10:23:29 +1200, Harry <> wrote:

    >
    >> any special combination/length of characters that spammers
    >> don't usually bother?

    >
    >Spammers don't sit there manually trying to hit your email address.
    >But apparently they don't bother with the letter 'u'.


    They DO use forms of dictionary attacks, knob.
    Gurble, Sep 8, 2004
    #3
  4. will

    Evil Bastard Guest

    will wrote:
    > hi,
    >
    > i'm setting up an email address exclusive to GPRS access, naturally i
    > don't want any spams to get there.
    >
    > what's the best approach to prevent easily guessable email address, as
    > it's a common practice for spammers nowadays. any special
    > combination/length of characters that spammers don't usually bother?


    AFAIC, the only ways to have a truly spamproof email address will
    involve some inconvenience to your correspondents.

    (Note that M$'s patent-encumbered 'caller-id' system is actively being
    used by spammers, so has fallen way flat on its expectations).

    Some approaches I can think of:

    1. get or set up a whitelist-based address
    - there are server-side and
    client-side software packages such as Active Spam Killer; also there
    are various free and non-free hosted services
    - cost of this is that the first time someone sends you email, they
    receive a 'please confirm' message
    - downside is that many users get offended by need to confirm, or if
    they're they AOL/Xtra type, they don't even understand the please
    confirm; either way, they end up not confirming

    2. make people send you messages via a web page
    - you don't disclose your email address
    - instead of giving out your email address, you give people a web
    address, which allows them to key in a message onto an HTML form, and
    click 'Send' (like sending via Hotmail) - this is used on a lot of
    websites these days in lieu of a contact email address
    - downside is that it doesn't allow people to send you email via their
    email client. This will tend to confuse Xtra/AOL types

    3. set up (or get access to) a mail server which requires hashcash
    tokens for each message sent.
    - downside is that it requires support in your correspondents' email
    clients and/or smtp servers

    4. any others?

    --
    Cheers
    EB

    --

    One who is not a conservative by age 20 has no brain.
    One who is not a liberal by age 40 has no heart.
    Evil Bastard, Sep 8, 2004
    #4
  5. will

    David Guest

    On Wed, 08 Sep 2004 11:57:18 +1200, Evil Bastard <>
    wrote:

    only way to stop spam emails is by using BBS email systems
    i never ever see any spam from the emails i get from BBS's.

    David

    >will wrote:
    >> hi,
    >>
    >> i'm setting up an email address exclusive to GPRS access, naturally i
    >> don't want any spams to get there.
    >>
    >> what's the best approach to prevent easily guessable email address, as
    >> it's a common practice for spammers nowadays. any special
    >> combination/length of characters that spammers don't usually bother?

    >
    >AFAIC, the only ways to have a truly spamproof email address will
    >involve some inconvenience to your correspondents.
    >
    >(Note that M$'s patent-encumbered 'caller-id' system is actively being
    >used by spammers, so has fallen way flat on its expectations).
    >
    >Some approaches I can think of:
    >
    >1. get or set up a whitelist-based address
    >- there are server-side and
    > client-side software packages such as Active Spam Killer; also there
    > are various free and non-free hosted services
    >- cost of this is that the first time someone sends you email, they
    > receive a 'please confirm' message
    >- downside is that many users get offended by need to confirm, or if
    > they're they AOL/Xtra type, they don't even understand the please
    > confirm; either way, they end up not confirming
    >
    >2. make people send you messages via a web page
    >- you don't disclose your email address
    >- instead of giving out your email address, you give people a web
    >address, which allows them to key in a message onto an HTML form, and
    >click 'Send' (like sending via Hotmail) - this is used on a lot of
    >websites these days in lieu of a contact email address
    >- downside is that it doesn't allow people to send you email via their
    >email client. This will tend to confuse Xtra/AOL types
    >
    >3. set up (or get access to) a mail server which requires hashcash
    >tokens for each message sent.
    >- downside is that it requires support in your correspondents' email
    >clients and/or smtp servers
    >
    >4. any others?
    >
    >--
    >Cheers
    >EB
    David, Sep 8, 2004
    #5
  6. In article <>, T-Boy <> was seen to type:

    >Make all email addys quite long - firstname.lastname often does that.
    >
    >If using firstname.lastname as your main addy - then don't put your
    >firstname & lastname in things like - um.. well newsgroups :) -
    >websites, etc. Use a false name or psuedo/nick name.


    Better not to use names. They are sometimes "guessed" by spammers.

    >Try to avoid the whitelist method - you stick to the above, you won't
    >get any spam. (I don't reply to whitelist invites if folk employ that
    >method, and unless they check their whitelist logs (whatever) they'll
    >have no idea I've tried to email them, and won't be trying again. I
    >can't be bothered with this sorta chit.)
    >

    Agreed. These people are trying to make their problem into my problem
    ... and it isn't :)



    Bruce


    -----------------------------------------------------------------------
    It was so much easier to blame it on Them. It was bleakly depressing to
    think that They were Us. If it was Them, then nothing was anyone´s fault.
    If it was Us, what did that make Me ? After all, I´m one of Us. I must be.
    I´ve certainly never thought of myself as one of Them. No-one ever thinks
    of themselves as one of Them. We´re always one of Us. It´s Them that do
    the bad things. <=> Terry Pratchett. Jingo.

    Caution ===== followups may have been changed to relevant groups
    (if there were any)
    Bruce Sinclair, Sep 8, 2004
    #6
  7. will wrote:
    > what's the best approach to prevent easily guessable email address, as
    > it's a common practice for spammers nowadays. any special
    > combination/length of characters that spammers don't usually bother?


    random charactors, not a real word or name, not made public at all,
    including your own "address book".

    --
    Dave Hall
    http://www.dave.net.nz
    Dave - Dave.net.nz, Sep 8, 2004
    #7
  8. will

    AD. Guest

    On Wed, 08 Sep 2004 11:57:18 +1200, Evil Bastard wrote:

    > (Note that M$'s patent-encumbered 'caller-id' system is actively being
    > used by spammers, so has fallen way flat on its expectations).


    You say that like it's a bad thing.

    SPF and SenderID aren't for blocking spam, they are for stopping them
    spoofing valid domains. Even if that didn't end up reducing spam levels,
    it still helps out against joe jobs and spam/virus backscatter.

    Spam won't be stopped with any magic bullet solution, it will require an
    arsenal of tools that each make it harder and more expensive for spammers
    to operate.

    Greylisting and SPF like solutions help force spammers out into the open
    where they can be blacklisted easier. None of these solutions will stop
    spam by themselves, but are aimed at stopping them evade other techniques.

    Cheers
    Anton
    AD., Sep 8, 2004
    #8
  9. will

    T-Boy Guest

    In article <413e3175$>, says...
    > hi,
    >
    > i'm setting up an email address exclusive to GPRS access, naturally i
    > don't want any spams to get there.
    >
    > what's the best approach to prevent easily guessable email address, as
    > it's a common practice for spammers nowadays. any special
    > combination/length of characters that spammers don't usually bother?


    Setup an email addy for you that will be your "main" (protected) addy.
    Look after it, don't stick it on webpage sign ups etc etc.

    Setup some disposable addys for web signups, listservers, etc. Dump
    them if you get spammed on them and create a new one (attempt to find
    out (maybe) where the spam came from (or how, I guess) and don't sign up
    on that site/listserver again).

    Make all email addys quite long - firstname.lastname often does that.

    If using firstname.lastname as your main addy - then don't put your
    firstname & lastname in things like - um.. well newsgroups :) -
    websites, etc. Use a false name or psuedo/nick name.

    Try to avoid the whitelist method - you stick to the above, you won't
    get any spam. (I don't reply to whitelist invites if folk employ that
    method, and unless they check their whitelist logs (whatever) they'll
    have no idea I've tried to email them, and won't be trying again. I
    can't be bothered with this sorta chit.)

    --
    Duncan
    [spam free for 'bout 3 years now - no filters, no spam catchers (local
    or ISP or server based)]
    T-Boy, Sep 8, 2004
    #9
  10. In article <>, T-Boy <> was seen to type:
    >In article <udt%c.2614$>,
    > says...
    >> In article <>, T-Boy

    > <> was seen to type:
    >>
    >> >Make all email addys quite long - firstname.lastname often does that.
    >> >
    >> >If using firstname.lastname as your main addy - then don't put your
    >> >firstname & lastname in things like - um.. well newsgroups :) -
    >> >websites, etc. Use a false name or psuedo/nick name.

    >>
    >> Better not to use names. They are sometimes "guessed" by spammers.

    >
    >Sure, you are still subject to dictinary attacks, but firstname.lastname
    >(if your real names are about that lenght and not *really* common names)
    >- then I don't think they'll be a problem. (Count of
    >"firstname.lastname"@ domain is 18 chars - I'd say that's sufficient)
    >
    >If your name is John Smith - ok, yer gotta prob :)


    I suggested this because I have seen names of about the 18 charcter
    mark guessed :) YMMV of course ... but I still say, better
    not a name. notanother name@ .... :)



    Bruce


    -----------------------------------------------------------------------
    It was so much easier to blame it on Them. It was bleakly depressing to
    think that They were Us. If it was Them, then nothing was anyone´s fault.
    If it was Us, what did that make Me ? After all, I´m one of Us. I must be.
    I´ve certainly never thought of myself as one of Them. No-one ever thinks
    of themselves as one of Them. We´re always one of Us. It´s Them that do
    the bad things. <=> Terry Pratchett. Jingo.

    Caution ===== followups may have been changed to relevant groups
    (if there were any)
    Bruce Sinclair, Sep 8, 2004
    #10
  11. will

    will Guest


    > Better not to use names. They are sometimes "guessed" by spammers.


    #### yes that's what worries me. i have about 10 domain names, their
    catch-all accounts all go into one mailbox and i receive daily spams
    with different combination of characters attached to those domain names.
    others non-catch-all mailboxes are usually spam-free because i don't
    post them publicly.

    i guess either very short or long emali address are relatively safer? i
    shall try "" and "" for a
    few weeks and see how they do :)

    thanks

    will.
    will, Sep 8, 2004
    #11
  12. In article <>, T-Boy <> was seen to type:
    (snip)
    >> I suggested this because I have seen names of about the 18 charcter
    >> mark guessed :) YMMV of course ... but I still say, better
    >> not a name. notanother name@ .... :)

    >
    >Sure. Yet Dave recently posted how his quite shortish name combo
    >remained spam free. It is somewhat difficult to know where to draw the
    >line - between ease of use and readability (in terms of how it look on a
    >biz card and how your mates will remember your addy) vs not being found
    >by dictionary or combination name guess attacks.


    Yep. Only one sure thing ... you will always make the wrong choice :)



    Bruce


    -----------------------------------------------------------------------
    It was so much easier to blame it on Them. It was bleakly depressing to
    think that They were Us. If it was Them, then nothing was anyone´s fault.
    If it was Us, what did that make Me ? After all, I´m one of Us. I must be.
    I´ve certainly never thought of myself as one of Them. No-one ever thinks
    of themselves as one of Them. We´re always one of Us. It´s Them that do
    the bad things. <=> Terry Pratchett. Jingo.

    Caution ===== followups may have been changed to relevant groups
    (if there were any)
    Bruce Sinclair, Sep 8, 2004
    #12
  13. will

    T-Boy Guest

    In article <udt%c.2614$>,
    z says...
    > In article <>, T-Boy <> was seen to type:
    >
    > >Make all email addys quite long - firstname.lastname often does that.
    > >
    > >If using firstname.lastname as your main addy - then don't put your
    > >firstname & lastname in things like - um.. well newsgroups :) -
    > >websites, etc. Use a false name or psuedo/nick name.

    >
    > Better not to use names. They are sometimes "guessed" by spammers.


    Sure, you are still subject to dictinary attacks, but firstname.lastname
    (if your real names are about that lenght and not *really* common names)
    - then I don't think they'll be a problem. (Count of
    "firstname.lastname"@ domain is 18 chars - I'd say that's sufficient)

    If your name is John Smith - ok, yer gotta prob :)

    --
    Duncan
    T-Boy, Sep 8, 2004
    #13
  14. T-Boy wrote:
    > Sure, you are still subject to dictinary attacks, but firstname.lastname
    > (if your real names are about that lenght and not *really* common names)
    > - then I don't think they'll be a problem. (Count of
    > "firstname.lastname"@ domain is 18 chars - I'd say that's sufficient)


    I used to use and it worked spam free for ages...
    that it until it got on a few people address books and I started to get
    virus spam.

    I would think that Dave and Hall are fairly common names, I have read
    26th most common males name in the english language, and for that matter
    I know of 5 others... only one being a reletive.

    --
    Dave Hall
    http://www.dave.net.nz
    Dave - Dave.net.nz, Sep 8, 2004
    #14
  15. will

    T-Boy Guest

    In article <413e62a8$>, says...
    >
    > > Better not to use names. They are sometimes "guessed" by spammers.

    >
    > #### yes that's what worries me. i have about 10 domain names, their
    > catch-all accounts all go into one mailbox and i receive daily spams
    > with different combination of characters attached to those domain names.
    > others non-catch-all mailboxes are usually spam-free because i don't
    > post them publicly.
    >
    > i guess either very short or long emali address are relatively safer? i
    > shall try "" and "" for a
    > few weeks and see how they do :)


    Let us know how you get on.

    re Websites and addys, I use Javascript to display addys - I think it's
    better than an image of an addy (an image isn't clickable (as the
    underlying source will disclose the addy), nor is it "swipeable" for
    users to copy 'n paste).

    An ex.
    <a href="mailto:">
    </a>

    becomes...
    1.
    <script Language="JavaScript" Type="text/javascript"><!--
    function returnaddy1() {
    partA = "<a href='mai"
    partB = "lto:f"
    partC = "irstname.l"
    partD = "astname@"
    partE = "domain.c"
    partF = "o.nz'>firstnam"
    partG = "e.lastname"
    partH = "@dom"
    partI = "e.lastname"
    partJ = "ain.c"
    partK = "o.nz</a>"
    msg = partA + partB + partC + partD + partE + partF + partG + partH +
    partI + partJ + partK
    return( msg )
    }
    {
    document.write (returnaddy2())
    }
    //--></script>


    2. supports many addys maybe
    <script Language="JavaScript" Type="text/javascript"><!--
    function returnaddy(first, last, domaina, domainb) {
    partA = "<a href='mai"
    partB = "lto:"
    partC = first
    partD = last
    partE = "@"
    partF = domaina
    partG = "."
    partH = domainb
    etc etc

    msg = partA + partB etc etc
    return( msg )
    }
    {
    document.write (returnaddy("Myfirstname", "Mysecondname", "co", "nz"))
    }
    //--></script>

    Additionally support for non-Javascript should be added eg.
    <NOSCRIPT>[you must have Javascript enabled to see our email address]
    </NOSCRIPT>

    --
    Duncan
    T-Boy, Sep 8, 2004
    #15
  16. will

    T-Boy Guest

    In article <z1u%c.2623$>,
    z says...
    > In article <>, T-Boy <> was seen to type:
    > >In article <udt%c.2614$>,
    > > says...
    > >> In article <>, T-Boy

    > > <> was seen to type:
    > >>
    > >> >Make all email addys quite long - firstname.lastname often does that.
    > >> >
    > >> >If using firstname.lastname as your main addy - then don't put your
    > >> >firstname & lastname in things like - um.. well newsgroups :) -
    > >> >websites, etc. Use a false name or psuedo/nick name.
    > >>
    > >> Better not to use names. They are sometimes "guessed" by spammers.

    > >
    > >Sure, you are still subject to dictinary attacks, but firstname.lastname
    > >(if your real names are about that lenght and not *really* common names)
    > >- then I don't think they'll be a problem. (Count of
    > >"firstname.lastname"@ domain is 18 chars - I'd say that's sufficient)
    > >
    > >If your name is John Smith - ok, yer gotta prob :)

    >
    > I suggested this because I have seen names of about the 18 charcter
    > mark guessed :) YMMV of course ... but I still say, better
    > not a name. notanother name@ .... :)


    Sure. Yet Dave recently posted how his quite shortish name combo
    remained spam free. It is somewhat difficult to know where to draw the
    line - between ease of use and readability (in terms of how it look on a
    biz card and how your mates will remember your addy) vs not being found
    by dictionary or combination name guess attacks.

    --
    Duncan
    T-Boy, Sep 8, 2004
    #16
  17. will

    Harry Guest

    Gurble wrote:

    > On Wed, 08 Sep 2004 10:23:29 +1200, Harry <> wrote:
    >
    >>
    >>> any special combination/length of characters that spammers
    >>> don't usually bother?

    >>
    >>Spammers don't sit there manually trying to hit your email address.
    >>But apparently they don't bother with the letter 'u'.

    >
    > They DO use forms of dictionary attacks, knob.


    Ok knob, what dictionary do they use? I would hardly think that
    an english dictionary would be much help to them.

    And since you know that they DO use a dictionary please tell everyone
    what dictionary they use then the OP can choose something that isn't
    in that dictionary.

    Or was supplying such useful information not really your intention.
    You just wanted to take me down didn't you!

    Go on - tell the OP all about the dictionary that spammers use so that
    the OP can choose an appropriate email address. Better still just suggest
    a single email address that isn't in the dictionary.
    Harry, Sep 8, 2004
    #17
  18. will

    Ryan Jacobs Guest

    "Harry" <> wrote in message
    news:u3x%c.23220$...
    > Gurble wrote:
    >
    >> On Wed, 08 Sep 2004 10:23:29 +1200, Harry <> wrote:
    >>
    >>>
    >>>> any special combination/length of characters that spammers
    >>>> don't usually bother?
    >>>
    >>>Spammers don't sit there manually trying to hit your email address.
    >>>But apparently they don't bother with the letter 'u'.

    >>
    >> They DO use forms of dictionary attacks, knob.

    >
    > Ok knob, what dictionary do they use? I would hardly think that
    > an english dictionary would be much help to them.
    >


    LOL, not a programmer then, huh?

    > And since you know that they DO use a dictionary please tell everyone
    > what dictionary they use then the OP can choose something that isn't
    > in that dictionary.
    >


    It's not a "dictionary" that you're familiar with. A simple google would
    have saved yourself some embarressment.

    > Or was supplying such useful information not really your intention.
    > You just wanted to take me down didn't you!
    >


    Taking you down would be considered "the icing on the cake", but he/she
    actually did supply useful (and more importantly, correct) information.

    > Go on - tell the OP all about the dictionary that spammers use so that
    > the OP can choose an appropriate email address. Better still just suggest
    > a single email address that isn't in the dictionary.
    >


    Yawn.......
    Ryan Jacobs, Sep 8, 2004
    #18
  19. will

    Bok Guest

    Evil Bastard wrote:
    > 1. get or set up a whitelist-based address
    > - there are server-side and
    > client-side software packages such as Active Spam Killer; also there
    > are various free and non-free hosted services
    > - cost of this is that the first time someone sends you email, they
    > receive a 'please confirm' message


    I found TMDA [1] used in conjunction with qmail to be very effective.
    While in use over an 18 month period we had two SPAMS delivered to valid
    addresses and in both cases the (naive) spammer had confirmed the
    challenge using a real and traceable email address.

    > 4. any others?


    I have now switched from qmail to postfix and dropped TMDA in favour of
    fairly stringent MTA based UCE controls[2]. The occasional SPAM that
    gets past these for local delivery is readily dealt with by SpamAssassin.

    [1] http://tmda.net/
    [2] http://www.postfix.org/uce.html
    Bok, Sep 8, 2004
    #19
  20. will

    Bok Guest

    will wrote:

    > i'm setting up an email address exclusive to GPRS access, naturally i
    > don't want any spams to get there.
    > what's the best approach to prevent easily guessable email address, as
    > it's a common practice for spammers nowadays. any special
    > combination/length of characters that spammers don't usually bother?


    <firstname>.<lastname>@<domain name> is often a good choice if you want
    to use something memorable that's also relatively safe from
    dictionary/common name generation bulk mail methods.
    Bok, Sep 8, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    537
    Hywel
    Apr 12, 2004
  2. Frank Callone
    Replies:
    2
    Views:
    574
    Jonathan de Boyne Pollard
    Oct 18, 2004
  3. =?iso-8859-1?B?pqamU0hBRDBXpqam?=

    Put a fake email address to avoid spam

    =?iso-8859-1?B?pqamU0hBRDBXpqam?=, Jul 16, 2006, in forum: Computer Information
    Replies:
    5
    Views:
    700
    Alex Clayton
    Aug 15, 2006
  4. rivenglo

    Spam after submitting email address to Nikon

    rivenglo, Oct 9, 2005, in forum: Digital Photography
    Replies:
    44
    Views:
    876
    DeadKenny
    Oct 18, 2005
  5. Clwddncr
    Replies:
    6
    Views:
    638
    Dave - Dave.net.nz
    Feb 7, 2005
Loading...

Share This Page