Spam & protected e-mail addresses

OK, so my old e-mail address from PopTop has finally gone dead, and I’m down to my ‘protected’ e-mail address, which I’ve been very careful about exposing to commercial entities that might resell it to spammers.

My old address had been exposed on the web in many ways (was listed in PopTop’s DNS, was included directly on the PopTop web site at one time, etc.), so overy my ~7 years of using it, it had found it’s way into most spammer’s lists, and I was getting ~100 spams a day.

So far, my new address is spam-free, and of course, now I’ll be very careful about exposing it on the web. It’s also not easily guessable by spammers who run millions of guesses through the [email protected]_URL.COM method.

So, my question is, if I use my clean address with general, reasonably reputable web sites (amazon, e-bay, yahoo, various major vendors and the like), how likely is it that it will be resold at some point to a spammer and leak into the spam community? I could create a dummy e-mail address just for the questionable transactions, but that’s a bit of a pain. I don’t know what portion of my previous 100 spams a day was because my old address had been public on the web, versus how much it had been resold by all the vendors I had ever bought anything from, and/or sites I had ever signed up at.

I’m not too worried about getting the occasional pitch from a site I actually use/buy from, I just don’t want to get on the general spammers lists. I also don’t want to spend 15 minutes every time I buy something hunting through a site’s privacy policy and looking for barely visible ‘don’t spam me’ checkboxes.


For most people it’s not a matter of if, but when.

I have to say that I’m happy with using a Gmail account for such things, though, especially in that I can check the mail through any regular email client along with my other regular accounts thanks to their POP/SMTP support for the service.

In the end, however, using POPFile helps me simply not worry too greatly about spam, even on a often-used-publically, well-travelled email address.

Sometimes I give out [email protected]domain e-mail addresses. The e-mail goes to my fire mailbox, but is easy to filter with procmail and the like. Plus you’ll get to see who uses/resells your e-mail. Could also do fire+ebay, fire+amazon, fire+qt3, etc.

The downside is many online vendors don’t recognize the ‘+’ character in their e-mail creation forms.


This is what about half our users on use the superhappy fun account for. For $25 a year you get 125 domains/addresses that you can just forward to another account, keeping the main account hidden at all times. If one of the addresses gets spoiled, you just point it to null.


But we are hardly the only vanity email address site out there, most other services allow you a similar setup, just make sure they allow you to forward any email or to filter based on domain/address. And there is a service somewhere (can’t remember the name) that allows you to create versions of your user name for each place you submit your email address.

Chet is a simple dumb way to do this - you just use [email protected], and that’s all there is to it - go look up the response on mailinator. The downside is that it’s completely open - anybody can look at your e-mail, and that mail purges out of there very quickly. It’s useful for easily disposable one-off e-mail addresses.

Seems to me like it wouldn’t be all that much hassle to set up [email protected] and just pass that out to every site that needs an email address. Most people I know who have a domain of their own do something like that, if they don’t make a new one for every site they register on.

I just use one of my many web-client accounts (Yahoo, Gmail, etc) and then use POP access later on to retrieve my email to a centralized location. Yahoo recently added a nice feature that adds a “[Bulk]” to anything that it considers spam, so I can add rules for it in my email client.

However, I’m an anti-spammer. I like getting spam. How else would I fill the day without some serious PvP action?

As far as I can tell from experimentation, not very. I sign up with a different e-mail address at every site that requires registration, all of which forward to my main domain account. I’ve only ever had one end up in the hands of spammers. (Steer clear of J.C. Penney’s!) You’re more likely to get spam to any address you post on a web page or to a mailing list.

It is likely. Unique email addresses I’ve only used at,, and have all found their way into the hands of Viagra spammers and Nigerian scammers. I’m not sure how they got out, but they did, and that’s all that matters.

So, yes, using your “safe” email address for general transactions with trusted sites carries an amount of risk.

I have an easy method of creating unique email addresses for each of my website relationships: [email protected].

Follow-up. If the name does ‘leak’ into the spam community via a careless or just scummy retailer/web site, how fast does it spread? Again, my old address was running ~100 spams a day, but it had been out for a long time, publicly exposed in a few places, and was guessable by brute force spam methods. If we’re talking a slow leak that might get me one spam a week or one spam a day, that’s not too bad, but 100/day makes e-mail very painful if you don’t have spam control, and semi-painful even if you do ('cause spam control is only ~90% effective).

The addresses that leaked through JC Penney, ebgames and the like - how long ago did they leak, and what’s the spam rate now?

Here’s an interesting report on the link between published email addresses and the amount of spam subsequently received. Of course, this is two years old, so I don’t know whether it still holds true or not:

  • Alan

If you’re willing to put in the work, a friend of mine did something I thought was relatively brilliant. He already had his own website set up, so he basically created a new email alias every time he wanted to sign up for something, so he could track who was causing his spam.

In other words, let’s say you owned When you sign up at, you create an [email protected] email just for them. If you sign up at ebay, you create an [email protected] account. It’s more work, to be sure, but if you ever get spam, it’s a lot easier to track where it came from (and shut down the account to stop it).

[size=2]Edit: which, yes, is the same thing that Roger suggested. (/slaps self) [/size]

Yeah, that’s what I do. And if you start getting spam to that address you know who sold you out!

If you don’t have access to your own domain to do that with, the free service at will do it for you, but with a few added features.

Once you create an account, any email sent to the addresses you create through the system will be forwarded to whatever real address you want, but you can also set a limit to the total number of emails sent.