Monday, November 9, 2009

Combating Spam - My personal approach to it

Gone are the days when you could surf to a website, click on a download link, and have the download start instantly. Nowadays more and more sites are resorting to asking you for your email address, to which they send a link to the file that you are wanting to download. Even though the site states that your email address will not be used for spamming by them or by any of their partners, you start receiving more junk email after a few days. Sounds familiar? Well believe it or not, email harvesting is a very promising business in the underwground community.

One of the ways you could circumvent the above is by creating some disposable email addresses, those that you only use to download software. This could be as easy as signing up for a free gmail,yahoo or msn account. The only downside to this is that you will have to login to those addresses to retrieve the links that are sent to you.

Another approach is using the following technique. Most of the web based email accounts give you disposable addresses by default. Yahoo gives you disposable addresses on their premium accounts. I personally use gmail and if you were to read the help section on it, you will find out that it also gives you disposable email addresses.

Lets say your email address is Now if someone sends you an email at, you will receive it in your inbox (trivial). Now the funky part that you dont get told off hand is that any email sent to the address john.doe+{blurb} (you have to have + in the address) will also get directed to your inbox. So for instance, if someone sends an email to, this will get delivered to inbox. So now when you go to download something off a website, and they require you to enter your email address so that they can send you the link to the file, just enter the email address in the above format (i generally append the site name, so that I can track where the spam is coming from). Some sites are smarter and do not allow you to have a + in the email address, but almost 80% of the ones that I have tried, take it as a genuine email address.

The next step will be to create a filter in gmail, that uses the To: address as the filter condition. In this, add the disposable email address that you had given to the website, and in the actions, select delete. Activate this filter after you have received the download url (or you could suspend the rule for a few days and monitor the amount of spam you receive from the website).

You can use this technique to create disposable email addresses out of your personal gmail address. Also, you can use it evaluate how "trustworthy" the website you gave your email address to is.

Have fun.

No comments: