Sunday, 2 October 2005

Spamgourmet: anti-spam email service






I've covered disposable email addresses (DEAs) as anti-spam devices before, in the context of using Gmail aliases as DEAs. But Gmail has its downside. It takes a few steps (too many for the impatient) to set up new Gmail alias so you can send email FROM it within Gmail (my Gmail aliases post explains how). Many webforms reject email addresses with a "+" in them (annoying, and the biggest disadvantage of Gmail aliases to me). Plus, it's easy for people to figure out your real Gmail address from the alias and then spam you there, without any watchword or prefix protection (covered below).

I've looked at several free or paying DEA services, but decided they were incomprehensible to non-hardcore techies, or not worth the money, or both. The best DEA service, in my book, is Spamgourmet. It's a fast, flexible, very effective and completely free spamfighting service, though they welcome (and I'd encourage) donations - it's well worth it. I've been using it without any trouble for about a year now.

How DEAs (disposable email addresses) work

A DEA is exactly that, an email address you can use for a particular purpose, then dispose of if you find you're getting spammed at that address. With most DEA services you can have as many DEAs per username as you want; that's the point. It's common to use one DEA per company or person that you correspond with. To help remember which DEA you used for which company, it's also common to include the name of the company as part of the DEA (plus, if you start getting spam at that address, you'll know exactly which company did the dirty on you).

Some DEA services (like Spamgourmet) work by forwarding email sent to a DEA to your real email address; others work like Yahoo or Hotmail, storing the email on their own servers, and you login via your Web browser to read and send mail.

You can enter your chosen DEA in a Web form or give it to the company concerned over the phone, or you could send an email to the company set to be "From" that DEA. In many cases, as with Spamgourmet, you can just make up the address you want on the spot (but using the format required by the DEA service), while in other cases you have to create a DEA online before you can use it.

How to send email from a DEA again depends on the service. With Webmail services you can often simply login to the DEA service, compose a new email to the company you want, and select an existing DEA from a dropdown list or perhaps just type a new DEA in the From box.

Spamgourmet - why I like it

With many DEA services you have to manually delete a particular DEA if you are getting spam sent to it. With Spamgourmet, it's much less work - you set up in advance how many emails you're prepared to receive at an address, e.g. 20. After 20 emails, all email sent to that address get automatically eaten by Spamgourmet (hence the "gourmet" name) and won't get forwarded to you anymore, all without your having to do a thing: it's self-destructing, as they put it. But if you decide you'd like more emails at that address you can easily "top up" or "refill" the number before it gets to the limit you set (max 20 at any time for each DEA), or else you can give a sender "trusted" status so that they can send an unlimited number of emails any of your Spamgourmet DEAs. Or you can give a sender "exclusive sender" status so they can send an unlimited number of emails to a particular Spamgourmet DEA only. It's all very flexible.

Plus, Spamgourmet has watchword protection, which I cover below.

Spamgourmet is very helpfully laid out: there are two main pages, Basic and Advanced, with narrative explanations on the page itself, and an excellent and comprehensive FAQ, very well and wittily written (it merits a read just for humour value - e.g. "confession - this is not a frequently asked question. No one has ever asked this question."). Because the inbuilt help is so good, all you have to do is to read it (but you do have to read it), so I'm not going to say much myself by way of a "how to". I'll just add a few tips and pointers.

Spamgourmet - some tips

1. A Spamgourmet DEA generally has the structure "wordYouMakeUp.optionalNumberorWord.yourSpamgourmetUsername" followed by "@spamgourmet.com" (actually there are other domains you can use, not just "spamgourmet.com" - check their FAQ). It's not case-sensitive, upper or lower case are interchangeable, I've just used uppercase for some letters for ease of reading.

2. Choose your username carefully before you actually sign up, don't just sign up with any ol' name (and it's 20 characters max, no dots). Make it something you can remember and which isn't too cringeworthy, as it will appear as part of the address in the emails you receive or send (so rude words are probably out, depending!).

3. The "wordYouMakeUp" would usually be the name of the company you're corresponding with, to help you remember which email address you've given to which company. For example, "Amazon" (or "FromAmazon"). But it can be anything you like.

4. The "optionalNumberOrWord" relates to what I was describing earlier, about setting a limit on the number of emails you're prepared to receive at that address, with the ability to topup. The max number is 20 (but you can keep topping up to 20 max at a time or, if you're sure they're OK, make a sender "trusted" so that emails they send won't affect the countdown at all). Example: if you tell company X that your email address is "fromX.15.yourusername" followed by the usual "@spamgourmet.com", you'll get no more than 15 emails at that address. Each email you get at that address helpfully has the number count in it so you know how much of the quota has been used up and can decide whether to top up.

A neat twist: you can use a word (except "sender" and "domain") instead of a number in the middle, and Spamgourmet will still limit the number of emails you get - but the max number of emails you'll get will be the position in the alphabet of the first letter of the word (up to 20 max again), e.g. if you use "fromX.ark.yourusername", you will only get one email at that address as A (in "ark") is letter one of the alphabet. If the middle word is "eek" you get 5 emails max ("e" being letter 5 of the alphabet). But any word starting with "t" or a later letter in the alphabet lets 20 emails max through.

Another clever thing: those lovely chappies at Spamgourmet have fixed it so that if you're idle like me, you can leave out the middle number or word completely (hence "optional" in my description) and just use "fromX.yourusername" for the first bit of the DEA. Plus the address looks better too. If you omit the middle bit, the max number of emails to that DEA before they get eaten is still set behind the scenes, but it just automatically becomes whatever number (up to 20 again) you decide to make it in the "default number" box (the "advanced mode" tab, scroll down a bit and don't forget to click "save"!). The default is 3, I've changed it to 20 in case extra emails have to be exchanged so I don't miss anything important. And you can still topup or refill those in the usual way.

5. To send email from a DEA, go to the "advanced mode" tab, click "send a message from one of your disposable addresses", enter the recipient's address where indicated and choose (or invent) the DEA you want the email to come from, and hit "go". Spamgourmet will produce a long weird looking email address (which you can even save to your address book or contacts etc to reuse for future correspondence with the same company). Send an email TO that address from ANYwhere (e.g. from your ISP email address using Outlook, your Gmail account etc) and the email will automatically be tweaked by Spamgourmet and forwarded to the recipient so that when the recipient gets it, it will appear to be from your chosen DEA, with no indication of your real address. When they reply, Spamgourmet forwards it to your "real" email address, but when you hit Reply in turn to answer their email, it will again appear to be from your DEA, not your real address. If you lose the unique long email address, just generate another one.

6. To check your list of current DEAs, in the "advanced mode" tab just leave the box before "search addresses" empty and click that button. In the list of DEAs you can click a particular word to edit that DEA - including sending email from that DEA, making a sender an "exclusive sender" for that DEA, etc.

7. Watchwords are a great idea, though touch wood I haven't needed to use them yet. Why use them? Well what if evil spammers (are there any other kind?) figure out your Spamgourmet username from a DEA you've used and start sending you spam using DEAs they make up, e.g. addressing spam to word1.yourusername, word2.yourusername etc, all at Spamgourmet.com? You can stop that with watchwords, which you add in the "advanced mode" tab (using the "add a watchword" box, where else). If you add a watchword, Spamgourmet will eat emails sent to your DEAs unless word1 of the DEA includes your secret watchword, which only you and Spamgourmet know. And you can change that watchword to a new one or add extra ones anytime, but old DEAs previously in use with the old watchword will still work. How clever is that? (For the even more paranoid there are "prefix" words you can use too, but I won't go into that - check their FAQ).

8. The gorgeous folk at Spamgourmet (mwah!) don't mind if you sign up for more than one Spamgourmet username forwarding to different places, e.g. one for work, one for home, as long as you're sensible and fair about it, i.e. don't hog zillions of usernames. (Each Spamgourment username can only send to one real forwarding email address, although you can change that address in the "protected address" box in either "no brainer mode" or "advanced mode" tabs.)

9. They also have a useful support/help forum/discussion area, which the folks behind Spamgourmet actually read and reply to.

10. And there's more you can do with it, and other twists - but you'll have to read the FAQ for that!
Aside: if you're looking for a DEA service, avoid Mailshell (a Webmail service), and certainly don't bother with their paid-for "premium" service. The storage space is a stingy 50MB, they've not improved or added any new features for years (e.g. you can't search by "From" or "To". Still), trying to pay their subscription online may not work and then they make you fork out for the cost of an overseas fax for the privilege of giving them your credit card details, their spam filter is erratic and often labels stuff from designated "safe" addresses as junk, their support staff don't seem to know how their login works. Enough reasons? I'd use Spamgourmet or Gmail aliases instead.

Basically, I can't think of a single thing wrong with Spamgourmet, and lots of things they've got right - they've included almost everything one could think of, really. It's easy (especially if you don't use the advanced features), it's quick (the most I've had to wait for an email to be forwarded is a few minutes), and it's free. A fab service. Go for it, and better yet, donate!


Technorati Tags: , , , , , , , , , , , , , , ,

7 comments:

dreamweaver said...

I use sneakemail for my DEA service. You can forward to many different "real" addresses, but unfortunately, you can't make up addresses on the fly (I think that is a premium service - a whopping $2 per month). Otherwise, I've been pretty happy with it. www.sneakemail.com

Improbulus said...

Thanks for the info Dreamweaver. Always useful to know about more DEA services.

Though I'm sticking with Spamgourmet or Gmail aliases for now, myself, as they do everything I need and are free.

EmailHosting.com said...

Spam will be a continuing fight regardless of how many spam fighting technologies we incorporate. Then we will risk missing important emails due to spam filtering. Emails will have to be followed up by phone calls in my opinion in the future.

alien resident evil said...

I use the mytrashmail.com service to receive potential spam. it's real simple, just 'register' somewhere with somename@mytrashmail.com then go to Trash and check that mail 1st time in your life. sometimes it wont receive mail (i guess trash is pretty known and blacklisted) but otherwise is ok. no privacy, anyone can get to your 'somename' email account, but theres also a secure variant, with password. and no forwarding by default, so its real anonymous too.
---------------
about antispam: what if the blocking engine would put emails from new adress (never received before) to 'potential spam' area, separate from 'definite spam' (keyword checked)? should make life easier :)
no account, no work to do before

Improbulus said...

Emailhosting, don't know about that, I'm perhaps a bit more optimistic than you about spam filtering technologies hopefully getting there eventually...

alien resident evil, thanks for the info about trashmail. As you say, anyone can access your account and sometimes it won't receive mail, but if you have to give your email before you're let in to a site and you don't need (or want) to get any emails from them in future that's probably OK.

World's Worst Spammers said...

I have decided to try to fight fire with fire, by setting up a blogspot blog called worldsworstspammers.blogspot

I do not know if the pan will work - but hopefully if more people published spammers mail addresses on anti spam sites, then spammers amil boxes will soon fill and their costs will increase.

Can this work?

Improbulus said...

Can't see your blog WWS, but I'm sceptical of the point of publishing spammers' emails. They often spoof other (innocent) people's emails anyway so that the spam appears to be coming from other people, not the spammers.