New Firefox Service Will Generate Unique Email Aliases To Enter In Online Forms (zdnet.com) 70
An anonymous reader writes: Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms. The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned. Private Relay will be available as a Firefox add-on that lets users generate a unique email address -- an email alias -- with one click. The user can then enter this email address in web forms to send contact requests, subscribe to newsletters, and register new accounts. "We will forward emails from the alias to your real inbox," Mozilla says on the Firefox Private Relay website. "If any alias starts to receive emails you don't want, you can disable it or delete it completely," the browser maker said.
Sweet (Score:5, Interesting)
Re: (Score:2)
Re: (Score:3)
Re:Sweet (Score:4, Interesting)
Would be nice if there was an open source implementation that you could run on your own domain. That would be far less likely to get banned.
Re: (Score:2)
I agree, I feel like something like this wouldn't be hard to do at all. I mean if you own your own SMTP server, you could literally just create an account for a purpose, use it until your done with it and get rid of it. I can't imagine it would be too hard to automate it with a simple UI either.
Re: (Score:3)
Many email servers support plus addressing. Mine does, as you can see above. If an address gets spam you know who is responsible. That saves a lot of trouble. Obviously that scheme can reasonably easily be ruined by smart spammers.
Re: (Score:3)
Many email servers support plus addressing. Mine does, as you can see above. If an address gets spam you know who is responsible. That saves a lot of trouble. Obviously that scheme can reasonably easily be ruined by smart spammers.
Yea but many websites don't support it. I've tried it in the past and about 50% of the time the form validation flags it as invalid (even though it obviously is valid).
Re: (Score:3)
Many email servers support plus addressing. Mine does, as you can see above. If an address gets spam you know who is responsible. That saves a lot of trouble. Obviously that scheme can reasonably easily be ruined by smart spammers.
Yea but many websites don't support it. I've tried it in the past and about 50% of the time the form validation flags it as invalid (even though it obviously is valid).
It depends on the character used to separate the base and added parts of the email address.
I found that many sites (improperly) reject the '+' character that Google uses, so I configured Postfix for my own domain to use the underscore.
Nobody complains about name_spamsite@domain.
Re: (Score:2)
Obviously that scheme can reasonably easily be ruined by smart spammers.
Maybe the scheme could still work no matter how smart the spammers are with some revisions.... if you use a suffix for ALL contacts, and if no suffix is given: Have that go to an auto-reply bot instead of a mailbox... a bot that only responds to messages that come from a sender passing DMARC alignment with SPF or DKIM.
The bot has one purpose.... to provide a link for generating a suffix contactID for any person who wants t
Re: (Score:2)
Your ideas will certainly work.
I cannot be absolutely sure, but I am more than 90% confident that no spammer has yet figured out my actual email address from the address listed here on Slashdot. The fancy proposals you have will only become necessary if spammers actually grow a brain.
So far, most spammers believe my email address is slashdot@...
Re: (Score:2)
You can just set to a domain that redirects all mail to your real account and block individual addresses as they get spammed, but it's a bit of work and when someone does a dictionary attack against it you are in trouble.
Something like this that makes it as easy as a few clicks would be great.
If necessary: A client-only solution. (Score:2)
I think it would be easy, to write a browser add-in that automatically creates a new adress on the fly at some provider, by filling in the mail account creation forms with random data and such, do the entire verification process, and merely ask you to enter a CAPTCHA or the like that can't be automated.
open source version (Score:3)
I've been doing this for a decade. The back-end of my mail server is SQL-based, and it has a table that maps aliases to actual accounts (even those not on my server).
Postfix looks up any inbound address against that table to decide whether to accept it, then hands it of to the LMTP server, which delivers it to the real address.
I've only occasionally thought of implementing a web page to allow remotely setting them up.
Re: (Score:2)
Nice, let's hope services don't ban the aliased emails though. I noticed this happen with the apple id email security.
There's a simple solution for that -- if a merchant doesn't accept your aliased email address, don't do business with that merchant. You're the one with the money, if they don't want to accept your money on your terms, don't give it to them.
It's like if a brick and mortar merchant refused to do business with you if you don't provide your phone number (I'm looking at you, Radio Shack), if they won't accept your obviously fake number (I used 415-555-5555), then buy your batteries somewhere else.
Re: (Score:2)
There's a simple solution for that -- if a merchant doesn't accept your aliased email address, don't do business with that merchant. You're the one with the money, if they don't want to accept your money on your terms, don't give it to them.
Just to give an opposite perspective: as a merchant who has persistent problems with a small number of customers whose email addresses don't work, sometimes because their ISPs insist on non-standard behaviours and treat anyone who doesn't comply with their pet wish list as junk or even drop the mail silently, please go ahead. I would be delighted if the tiny fraction of our customers who have broken email just went away, because they cause considerable stress and wasted time, sometimes even generating more
Re: (Score:2)
It might be hard for you to believe, but not everyone in business it out to screw you, and not every business model involves abusing customer data. Some of us follow a radical alternative strategy: make a useful product or service, charge a fair price for it, and everyone wins.
But thanks for the excellent demonstration of what I was talking about. Anyone with such a hostile attitude is always going to be more trouble than they're worth, and some people aren't worth doing business with.
Spamgourmet (Score:5, Interesting)
Re: (Score:3)
Shhhhhhh..... the first rule of spamgourmet club is you on't talk about spam gourmet.
It's one of the few services that are not blocked by people now.
Re: (Score:3)
It's blocked often enough, that's why I had them register one of my own subdomains. I my own subdomain and spamgourmet.com is now interchangable for my account.
Well, actually for any account :D.
Re: (Score:2)
Anything that blocks based on fake email aliases is probably not worth doing business with, because the only reason to block is because they're an advertiser or make money from advertising (remember, advertisers are the enemy here, not the consumers).
Re: (Score:2)
That isn't the case, as I explained in another comment [slashdot.org].
Spamgourmet (Score:4, Interesting)
Unique alias (Score:2)
Do you mean to say that Chuck.U.Farley@EatMyShorts.com isn't unique enough?
We will forward emails from the alias to your real inbox
So really just an automated way of setting up a throw-away e-mail account. Except that Firefox still knows where to forward the e-mail. No thanks. When one of my temp accounts starts to pile up with crap, I just stop using it. There are probably a few Nigerian government ministers with millions of dollars just waiting for my response out there.
The other good thing about throw-away accounts is that I can log on from time to time and
Re: (Score:2)
Well I don't really see this as a service for throwaway mail, more like compartmentalized mail. Like you actually want to read them in a timely manner and without logging into dozens of different accounts, but without giving each and every one of them the chance to sell your email to spammers and compromise your true inbox. Throwaway emails are more those "fire-and-forget" emails I use when somebody requires email activation, where I rarely or never need to check that inbox again.
Re: (Score:3)
Anyone running their own server (Score:3)
Re: (Score:3)
So far, I've caught a major railway, MLB organization and 2 large ecommerce sites giving those email address to 3rd party marketers. Plus, a few smaller online stores.
Sadly - while each got reported to the federal govn't anti-spam organizations, nothing has been done.
Re: (Score:2)
Same here but instead of maintaining an list of aliases or having to go create one before I use it, I use the address extension character. Typically + I changed mine to a -
so me-subj@mydomain gets to me@mydomain but keeps the -subj part.
Should I get too much spam then I create an actual address/alias for it that ends up delivering it to /dev/null
Re: (Score:2)
I do the same, just have a regex forwarding rule to two different inboxes (personal and 'accounts'): *-account(s)?@ lets me use -account@ emails. Sometimes confusing to the recipients when I give it to them and they don't understand domains ("Do you work for us?").
It's occasionally revealed some interesting facts; for example, a few years ago my mouser-account@ email (Mouser [mouser.com]) got a deluge of spam - but no publicly disclosed data breach. Other offenders have been Amplitude Studios [amplitude-studios.com], Gamespy, and of course
Great feature (Score:5, Insightful)
Been using that capability using a wildcard feature of PostFix for over 10 years. I can say it has been one of the best features of email I can imagine.
To give an example, after there were fraudulent purchases on my credit card, I was able to identify the vendor that leaked it because the thief used an email address to sign up for a service with my credit card that I only gave to this vendor.
I can also send specific email addresses to /dev/null that become spam targets without impacting incoming emails I care about.
Very glad to see Firefox begin to open this type of capability to the public.
Re: (Score:2)
Same here, except about a decade and half ago I switched from sendmail+qmail to MSFT Exchange which also has had wildcards forever. After many years of using wildcard emails, I have a decent sized filter which silently discards a whole bunch of them. I also have some spam filters which filter based on both source and destination, for example any email which claims to be from amazon.com goes straight to Junk Mail unless it comes to the email which I only use with Amazon. Same for banks, etc.
I will say one th
It's a real website (Score:5, Funny)
Re: (Score:2)
fuckoff@example.com gets this too
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
So YOU were that asshole that subscribed the POTUS to that spammer that tried to sell his MMS bleach cure via Spam?
Re: (Score:2)
Will Slashdot ban those too? (Score:1)
Re: (Score:3)
All hail our chromium based overlords and the new Google Wide Web!
Seriously, I think this feature sounds convenient and if unused it'll probably not take many kilobytes of disk space. I'll reserve real judgement until I see it.
Re: (Score:1)
This is going to get rejected (Score:2)
The fight between anonymity versus identity is old and never-ending. This new service is a great idea no doubt, but it will definitely be taken as a provocation by those who already have to fight off spam.
I'll stick to my old practise: when a site wants my e-mail address, but it doesn't offer me something of value in return, then I'm simply at the wrong site.
Better late than never (Score:3)
Looks like the giants are discovering a feature I implemented almost 15 years ago [roaringpenguin.com] in Roaring Penguin's anti-spam solution.
I use yopmail (Score:3)
Just enter whatever@yopmail.com
They also have dozens of aliases if that one is blocked.
Re: (Score:2)
There are hundreds of temp email services around. The point is to make it more convenient, which is always welcome IMHO.
Re: I use yopmail (Score:2)
I use mailinator.com. It also has countless aliases, but I found them hard to find nowadays.
Also, there is bugmenot.com. Shared logins so you're not bugged by having to log in. With a browser extension so all you have to do is right click on the password field, and select "bugmenot".
The only problem is that they are centralized and have been harassed by side owners previously, to block their site from the service. (Does anyone know an alternative? alternativeto.net only spits out Login2, which seems to be d
Will be great... for those 5 minutes (Score:2)
until it's blocked by all the mail harvesters that make such addresses useful in the first place.
A good idea except (Score:2)
This idea has some serious issues with it:
1) Mozilla has to have an SMTP relay server running and if many people start using this service it might mean a lot of expenses. Also some email providers may refuse to allow SMPT relay in principle.
2) Once Mozilla decides it's not worth it and kills the service you may find yourself locked out of many websites which either don't allow to change your email or require to verify your old email before changing it to a new one. Strangely Mozilla's own account system
Re: (Score:2)
Also some email providers may refuse to allow SMPT relay in principle.
That criticism isn't valid / does not make sense. Email providers by their very nature have to accept SMTP connections from other MTAs relaying traffic to the destination domain's MX servers; that's how e-mail routing on the internet works.
If the account is really important, then you should probably be giving them your real e-mail address rather than one relying upon a 3rd party relay service to reach you.
That also provides higher
A Brief History of anon.penet.fi (Score:1)
A Brief History of anon.penet.fi - The Legendary Anonymous Remailer [december.com]
Written in September 1997.
Short version:
anon.penet.fi was an anonymous remailer from 1993-1996.
Re: (Score:1)
I had completely forgotten about this until now.
We need better Identity Providers (Score:2)
Sorry, this might seem off-topic at first, but...
I've been arguing for years that we need new kind of service, along the lines of an identity provider. What I'm imagining is a single service that wraps together all of your account management in one service (SSO, email address management, account management), while not including in it any other service (e.g. storage, mailbox hosting). The main service that they would provide is to be a universal authenticator and account management system, so that I can p
Re: We need better Identity Providers (Score:2)
All I hear is "single point of failue".
If this should exist, it should be decentralized, with everyone's stuff residing solely on his system, and its core should not be a piece of software or a service, but a protocol.
But I'm saying for years, that home servers (with a VPN to e.g. the phone and a fast uplink) should be standard and if necessary legally mandated.
Re: (Score:1)
Many websites will probably block this (Score:1)
Can finally stop using Craigslist (Score:2)
Amazing! No longer have to rely on CL for my email relaying needs :) :) :)
Behind the scenes (Score:2)
Business model (Score:2)
Who is paying for all this and why? Out of the goodness of their hearts? Maybe I'm just too cynical.
You mean like Google? (Score:2)
I've been using $name+$uniqueID@gmail.com for ages.
E.g. BAReFOOT+slashdot2020@gmail.com, it that was my real name.
And everything received without such a tag, gets dumped in the spam folder by my mail client.
Re: (Score:3)
What do you mean "like Google"?
These wildcard addresses have existed long before Google and are supported by many MTAs. You can also place dots anywhere in the local address (part before the @) since dots are ignored (i.e., hello@abc.com = h.e.l.l.o@abc.com = h....e....l...l...o@abc.com).
In fact, the mail address standard allows (almost) any character in the local part of an address (see the address specification in RFC 5322 [ietf.org], which finally resolves to atext [ietf.org]).
SimpleLogin (Score:1)
Um, well, no, screw you. (Score:2)
Look, I love Firefox, that's my preferred/primary/only(ish) browser.
1. No, I'm not having all of my e-mails go through one company -- isn't that the whole entire point of this exercise? I don't want to trust that Mozilla isn't reading all of my e-mails. Might as well be google. Don't be evil, until it becomes profitable to do so.
2. No, I'm not making it obvious to everyone that I'm doing it, or they'll just block it, obviously.
3. No, add-ons are terrible in every way.
4. No, because I can do it myself. A