Helping people with computers... one answer at a time.

Disposable email addresses are not a security measure in the sense of securing these accounts. They are a convenience and a spam management tool.

I use Yahoo Mail Plus. I've seen it mentioned in a couple of the articles in your archives, which I've searched. One of the features of Mail Plus, as you know, is the use of disposable addresses. I have about 25 to 30 right now for various registrations and accounts including your newsletter. But after the Honin debacle, I have to question how secure doing this is as opposed to opening new email accounts from different providers for each and every registration. I ask because it strikes me that all of those disposable addresses I have are ultimately tied to the same password in my Yahoo account. As near as I can tell, there's no way to set up a unique password for the disposables. I use a very strong password on my Yahoo account but I still have to wonder just how much more secure it is using the disposables? So is there really that much security benefit in using the disposables?

In this excerpt from Answercast #70, I look at why disposable email addresses might be used.

Disposable email addresses

My take is, no. My take is - ultimately, that's not really disposable email addresses are about.

What they're really about is managing spam: managing people that misuse your email address.

For example, let's say you sign up for a newsletter and you use a disposable email address to do so. That newsletter then sells your email address to spammers or somehow turns into a spammer themselves. You can then immediately, and permanently, remove all of that spam, stop getting anymore spam that is sent to that email address by - simply disposing of the disposable email address. In other words, doing whatever Yahoo lets you do to stop receiving email from this disposable email address.

That's the point of disposable email addresses. That's why they're called disposable.

They're not really a security measure in the sense that you're talking about and in the sense of the set of circumstances that led to Matt Honin's getting hacked some months ago.

Securing email accounts

What you care about most is that your accounts are (as much as they can be) independent of one another. Now, I'm not saying that your subscriptions, and so forth, are.

For example, if you have a Yahoo account and a Gmail account, make sure that they are not necessarily the alternate email address for each other. Because, that way someone who hacks one - can then hack the other.

The right way to do it is to potentially have a third, intermediate account that you would use only for recovery and so forth.

The Honin articles that I have go into that in a little bit more detail.

Disposable email addresses for security?

But, I want it to be clear about this use of disposable email addresses. I don't consider them a security measure in the sense of securing these accounts.

They are a convenience and a spam management tool - to let you deal with how other people might misuse the email address that you've actually given to them.

So, the best thing you've done so far is to make sure that you've got a very strong password. That's fantastic.

As always, all of the other security measures apply. Make sure there's no malware on your machine so that someone isn't capturing your very secure password as you're typing it in. Make sure you're using open Wi-Fi hotspots correctly, if you're using them at all.

Those kinds of things are what really play into the security of this account.

End of Answercast #70 Back to - Audio Segment

Article C6037 - November 15, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Esley
November 16, 2012 9:42 AM

Hi Leo, I have yahoo.com and it is running IE 9.
I run Windows 7 pro 64 bit. I have a credit union
account and a bank checking account. Recently I
could not logon my credit union account. Changing some settings in IE 9, corrected that,
Now my bank is changing their settings.They list
three reccommended browsers and Yahoo.com
is not on the list. MS IE 9 is on the list. They intend to do a phone callback to verify a logon.
My phone is a hardwired line (voice AT&T) and
I have Cspire cells. Has IE 9 changed or has the
security of the banking business changed ? Yahoo
is considered a browser isn't? What are they doing over the phone? Phone service is not good
Thanks

connie
November 16, 2012 12:10 PM

@Esley,
Yahoo.com is not a browser. It is a website. You use your browser (IE 9) to go to the website (yahoo.com). That's probably what's confusing you. You won't find Yahoo on the list of browsers.

So you'll be using your IE 9 browser for your banking. If you are having any troubles with settings your bank will probably help you with that.

Bruce Tech Guy
November 16, 2012 3:10 PM

To original question person,

It sounds like you are assuming that you must open a brand new and different email account for each newsletter or organization that you belong or subscribe to. Which could mean that you would be trying to manage dozens or hundreds of different email accounts - a nightmare.

I would suggest using just a few email accounts, and make sure that your login credentials at the newsletter sites are (a) using different passwords from each other, (b) using strong password and perhaps different user ID, (c) grouped in a way that makes sense to you.
You can use the same email address for multiple newsletter signups, as each would be having a different -strong- password.

For example, 'mytechnews@emailvendor.com' you could have Leo's newsletter, and pcworld and macworld, etc. And your different address of 'myhealthnews@emailvendor.com' you would have various webmd and etc health newsletters.
And so on.
Lets assume you subscribe to 50 newsletters. At the end of your reorganization, you would have, say, 4 or 5 email accounts, used for a total of 50 newsletters, and 50 unique and strong passwords.
Much more manageable than 50 separate email accounts.

And of course, using some kind of password manager, either on your computer or web-based, will help to manage this.

As Leo states, disposable email accounts are not for security, but to be able to 'dump'/dispose of that email address if it starts to collect a bunch of spam. (In fact, some of the independent disposable email vendors do not even use passwords on the address - thus there is no security at all.)

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.