Helping people with computers... one answer at a time.
Disposable email addresses are not a security measure in the sense of securing these accounts. They are a convenience and a spam management tool.
I use Yahoo Mail Plus. I've seen it mentioned in a couple of the articles in your archives, which I've searched. One of the features of Mail Plus, as you know, is the use of disposable addresses. I have about 25 to 30 right now for various registrations and accounts including your newsletter. But after the Honin debacle, I have to question how secure doing this is as opposed to opening new email accounts from different providers for each and every registration. I ask because it strikes me that all of those disposable addresses I have are ultimately tied to the same password in my Yahoo account. As near as I can tell, there's no way to set up a unique password for the disposables. I use a very strong password on my Yahoo account but I still have to wonder just how much more secure it is using the disposables? So is there really that much security benefit in using the disposables?
In this excerpt from Answercast #70, I look at why disposable email addresses might be used.
My take is, no. My take is - ultimately, that's not really disposable email addresses are about.
What they're really about is managing spam: managing people that misuse your email address.
For example, let's say you sign up for a newsletter and you use a disposable email address to do so. That newsletter then sells your email address to spammers or somehow turns into a spammer themselves. You can then immediately, and permanently, remove all of that spam, stop getting anymore spam that is sent to that email address by - simply disposing of the disposable email address. In other words, doing whatever Yahoo lets you do to stop receiving email from this disposable email address.
That's the point of disposable email addresses. That's why they're called disposable.
They're not really a security measure in the sense that you're talking about and in the sense of the set of circumstances that led to Matt Honin's getting hacked some months ago.
What you care about most is that your accounts are (as much as they can be) independent of one another. Now, I'm not saying that your subscriptions, and so forth, are.
For example, if you have a Yahoo account and a Gmail account, make sure that they are not necessarily the alternate email address for each other. Because, that way someone who hacks one - can then hack the other.
The right way to do it is to potentially have a third, intermediate account that you would use only for recovery and so forth.
The Honin articles that I have go into that in a little bit more detail.
But, I want it to be clear about this use of disposable email addresses. I don't consider them a security measure in the sense of securing these accounts.
They are a convenience and a spam management tool - to let you deal with how other people might misuse the email address that you've actually given to them.
So, the best thing you've done so far is to make sure that you've got a very strong password. That's fantastic.
As always, all of the other security measures apply. Make sure there's no malware on your machine so that someone isn't capturing your very secure password as you're typing it in. Make sure you're using open Wi-Fi hotspots correctly, if you're using them at all.
Those kinds of things are what really play into the security of this
End of Answercast #70 Back to - Audio Segment
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.