I use Mailinator[1] for these purposes (which has hundreds of domains to generate emails for), and I have not been convinced to switch. After going to this site, I have to press a button before an email is generated for me. This doesn't optimize my use of a similar service (in fact, it is slower): I come across some site that needs an email where I prefer not to divulge mine, and I put in something like "signmeup@mailinator.com". I then go to Mailinator and do email confirmation, if necessary, with this open inbox. Some sites don't even require email confirmation to make an account, so I don't even have to deal with Mailinator! How great!
In the case of this website, I have to open up a new tab and go here first, note the random email name generated to me, put it in the signup box, and maybe tab back and click a confirmation link mailed to the inbox.
Sure, it's a bit nitpicky, but I see no direct improvement made on existing services for my particular use case. If I need a "private inbox" for a website signup, I probably care enough to use my own personal email.
I can also vouch for mailinator, it's a brilliant service.
Also, if you just need quick access to a site, you probably don't even need to make an account. Just go to the 'forgot my password' page and put in sitename@mailinator.com - someone may have previously created an account through mailinator, you can just grab the new password in the email and sign in :)
Rampant abuse from companies is one reason I started using Mailinator. See the vicious circle here?
If companies didn't use dark patterns (such as subscribing you automatically to newsletters when you purchase something), people wouldn't need to use disposable email addresses.
Agree 100%, I want to test your service to see if I want do buy it != I want you to contact me about said service forever and how you knocked 20 cents off If I buy it for the year.
And don't give me that nonsense that I can enable my spam filter either. By the same argument you can implement DDOS protection so don't worry about the botnet.
Great news for you: we never sent out emails like that. So the entire argument is moot. I also never said anything about spam filters.
Again, if you just want to avoid a newsletter, great. Try the service and move on if you don't like it. Using that as an excuse to abuse a service is the mental leap I can't make and I don't get how it's even defensible. If you really care about services like Mailinator, the abuse is something you should care about because companies will just keep making it harder to use your email hiding service of choice.
I own several domains if I really wanted to abuse the service I can create and destroy email accounts at will. Maybe you happen to be one of the good ones, sorry you got lumped in with 90 percent of your fellows. The only reason you are getting a legit email from me is if I value your service enough to want to be able to do a password reset.
Fully 100% of the Mailinator users that used our service were doing it to try to take advantage of a generous trial system. That says nothing of those that were trying to DoS the service. And the parent was essentially advocating for hijacking an existing account to avoid going through legitimate channels. If you don't want to abide by the ToS, then take the principled stand and don't use the service. Maybe even let the company know about it.
Plus addressing and filters are free and every email provider I'm aware of has them. If newsletters bother you that much, there are options other than a service designed for abuse.
Doing MX lookups was annoying so we solved our problem another way. We managed to cut out virtually all abuse without appreciably affecting conversion. It just sucks we had to leave behind the few that legitimately wanted to trial without a CC on file (although if they contacted us, we were happy to oblige). And it sucks we had to spend engineering effort trying to deal with abuse, almost all of it originating from a single, well-known provider (Mailinator) -- not the best use of time for a bootstrapped company.
I guess the next stage in this vicious cycle is a service that gives out free credit card numbers that can authorize but can't be charged (or maybe just a stolen CC database).
edit - Clarified some points due to inadvertently submitting early.
There is a service which gives you unlimited disposable credit card numbers, just ask your bank for it.
You can't stop abuse against a time-based trial, so why use a time-based trial?
I don't know your business, but you should consider designing an unlimited trial instead, if your service is good most people will eventually pay for it, or even better, someone else will pay on behalf of them.
A prime example is Dropbox, when you purchase specific phone models you get extra storage, the user didn't pay for that storage, but someone else did (most likely the company who is selling the phone).
@nirvdrum: I can't reply to you directly, probably because of the downvotes, but anyway...
My point is that when you design a trial, you should look for constraints that are more difficult to abuse, and also more valuable for a user, and definitely "1 month of service" is neither difficult to abuse, nor valuable for a user.
If you found a solution in requiring CC details on signup, it's OK, but that was just a temporary cure to your illness of having a time-limited trial. It's not the fault of mailinator, nor the fault of banks, is the fault of wanting to have one (trial) account per person.
South Korea even takes the extreme approach of requiring social security numbers to guarantee that every account reflects one (korean) person, yet it is trivially easy to find stolen databases of schools and companies, and many forums, especially gaming forums even recommend you to commit identity theft to play an online korean game.
Not even companies like Amazon, Google, Microsoft, etc. can save themselves from complex abuse techniques like stolen CC's, generated and valid CC's, disposable CC's, etc. You can pretty easily find news about massive DDoS attacks generated from their clouds using these techniques.
Regardless of how much effort you have spent dealing with abuse, if you are only playing wack-a-mole, you are just wasting your time.
I know it is easier said than done, but probably adding a proxy to do throttling, enforce global limits to free users (ex. domain + ip per hour/day), and stopping/reporting DoS attempts would had been a better investment than trying to prevent users from using Mailinator.
We're going in circles, so this will be my last comment on the matter. In our experience, over an extended period of time, there was virtually no legitimate use originating from Mailinator users. Maybe it's a fantastic service for others. For us, it was hands down the biggest source of abuse. It would be extremely difficult for anyone to convince me of its legitimacy in the face of the data we saw over a prolonged period.
And it's not even that Mailinator users would sign up, try it for 30 minutes, and then just move on. In that case, I'd just say they weren't qualified, didn't like the service, didn't find the value prop, whatever. But that's not what happened.
I don't really think the "you're going to get screwed, so just learn how to get screwed" attitude is really appropriate. There have been a few armchair theories on how we should have dealt with the issue. Suffice to say, 10 paragraphs of text here aren't going to enumerate everything we tried. And it's not as if we made no product improvements in that period either.
Simply put: if you don't want to use the service, great. If you don't find it valuable, that's fine too. But no one's taking the high road trying to perennially use a service without paying for it, meanwhile calling it a quality issue.
And none of this is abstract. We tried all sorts of technical solutions. People just found another way to abuse. We slapped the credit card gate up and had not a single Mailinator signup for the 2 years after that. It simply solved the problem. Maybe someone will up the ante with fake credit cards . . . for us, we found thousands of Mailinator users weren't willing to take that step.
I can assure you, abuse all but stopped when putting the credit card gate up.
We tried all sorts of things with the trial over our 5 year tenure. Way too much time went into dealing with abuse. In our case, it was a visual web testing service. When someone is abusing the service, another person can't use those browsers. Adding more machines might be scalable if you've raised money, but if you're bootstrapping (as we were) there's a very real ceiling to what you can afford. We were running well above the capacity needed for legitimate usage, at our expense, and still had problems stemming from Mailinator traffic.
Maybe other companies have a different experience and Mailinator users turn into loyal, paying customers. In our case, they did nothing but waste resources (both computing and human). And in 5 years, not a single one turned into a paying customer, yet many were happy to leech over extended periods of time (we could see the sites being tested, so tracking it was fairly straightforward). I admit, it was weird being able to classify one whole source of traffic as simply negative, but we had the data to back it up.
And just to clarify, abuse is being used in two contexts here: 1) people trying to use the service indefinitely without paying for it; and 2) people trying to actually DoS other sites, screw up our browser cluster by firing up pop-ups and print dialogs, and other general scumbaggery.
Totally depends on your service. Some services easily lend themselves to some sort of 'unlimited free/paid improved' model - e.g. GitHub's number of repos. Others, however, are really difficult to shoehorn into that model, and a time-based trial is the best option - a 'content centric' service, for example.
I'm sorry, but what's the context for this? I assume it's because I mentioned conversion. I added that part because I expected someone would ask what happened to conversion rate when we started requiring credit cards for trials.
My point is instead of trying to play whack-a-mole and forcibly herd your customers into an intended path, why not just offer clearly a visible path that provides them with something they care about at a price they are willing to pay.
In my experience, it is not easier to convert somebody on a trial to paying than it is to convert a non-customer to a paying customer, and your value prop (and the customer's understanding of it) is always the single biggest factor. Obviously, this calculus changes if you're going for an eyeballs-matter model.
Admittedly knowing little about the specifics of your situation, I still would feel comfortable saying the engineering/man-hours effort would probably have been best spent refining the portal and giving customers a greater insight in your value prop.
I think it is important to note that after you took the step of filtering out temp mail using customers, you said the conversion rate was unaffected, said with a positive tone. Unless there are significant marginal costs, this can be hardly be called a win.
The problem as I've noted elsewhere is the abusers were adversely affecting others. If I could have just ignored them as an annoyance, I'd have been with that. But that's sort of a total side comment. The point was in no situation did Mailinator users ever become customers but they still were a significant resource drain.
As for the conversion rate, it was a positive outcome. I probably should have been clearer that Mailinator users weren't factored into the calculation any more than any other widespread source of spam would have been. Strictly speaking, removing them increased conversion rate because a whole bunch of sign-ups with 0% conversion went away. My point was removing the Mailinator traffic, all other sources continued to convert at nearly the same rate and revenue didn't drop because Mailinator traffic truly wasn't converting anyway.
I'm willing to accept we just had an absolutely terrible business with an absolutely terrible business model and an absolutely terrible product. But if that's the case, why would so many people come from Mailinator and repeatedly use it?
They have a neat "registered" tier now which lets you use your own domain with mailinator but restricts it so that only you can see the mail: http://mailinator.com/featurematrix.jsp It's got some limits, but I've never hit them.
Well, you can use any username and its at your domain. So it's kind of like wildcard forwarding to a gmail account, but the workflow is very different: it's pull vs push. When you're "done" with an account you don't have to turn it off, you just don't check it again.
I wasn't aware of the bunch of services that provide temporary email addresses. Something I've been doing with my gmail address is to put johndoe+thenameofthesite@gmail.com instead of just johndoe@gmail.com. It's nice that Gmail gives you such a wide range of addresses that automatically point to your regular mailbox. It's clearly not ideal (doesn't preserve the privacy of my normal email address), but it's super easy to do and in most cases it allows me to filter out unwanted emails, trace which advertiser got my email address from which service, etc. Now of course if services start implementing the removal of the +* part from the email address then this doesn't work anymore. But for now I think they don't really care.
I have a johndoe.public@gmail.com email address that forwards everything to johndoe@gmail.com. I do the same trick you do, but I use johndoe.public+sitename@gmail.com instead.
I'm embarrassed to say that it wasn't until I'd been using this technique for multiple years that this occurred to me. I've kept doing it out of inertia ever since.
I'd say "it works if you make sure that no legitimate mail will lack a +", but some sites fail horribly when there's a + in your address. (I once got stuck in a situation where the "new account" form on a site accepted the + version, but their login form (based on email address) didn't.)
It may be beyond your level of interest to try, but I've often experienced that sites who put dumb validation rules in the browser will therefore omit the validation on the server. Thus, you're one well crafted curl request away from unsubscription bliss. Chrome will also give you some help in that its network request list in the developer tools has a "copy as curl" in the right-click menu.
I've been using http://10minutemail.com/ for years now. It's not pretty, but it works and I can't recall any of the generated addresses ever being rejected.
While we're all linking to our favorite alt, don't forget blur from abine.com. It's a browser extension that adds a "mask my email" button when you select an email field, and forwards those emails to you. Each forwarded email has a link at the top that allows you to turn off that address forever. Also does password generation and other cool stuff.
There is a depressing theme on this thread that businesses == spammers. I am sure that a long history of poor email use by many companies helped create this impression, but this way too broad of a generalization.
Our startup has a "free report" where we analyze a single page and dependent resources for ~420 front-end performance issues. We believe that this has value. For that free report, we ask for a valid email address, so we can send you 1 email, from an actual person, to ask what you thought of the findings and to offer to answer any questions. That's it. You get something, we get something.
Now, I understand that 1st time users can't/don't know if our free report value, so they don't want to give us something you consider valuable in return. But using a temporary email to get peek at value from me is a dick move.
1000 people rush to tell me: "But if you service has value then people will come back and [blah blah blah]".
Well, you have a gut feel and I have 4 years of data. And we have had 0 temp email providers ever want to talk with us. Clearly we provide value, because we have a number of large customers in the retail and media spaces. What I've learned is the type of person who uses a temp email provider doesn't see the value that our customers do. They don't fit our customer model, so we don't spend time or energy on them, and importantly money/resources on them. Instead we filter the major temp email providers and display a message explaining our email policy, and ask them to use a real email address. People can get around it, but it raises the bar and explains our position, which is really the only thing I can do.
Jerk companies have created an environment that is tarnishes everyone, and that is depressing as hell.
I use 33mail.com for everything (it tells me who sold my address and can also block them from ever emailing me again). The amount of email that doesn't have unsubscribe links is really, really low, and so is the amount of unsolicited email I get after handing out my address. So low that I don't really have to use 33mail, I guess, but there has been one company that sold my address, I think, in the last five years, so it's worth it.
The vast majority of spam is bots who just randomly send mail at domains, or bots who scraped my email address from my website. That's a much bigger source of spam for me, so don't fret too much about your service.
That said, people whose unsubscribe links aren't one click should get multiple papercuts, especially if their email settings are managed behind the account password I've long forgotten. I send those to spam with glee.
From your perspective, is there a difference between "user gives you a temporary email address" and "user gives you their real email address and ignores the email you send"?
Yes, to me they are different. Temp email users could see my email, and ignore it. A real email user could see the email and ignore it. While the outcome is the same, for me it's a matter of intent.
A disposable email address feel like "I don't trust you, go away, you are not allowed to talk to me". Great. I understand, and being selective with your trust is good. But I'm not some random person walking up to you on the street and saying "give me your email address". You came to me, and you are asking me to give you something (in this case, an analysis of your website's front-end performance issues). In return, I at least want the opportunity for my email to rot in a place that might actually get your attention :-)
I personally do not use services like this but I'd be interested if it provided features like Mailnesia that auto-clicks confirmation links for you. http://mailnesia.com/
I have never used Mailnesia but I remember reading about a service like this (may have been this one) and I wanted to add it here in the comments for anyone who missed it.
There are reasons to not block these emails and there are good reasons to block them (but you better not admit that on HN if you do).
Number 1 reason to reject is: these users never (99.99%) become customers.
Yet another item to add to my user verification service - which blocks these kinds of things. I like getting my users real email address - and blocking "high risk" accounts
I have been using http://tempmail.de for a while. Its not blocked by any websites (From the ones that I have tried registering with. They are quite a few) And the best part is that you don't need to register an account to use the mailbox. You just need to visit the website and would be presented with a mailbox. You may get as many mailbox you need, by opening it in Private Window, every time.
I already have all my email accounts forwarding to my main address, and have configured Gmail to let me send as other addresses. So while it sounds useful, it already kind of exists.
My setup is both. All accounts filter in to my main account, but from that main account I can send as any of those addresses. As a non-Voice user though, perhaps I'm misunderstanding your proposal. Gmail does have advanced filtering though for forwarding to other addresses.
In the case of this website, I have to open up a new tab and go here first, note the random email name generated to me, put it in the signup box, and maybe tab back and click a confirmation link mailed to the inbox.
Sure, it's a bit nitpicky, but I see no direct improvement made on existing services for my particular use case. If I need a "private inbox" for a website signup, I probably care enough to use my own personal email.
[1] http://mailinator.com/