I use Mailinator[1] for these purposes (which has hundreds of domains to generate emails for), and I have not been convinced to switch. After going to this site, I have to press a button before an email is generated for me. This doesn't optimize my use of a similar service (in fact, it is slower): I come across some site that needs an email where I prefer not to divulge mine, and I put in something like "signmeup@mailinator.com". I then go to Mailinator and do email confirmation, if necessary, with this open inbox. Some sites don't even require email confirmation to make an account, so I don't even have to deal with Mailinator! How great!
In the case of this website, I have to open up a new tab and go here first, note the random email name generated to me, put it in the signup box, and maybe tab back and click a confirmation link mailed to the inbox.
Sure, it's a bit nitpicky, but I see no direct improvement made on existing services for my particular use case. If I need a "private inbox" for a website signup, I probably care enough to use my own personal email.
I can also vouch for mailinator, it's a brilliant service.
Also, if you just need quick access to a site, you probably don't even need to make an account. Just go to the 'forgot my password' page and put in sitename@mailinator.com - someone may have previously created an account through mailinator, you can just grab the new password in the email and sign in :)
Rampant abuse from companies is one reason I started using Mailinator. See the vicious circle here?
If companies didn't use dark patterns (such as subscribing you automatically to newsletters when you purchase something), people wouldn't need to use disposable email addresses.
Agree 100%, I want to test your service to see if I want do buy it != I want you to contact me about said service forever and how you knocked 20 cents off If I buy it for the year.
And don't give me that nonsense that I can enable my spam filter either. By the same argument you can implement DDOS protection so don't worry about the botnet.
Great news for you: we never sent out emails like that. So the entire argument is moot. I also never said anything about spam filters.
Again, if you just want to avoid a newsletter, great. Try the service and move on if you don't like it. Using that as an excuse to abuse a service is the mental leap I can't make and I don't get how it's even defensible. If you really care about services like Mailinator, the abuse is something you should care about because companies will just keep making it harder to use your email hiding service of choice.
I own several domains if I really wanted to abuse the service I can create and destroy email accounts at will. Maybe you happen to be one of the good ones, sorry you got lumped in with 90 percent of your fellows. The only reason you are getting a legit email from me is if I value your service enough to want to be able to do a password reset.
Fully 100% of the Mailinator users that used our service were doing it to try to take advantage of a generous trial system. That says nothing of those that were trying to DoS the service. And the parent was essentially advocating for hijacking an existing account to avoid going through legitimate channels. If you don't want to abide by the ToS, then take the principled stand and don't use the service. Maybe even let the company know about it.
Plus addressing and filters are free and every email provider I'm aware of has them. If newsletters bother you that much, there are options other than a service designed for abuse.
Doing MX lookups was annoying so we solved our problem another way. We managed to cut out virtually all abuse without appreciably affecting conversion. It just sucks we had to leave behind the few that legitimately wanted to trial without a CC on file (although if they contacted us, we were happy to oblige). And it sucks we had to spend engineering effort trying to deal with abuse, almost all of it originating from a single, well-known provider (Mailinator) -- not the best use of time for a bootstrapped company.
I guess the next stage in this vicious cycle is a service that gives out free credit card numbers that can authorize but can't be charged (or maybe just a stolen CC database).
edit - Clarified some points due to inadvertently submitting early.
There is a service which gives you unlimited disposable credit card numbers, just ask your bank for it.
You can't stop abuse against a time-based trial, so why use a time-based trial?
I don't know your business, but you should consider designing an unlimited trial instead, if your service is good most people will eventually pay for it, or even better, someone else will pay on behalf of them.
A prime example is Dropbox, when you purchase specific phone models you get extra storage, the user didn't pay for that storage, but someone else did (most likely the company who is selling the phone).
@nirvdrum: I can't reply to you directly, probably because of the downvotes, but anyway...
My point is that when you design a trial, you should look for constraints that are more difficult to abuse, and also more valuable for a user, and definitely "1 month of service" is neither difficult to abuse, nor valuable for a user.
If you found a solution in requiring CC details on signup, it's OK, but that was just a temporary cure to your illness of having a time-limited trial. It's not the fault of mailinator, nor the fault of banks, is the fault of wanting to have one (trial) account per person.
South Korea even takes the extreme approach of requiring social security numbers to guarantee that every account reflects one (korean) person, yet it is trivially easy to find stolen databases of schools and companies, and many forums, especially gaming forums even recommend you to commit identity theft to play an online korean game.
Not even companies like Amazon, Google, Microsoft, etc. can save themselves from complex abuse techniques like stolen CC's, generated and valid CC's, disposable CC's, etc. You can pretty easily find news about massive DDoS attacks generated from their clouds using these techniques.
Regardless of how much effort you have spent dealing with abuse, if you are only playing wack-a-mole, you are just wasting your time.
I know it is easier said than done, but probably adding a proxy to do throttling, enforce global limits to free users (ex. domain + ip per hour/day), and stopping/reporting DoS attempts would had been a better investment than trying to prevent users from using Mailinator.
We're going in circles, so this will be my last comment on the matter. In our experience, over an extended period of time, there was virtually no legitimate use originating from Mailinator users. Maybe it's a fantastic service for others. For us, it was hands down the biggest source of abuse. It would be extremely difficult for anyone to convince me of its legitimacy in the face of the data we saw over a prolonged period.
And it's not even that Mailinator users would sign up, try it for 30 minutes, and then just move on. In that case, I'd just say they weren't qualified, didn't like the service, didn't find the value prop, whatever. But that's not what happened.
I don't really think the "you're going to get screwed, so just learn how to get screwed" attitude is really appropriate. There have been a few armchair theories on how we should have dealt with the issue. Suffice to say, 10 paragraphs of text here aren't going to enumerate everything we tried. And it's not as if we made no product improvements in that period either.
Simply put: if you don't want to use the service, great. If you don't find it valuable, that's fine too. But no one's taking the high road trying to perennially use a service without paying for it, meanwhile calling it a quality issue.
And none of this is abstract. We tried all sorts of technical solutions. People just found another way to abuse. We slapped the credit card gate up and had not a single Mailinator signup for the 2 years after that. It simply solved the problem. Maybe someone will up the ante with fake credit cards . . . for us, we found thousands of Mailinator users weren't willing to take that step.
I can assure you, abuse all but stopped when putting the credit card gate up.
We tried all sorts of things with the trial over our 5 year tenure. Way too much time went into dealing with abuse. In our case, it was a visual web testing service. When someone is abusing the service, another person can't use those browsers. Adding more machines might be scalable if you've raised money, but if you're bootstrapping (as we were) there's a very real ceiling to what you can afford. We were running well above the capacity needed for legitimate usage, at our expense, and still had problems stemming from Mailinator traffic.
Maybe other companies have a different experience and Mailinator users turn into loyal, paying customers. In our case, they did nothing but waste resources (both computing and human). And in 5 years, not a single one turned into a paying customer, yet many were happy to leech over extended periods of time (we could see the sites being tested, so tracking it was fairly straightforward). I admit, it was weird being able to classify one whole source of traffic as simply negative, but we had the data to back it up.
And just to clarify, abuse is being used in two contexts here: 1) people trying to use the service indefinitely without paying for it; and 2) people trying to actually DoS other sites, screw up our browser cluster by firing up pop-ups and print dialogs, and other general scumbaggery.
Totally depends on your service. Some services easily lend themselves to some sort of 'unlimited free/paid improved' model - e.g. GitHub's number of repos. Others, however, are really difficult to shoehorn into that model, and a time-based trial is the best option - a 'content centric' service, for example.
I'm sorry, but what's the context for this? I assume it's because I mentioned conversion. I added that part because I expected someone would ask what happened to conversion rate when we started requiring credit cards for trials.
My point is instead of trying to play whack-a-mole and forcibly herd your customers into an intended path, why not just offer clearly a visible path that provides them with something they care about at a price they are willing to pay.
In my experience, it is not easier to convert somebody on a trial to paying than it is to convert a non-customer to a paying customer, and your value prop (and the customer's understanding of it) is always the single biggest factor. Obviously, this calculus changes if you're going for an eyeballs-matter model.
Admittedly knowing little about the specifics of your situation, I still would feel comfortable saying the engineering/man-hours effort would probably have been best spent refining the portal and giving customers a greater insight in your value prop.
I think it is important to note that after you took the step of filtering out temp mail using customers, you said the conversion rate was unaffected, said with a positive tone. Unless there are significant marginal costs, this can be hardly be called a win.
The problem as I've noted elsewhere is the abusers were adversely affecting others. If I could have just ignored them as an annoyance, I'd have been with that. But that's sort of a total side comment. The point was in no situation did Mailinator users ever become customers but they still were a significant resource drain.
As for the conversion rate, it was a positive outcome. I probably should have been clearer that Mailinator users weren't factored into the calculation any more than any other widespread source of spam would have been. Strictly speaking, removing them increased conversion rate because a whole bunch of sign-ups with 0% conversion went away. My point was removing the Mailinator traffic, all other sources continued to convert at nearly the same rate and revenue didn't drop because Mailinator traffic truly wasn't converting anyway.
I'm willing to accept we just had an absolutely terrible business with an absolutely terrible business model and an absolutely terrible product. But if that's the case, why would so many people come from Mailinator and repeatedly use it?
They have a neat "registered" tier now which lets you use your own domain with mailinator but restricts it so that only you can see the mail: http://mailinator.com/featurematrix.jsp It's got some limits, but I've never hit them.
Well, you can use any username and its at your domain. So it's kind of like wildcard forwarding to a gmail account, but the workflow is very different: it's pull vs push. When you're "done" with an account you don't have to turn it off, you just don't check it again.
In the case of this website, I have to open up a new tab and go here first, note the random email name generated to me, put it in the signup box, and maybe tab back and click a confirmation link mailed to the inbox.
Sure, it's a bit nitpicky, but I see no direct improvement made on existing services for my particular use case. If I need a "private inbox" for a website signup, I probably care enough to use my own personal email.
[1] http://mailinator.com/