Spam Solution? - Society for Computers & Law

An issue unique to information is that once it’s out, realistically you can’t put the genie back into the bottle. Someone who has your e-mail address (or other personal details) might perhaps be made to delete it or never use it again; but you may not know who they are, and anyway you can’t erase your details from their brain, nor can you possibly track down and gag everyone who could have been passed your details, or stop them from disclosing your personal information to others.

So if your e-mail address is let loose – perhaps in breach of privacy or data protection requirements, or perhaps just because you had to disclose it in order to obtain goods, services or information – then have you lost your privacy for good? Will you then always be exposed to an increasing, never-ending avalanche of junk mail?

Nobody likes junk e-mails, aka spam – except spammers. Spam e-mails slow down the Internet, take up precious space on servers and our personal computers, waste our time in having to read them (those disguised as legitimate e-mails) or to delete them. Many are downright fraudulent, pornographic or otherwise offensive. I don’t use my previous free Webmail account anymore because the spam flood has grown exponentially, overwhelming genuine e-mail and taking my account over capacity every three or four days. I opened a test account with a long unguessable name once, excluded it from directory listings, deliberately didn’t give anyone the address – yet still, within a few days, the spam started.

Quite apart from leaky Webmail services, spammers could get your e-mail from all sorts of sources – a single query innocently made to a business by e-mail or Webform, Usenet posts, mailing lists you’ve signed up to, etc.

How do we deal with spam? Some people use filtering rules in their e-mail programs, but they take time to set up, don’t always work, and you risk deleting legitimate e-mails. Some check and delete mail from their ISP servers before downloading mail to their own computers. Other possible answers have been touted. But many people don’t have the expertise, time or patience to do anything about it, and just live with having to download and delete spam. Changing ISPs or e-mail address would be drastic, and you may stop receiving genuine e-mail unless you spend ages ensuring you’ve given your new address to absolutely everyone you want to have it (and you may still forget someone).

A Solution?

I’ve recently discovered an easy, painless solution: disposable e-mail addresses (DEAs). I’ve been using Mailshell’s free trial Web-based e-mail service for about 6 months now, having fortuitously come across it while surfing for something else, and I love it. Mailshell (at http://www.mailshell.com/) offers a paid-for ‘Premium’ service with many more features, at US $34.95 a year.

What’s a DEA? It’s a single purpose address which is discardable without affecting your other e-mail if, for example, you start getting spammed on that address. The classic use of a DEA is on a Webform. Say you’re visiting a big corporation’s site and they want your e-mail address before they’ll send you any info or even let you into their substantive site. Or you want to ask them something but have never dealt with them before. Either way, you’re not sure what they’ll do with your address: bombard you with sales pitches, sell it to direct marketing or other third party companies who may in turn bombard you with spam? Maybe they say they won’t do that, but you don’t want to put that to the test?

The answer: use a DEA. Then, if you start getting spammed on that DEA, just delete the DEA in Mailshell, and all
e-mail thereafter sent to that address will automatically be junked (though you can later restore that address if you want). Mailshell allows any number of DEAs.

Here’s an example. Say my free Mailshell e-mail domain, which I choose on joining, is mychosenname.mailshell.com. My DEAs would take the form ‘youthere@mychosenname.mailshell.com’. When I e-mail BiggusCorpus.com or fill in my address on their Webform, I could use ‘bigguscorpus@mychosenname.mailshell.com’. Or with FacelessMonolith.com I’d give my address as ‘facelessmonolith@mychosenname.mailshell.com’. Mailshell suggest that format so that you can easily tell it’s BiggusCorpus who is responsible if you get spam sent to that address. That’s fine for forms or e-mail, but may confuse BiggusCorpus job’s worthers who take your e-mail address over the phone, so sometimes I tell them my
e-mail address is ‘bigguscorpuscustomer@mychosenname.mailshell.com’ etc.

Obviously you can make up any address you like. DEAs have lots of uses, eg when joining a mailing list or making a Usenet post, you can use a DEA specific to that list or group (or even specific to one particular post). For trusted friends and relatives, use a DEA you don’t give out to anyone else and ask them to keep it confidential.

Aha, you think – a flaw. What’s to stop evil spammers who realise you have a DEA from spamming any old made-up addresses at your Mailshell domain? Well, all DEAs not created from within Mailshell are subject to approval; mail sent to unapproved addresses is directed as you choose, eg to Junk or Pending folders (or even your Inbox if you prefer). Also, with the Premium service you can use your own (non-Mailshell) domain name for e-mail, which won’t reveal that you have DEAs. And of course, spammers could equally make up e-mail addresses at known domain names as well as Mailshell DEAs.

In terms of mechanics, Mailshell have thought things through very well, and they welcome, respond to and (almost unheard of!) actually act on constructive user feedback. Though the service has been going since August 2000 (according to their Web site), the pace of development seems to have quickened in the last few months, with many features and improvements introduced recently such as the ability to import contacts from Outlook etc into their address book, an improved spam filtering main page, ability for Premium users to send attachments etc.

Features I like

There are many features I like. In common with many Webmail services you can block e-mail from certain addresses, or conversely approve only certain senders, and as mentioned there is an address book function. The options/preferences you can set are useful and flexible, and can be set separately for individual DEAs. There are several levels of spam filtering possible. The Help pages are among the best I’ve ever seen, genuinely helpful and clear as well as comprehensive. You can also:

store e-mails on Mailshell’s Webmail servers (up to 10MB of space allowed) and automatically file e-mail sent to different DEAs into different folders, or have them forwarded to the non-Mailshell address you gave Mailshell on joining; Premium service users can have each DEA forwarded to a different e-mail address (eg home, work, mobile). And (neat, this) if you simply reply to such a forwarded e-mail using your normal e-mail program, the return address is automatically set to the right Mailshell address
make up a DEA from within Mailshell, or just while you’re sending an e-mail or completing a Webform (without having created the DEA from Mailshell first) – with the latter you’ll still receive e-mails in whichever folder you’ve selected for filing e-mail from unapproved addresses
add notes against each DEA (eg to remind you of what Web site or group the DEA is associated with)
see, on logging in, the number of new unread e-mails in each folder and, with one click, view the list and access them in a single window – even if thee-mails are filed in separate folders; it’s not DEA-specific, but I really like this feature
set your start page to the main Inbox or Spam Filtering page (from which you control DEAs, blocked addresses etc)
(Premium service only) track sent e-mails so that you will know if and when they were opened, encrypt e-mails (using password or PGP encryption), and send attachments (up to three files, maximum 1.5MB total, no attachments possible for encrypted e-mails) – but note tracking of e-mails sent to Webmail accounts may still be buggy depending on the provider
send ‘shielded’ e-mail from OUTSIDE Mailshell (eg from your own computer’s e-mail program) so that it appears to come from your Mailshell account; replies automatically go to that account, and when you in turn reply, the return address remains at Mailshell

The seemingly cryptic Mailshell ‘Special Offers’ link is to info on mailing lists to which you can subscribe, safe in the knowledge that you can delete the relevant DEA if you wish (though they do offer unsubscribe options). This ability to sign on for lots of newsletters seems to be one of the services Mailshell highlights, though I confess I only tried a handful and unsubscribed after finding them not very interesting, at least to me.

What else do you get with the Premium service? Ad-free e-mails; more storage space (50MB) for e-mails you choose to keep on Mailshell’s servers; virus checking and screening out of hidden tracking devices; the ability to have Mailshell DEAs which use your own domain name and to point your Mailshell domain to your own home page; access to check and read Mailshell e-mail using your POP or IMAP-compatible desktop program (eg Outlook, Eudora); and the ability to collect in one place, ie your Mailshell account, e-mail from up to three external e-mail accounts (POP, IMAP, AOL, Hotmail, or Yahoo!), having filtered out spam from those e-mails. There’s a 30-day money back guarantee on the Premium service. A table comparing Mailshell’s features with those of other popular Webmail providers is at http://www.mailshell.com/mail/client/visitortour.html/step/3.

What I don’t like

There isn’t much I don’t like about Mailshell:

n you can’t (yet) organise your DEAs into groups/folders (eg to put the most commonly used ones at the top of the ‘From’ dropdown list on their Compose page – they are just in alphabetical order, in a long list: however Mailshell will probably address this as they have other points I’ve raised previously). Nor can you search for text within the DEA notes.

n lately it’s slowed down, ironically this started happening the day before Mailshell announced speed improvements. they say it’s teething issues, but I would personally want some kind of assurance about speed/uptime for Premium users (although how many other paid Webmail providers are willing to offer that?).

Alternatives and conclusion

Are there alternative services? Yes, such as E-mailias, which gives you a browser toolbar button to click to generate a new DEA – but that requires turning cookies on, and I won’t expose my PC to cookie planting by all and sundry just so I can use E-mailias. Plus I prefer to choose my own DEAs – E-mailias produces a combination of letters and numbers each time. And, as mentioned, I like Mailshell’s responsiveness to user comments.

Mailshell’s slogan describes their service as ‘Intelligent E-mail’. I couldn’t agree more. There is clearly still room for improvement, but this is the smartest solution to spam I’ve encountered.

W K Hon is an Information Lawyer whose DEA for SCL purposes is scl@soprano.mailshell.com. All trademarks and service marks acknowledged.

Upcoming events

SCL Webinar – Competing Interests at the Competition Appeal Tribunal (CAT): Balancing Technology with Complexity

Controlling Liability in IT Contracts – Clause and Effect

SCL Summer Networking Event – Organised by the Trainee Group

SCL Event: Procurement of Government IT Projects

Generative AI and Deepfakes: Understanding the Illusion