I use Yahoo Mail Plus. I’ve seen it mentioned in a couple of the articles in
your archives, which I’ve searched. One of the features of Mail Plus, as you
know, is the use of disposable addresses. I have about 25 to 30 right now for
various registrations and accounts including your newsletter. But after the
Honin debacle, I have to question how secure doing this is as opposed to
opening new email accounts from different providers for each and every
registration. I ask because it strikes me that all of those disposable
addresses I have are ultimately tied to the same password in my Yahoo account.
As near as I can tell, there’s no way to set up a unique password for the
disposables. I use a very strong password on my Yahoo account but I still have
to wonder just how much more secure it is using the disposables? So is there
really that much security benefit in using the disposables?
In this excerpt from
Answercast #70, I look at why disposable email addresses might be used.
Become a Patron of Ask Leo! and go ad-free!
Disposable email addresses
My take is, no. My take is – ultimately, that’s not really disposable email
addresses are about.
What they’re really about is managing spam: managing people that misuse your
For example, let’s say you sign up for a newsletter and you use a disposable
email address to do so. That newsletter then sells your email address to
spammers or somehow turns into a spammer themselves. You can then immediately,
and permanently, remove all of that spam, stop getting anymore spam that is
sent to that email address by – simply disposing of the disposable email
address. In other words, doing whatever Yahoo lets you do to stop receiving
email from this disposable email address.
That’s the point of disposable email addresses. That’s why they’re called
They’re not really a security measure in the sense that you’re talking
about and in the sense of the set of circumstances that led to Matt Honin’s
getting hacked some months ago.
Securing email accounts
What you care about most is that your accounts are (as much as they can be)
independent of one another. Now, I’m not saying that your subscriptions, and so
For example, if you have a Yahoo account and a Gmail account, make sure that
they are not necessarily the alternate email address for each other. Because,
that way someone who hacks one – can then hack the other.
The right way to do it is to potentially have a third,
intermediate account that you would use only for recovery and so
The Honin articles that I have go into that in a little bit more detail.
Disposable email addresses for security?
But, I want it to be clear about this use of disposable email addresses. I
don’t consider them a security measure in the sense of securing these
They are a convenience and a spam management tool – to let you deal with how
other people might misuse the email address that you’ve actually given to
So, the best thing you’ve done so far is to make sure that you’ve got a very
strong password. That’s fantastic.
As always, all of the other security measures apply. Make sure there’s no
malware on your machine so that someone isn’t capturing your very secure
password as you’re typing it in. Make sure you’re using open Wi-Fi hotspots
correctly, if you’re using them at all.
Those kinds of things are what really play into the security of this
End of Answercast #70 Back to –