
Throttle – Control who can send you email - metabren
http://www.throttlehq.com/
======
kazinator
This is just anonymizing of addresses. Through your throttle account,
connected to a convenient browser extension, you can conveniently generate
throwaway addresses which forward to the real inbox. These addresses can be
shut down and since they are unique, they identify misuse.

Anonymizing isn't new. For instance Craigslist generates an anonymized e-mail
address through which people interested in your ad can contact you. (Of
course, if you reply to it, then you reveal your real address.)

People who run their own mail domains do this kind of thing on their own.

I have the following system: the local part of the e-mail address has a four
digit security code. If I give such an e-mail address to some vendor, it
serves two purposes: the address bypasses spam checks, so I'm sure to get the
e-mail. (Usually transactional e-mails are important and not easy to re-send.)
Secondly, I can change the code to shut down senders who abuse the the
address.

Some banks offer throwaway one-time-use credit card numbers linked to your
real credit card. That is very similar to this.

~~~
saltyshake
"Of course, if you reply to it, then you reveal your real address"

Do you ?

I am pretty sure it redirects everything through the CL email proxy and the
only way for them to know your real email address is for you to give it to
them (or they guess it from your "Name" which the CL relay copies from your
email).

~~~
kazinator
My bad! Sorry!

CL performs a decent, two-way anonymization. When you reply to a listing's
anonymized e-mail, your own e-mail address is anonymized (just not your name,
which I think comes from your From: header or SMTP envelope address? In any
case, you control that).

Furthermore, the originating SMTP paths are mutually concealed by CL. You
don't see how the mail arrived into CL, just how it came from CL to you; i.e.
it's completely remailed.

Lastly, even the Message-ID is rewritten. The originator's message ID could
contain clues about the mail domain and such; CL replaces it with their own.

Quite probably, they strip away the signatures from bodies as well; those
could inadvertently leak identity bits.

[Source: I searched my inbox for some CL interactions, several years old, and
examined the headers.]

------
ryan-c
Seems fairly similar to sneakemail[0] (which I have been using for more than a
decade), but with more polish. Looks like Throttle's basic service doesn't
handle attachments or replying (sneakemail does), which is unfortunate.

0\. [https://sneakemail.com/](https://sneakemail.com/)

------
55acdda48ab5
I discovered that when you delete your email address for a week almost all the
spam and newsletters disappear. I don't know exactly how it works, but it
does. So every couple years I just completely disable my email address for ten
days, or whatever, while on vacation.

~~~
actsasbuffoon
Everyone who sends email has to be very careful about upsetting email service
providers, because they'll mark your messages as spam if they suspect you of
misbehavior. Email providers use many metrics, and one of them is the number
of bounced emails.

It doesn't take much to be marked as a bad actor, so companies will quickly
remove you from their lists if you're jeopardizing their ability to get into
the inboxes of their other users.

Source: I've worked at a couple of companies that used email as a significant
part of their strategy to keep in touch with users.

~~~
gt565k
Very true. I've used SendGrid and Mandrill for transactional email services
and bounces count against your account's reputation.

Most of them will require warming up the account/IP you're sending the emails
from in order to increase the quota of emails you can send per hour/day.

------
cromulent
Takes about 5 pages until you get to the little price tag. I wonder how many
abandonments they will get. Personally I like seeing the price up front.

~~~
asciimo
And you pay for a year up front at $48! That's surprising.

This product seems like a good candidate for a free trial period. Users will
become invested to some degree during the trial and may be reluctant to stop
using it.

------
rshaban
Sounds great but I'm nervous to trust personal communications with a company
that seems to be so new – what if they fold? I lose all the emails I might be
getting sent. Without information about who's behind this, I probably won't
sign up

~~~
TomBombadildoze
Not only are they new, they're missing a bit of polish on the site. I'd like
to know how it works but the "how it works" link doesn't go anywhere. Their
browser extension also failed to install for me.

I like the idea but given the obvious problems and the fact that they want
four bucks a month and no trial, I'm inclined to avoid. Shame because I would
use something like this.

e: seems like "how it works" is meant to link to the video

------
simmons
I love the concept. In fact, it's somewhat similar to the manual, ad-hoc
scheme I've been using for years. It's always interesting to see exactly who
is leaking your email address to spammers (whether intentionally or
otherwise).

Edit: It does have the slight downside to making some human conversations
awkward. "Just to confirm, the email address we have for you is... wait,
what?"

------
kazinator
I like the browser plugin here which lets you generate these e-mails easily.

An open source version would really be handy for people who host their own
domains.

I could use a FireFox extension which lets me click next to some e-mail field
to generate an address by talking to some web shim on my server at home, which
generates the alias and binds it to my e-mail address via /etc/aliases, and
restarts Exim.

The generated e-mail could actually be a cookie which contains not only some
random ID but an encoded version of the domain name of the site against whose
page it was generated. So later, when that address is being abused, you can
tell where it came from without looking up any association in any file or
database.

------
jkldotio
The video on the landing page doesn't play properly and surprise surprise it's
Vimeo. People need to stop using Vimeo, they have incredibly bad service.

I have had problems with Vimeo for years now across multiple desktops,
multiple browsers, multiple mobile devices in multiple locations (across
Europe and Australia). It happens on both popular videos and videos in the
long tail which aren't being linked to at that moment by popular sites. It
happens on free Vimeo accounts and on premium Vimeo accounts. I give Vimeo a
pass when YouTube HD videos aren't working either but most of the time YouTube
HD videos are working just fine on these connections and it's just Vimeo can't
stream video reliably.

In this case the video wasn't even full motion, the background is static and
the keyframes and audio should have been a large slice of the bandwidth. But
it was stuttering at the start and now even after letting it load in the
background on a 70Mbps connection while typing this comment it's still
stalling near the end of the video. What are the Vimeo alternatives besides
YouTube?

------
mecer
Am I missing something? Why not just create a filter that permanently deletes
or marks emails from a certain sender as spam?

~~~
simmons
That doesn't catch the cases where the sender uses a different From: address,
or shares your email address with third parties.

~~~
mecer
Ah, I see. Looks promising then!

------
hawski
I was thinking about similar service. What would be different is that I would
give user subdomain and redirect all incoming traffic on SMTP SSL port to
connected client. I would give access for user to get SSL cert from Let's
Encrypt.

All this would give something better than promise that I would not look at
private emails, but I would have to build client application that would be
SMTP server inside. Handling LE automatically and all other seemingly
unrelated things.

Main use would be to use generated by application unique addresses for
registration purposes.

------
noja
I don't know who wants to send me e-mail.

------
hammock
No idea how it works (can't watch a video where I am and it isn't explained
anywhere else), but it does seem to consolidate a few useful features that I
currently get elsewhere:

-Combine mass mailings in to a single daily digest email (Unrollme)

-Find out who tries to sell your email address (Using email+website@gmail.com)

------
ptype
To achieve the same cheaply and without lockin, simply have your own domain
with a catch-all email forwarding to your real email address. Then always give
out your email address for a specific site as <site>@yourdomain.com.

~~~
kazinator
Yes, but this is a pain to administer. Do you have some nice tools for
generating these addresses and putting them into effect in the back-end which
underlies your domain, without having to whip out an SSH client, logging in to
some server, editing files and re-starting services?

I have my own "yourdomain.com". I pay to keep it registered and keep a server
running also. Most people don't have this; their mail domain is "gmail.com" or
whatever. Sure, a lot of problems could be solved if everyone just had their
own domain!

Speaking of "gmail.com"; I'm surprised Google doesn't just make this a feature
of gmail. It would be fairly trivial for them to implement for the benefit of
all gmail users.

~~~
hornbaker
It's already a feature of gmail. Just add "+whatever" to the username and it
will still route to you, e.g. use "john+sketchysite.com@gmail.com" when you
sign up at sketchysite.com.

Occasionally you'll run into a form with broken email validation that won't
let you use a + character, but I've been doing this for years and it works the
vast majority of the time.

~~~
kazinator
Because this is implemented by a major, very popular e-mail provider, it
effectively reveals your real e-mail address to spammers, who can just look
for this pattern in any address in the '@gmail.com' domain and strip away the
+ part. It will keep only the "honest" bulk mailers out of your inbox, not
hard-core spammers.

This type of thing _can_ work, but only for a small-time service provider
whose plaintext encoding scheme is not widely known. (Security thorugh
obscurity.) Even the hard-core spammers won't sift through millions of e-mail
addresses to crack some plain text scheme that is used by two or three of
them.

Also, you need the option to permanently destroy one of these, so that you
never see mail from it again. No filtering bullshit. Google should control the
exact set of anonymized addressees attached to your account. When you destroy
any one of them, any further attempt to send to it should result in a non-
delivery notice (SMTP bounce).

------
RyanShook
It's been around forever but a basic free way to mask your email address is
Spam Gourmet
[https://www.spamgourmet.com/index.pl](https://www.spamgourmet.com/index.pl)

------
nikolay
Great, but they seem not to have plans to create recyclable emails for person-
to-person communication, which is sad.

