
Show HN: Tempmail.de – Temporary, disposable, anonymous email address - ruport
http://tempmail.de
======
teh_klev
What's the difference between this and say Mailinator [0]?

[0]: [http://mailinator.com/](http://mailinator.com/)

~~~
duiker101
the fact that ATM mailinator is banned from mostly anywhere it's enough for
me...

~~~
ozh
It's trivial to setup your own mailinator with a custom domain or subdomain --
[http://mailinator.blogspot.fr/2008/01/your-own-private-
maili...](http://mailinator.blogspot.fr/2008/01/your-own-private-
mailinator.html)

~~~
eik3_de
I use mailgun for that - it's easy to set up a catch-all on some unused domain
to forward to your email address. Free for <10,000 mails per month.

------
ecesena
Semi-OT. Having a b2c startup I have mixed feelings on this kind of services.

I totally value privacy (and security) and I support the existence of services
like this one, even thought -as a user- I don't completely understand the
difference between creating a random gmail address. The user's pain is usually
related to change the address (i.e., notify all my friends), so a service like
this one should actually resolve that pain specifically, IMO.

On the other hand, I also think this creates a mess with other businesses.
Users register to services using username+password that they inevitably
forget. If you just put the signup with Facebook + Twitter + Google, they
complain that you're requiring a social account. Even if they don't complain,
the sign up with Google and later they try to sign in with Facebook. In short,
the email is the only way to come back via password reset. But what if they
can no longer access the email they used to sign up?

~~~
delluminatus
One of the advantages of Mailinator and 33mail (two other services in this
space) is that they allow you to receive email at your aliases for as long as
you want, so they don't preclude password recovery. I think this service is
somewhat hamstrung by the limited period when the temporary address is
accessible.

~~~
ruport
There is no limit after registering the address. The idea was to cover
temporary needs as well as providing the posibility to use it persistently.

------
cookiecaper
Though there are several services that offer this same thing, it's always good
to have more available should they be needed.

Since the concept is not really novel, why don't you tell us about the
implementation? What's running on the backend?

~~~
ruport
Sure! It's just a postfix + mysql + php implementation. I got the domain some
weeks ago and now wanted to use it in a designated manner. So I set up this
site as a private project.

------
kafkaesk
>Collection and use of customer information

>Every access to our website and each download of a file on this website are
logged. The storage serves internal system-related and statistical purposes.
The following data is logged: name of the file, date and time of access, data
volume transferred, notification of successful download, web browser and
requesting domain. In addition, the IP addresses of the requesting computers
are logged.

While I'm sure you have your reasons for this, a service like this naturally
attracts users who value privacy and anonymity. Ever thought about adding a
warrant canary of some kind?

~~~
ruport
This refers to default apache log files. IP address is needed for spam (abuse)
prevention / captcha activation (e.g. too many new accounts per time). A
warrant canary is a great idea, thanks... I will add it.

------
teamhappy
Anybody know how this compares to anonbox?
([https://anonbox.net](https://anonbox.net))

\---

Anonbox is a service provided by the CCC
([https://en.wikipedia.org/wiki/Chaos_Computer_Club](https://en.wikipedia.org/wiki/Chaos_Computer_Club))

Source Code:
[https://erdgeist.org/gitweb/anonbox](https://erdgeist.org/gitweb/anonbox)

~~~
teh_klev
Their SSL cert seems to be broken according to Chrome 37.

~~~
teamhappy
You may want to install the CAcert root certificate.

------
Imposseburu
Bug: Mails are opened by clicking on its 'subject', this results in invisible
links for mails without a subject. You should consider to replace empty
strings with something like '[no subject]'

~~~
ruport
thank you! fixed.

------
chx
I like [http://www.stop-my-spam.com/](http://www.stop-my-spam.com/) much. It's
a temporary redirect to your real email.

------
BorisMelnik
Interesting tool. Would be great if you could send from here as well, after
all that is 50% of email.

Loved the examples you gave on the about us page, well said.

~~~
ruport
Sending might be a problem because of massive spam abuse and maybe getting
blacklisted in consequence. What do you think?

~~~
polshaw
I think you could make it not worth it for spammers fairly easily-- only allow
sending to one recipient, captchas, rate limiting by IP etc.

~~~
reacweb
These 3 examples are easy to work around using zombies. Even whitelisting only
people who have already written to you can be attacked.

~~~
ruport
so, from your point of view, are there any better ways to prevent automated
spamming ?

~~~
peterwwillis
Look into how Cloudflare handles detecting abuse of bulk automated http
requests (hint: browser trickery). RBLs will help, as well as basic rate
limiting. You can also do heuristics on the rate of mails going out from
multiple users in similar ways and impose a timeout on users when you detect
something 'feels spammy'. Basically you just want to make it so annoying to
send spam that they'll use someone else's service. You can also use
obfuscation techniques to make it difficult for spammers to determine the
method to use to automate requests.

------
chrisweekly
Hmm, I use inboxalias.com which has persistent disposable anonymous email. Is
tempmail better? if so, how?

------
tedchs
Anybody know of a good open source Mailinator like tool?

~~~
hugs
I created one: "MessageChecker" (MIT License)
[https://github.com/hugs/message-checker](https://github.com/hugs/message-
checker)

(It runs on Google App Engine)

