Easy throwaway email addresses with Google Apps

When signing up for online services, I don’t like to use my real email address. While the vast majority of services are reputable nowadays, I don’t want to end up in a situation where Gmail’s spam filter is my inbox’s last line of defense. In order to make this usable, I have two requirements:

1. Create specific email addresses for each service I sign up for, and make the connection obvious between the address and the service.
2. Not do any extra work at point-of-signup.

I should be able to do this with Gmail’s plus-addressing, but most places don’t accept those emails as valid. Bearing that in mind, I have come up with the following solution, using Google Apps:

1. Buy or select a domain that you will use for this – for this example, we’ll call it mydomain.com.
2. Install Google Apps – standard edition is fine – onto your domain.
3. Create an email account (which I’ll call [email protected]) on your domain – this isn’t your primary address, and you’ll never check it – that will be used to hold all your incoming mail.
4. Set [email protected] as the catch-all address, as explained here.
5. Pick a three- or four-letter combination of letters that rarely occurs in normal language (for example, qkh) – this combination will be the key to getting through to your real email account.
6. Set up a filter in [email protected] that forwards all incoming mail where the recipient contains qkh to your real address.

How is this used? Let’s say I’m signing up for VIA Rail for the first time, and they need an email address – I’ll sign up using [email protected] (as opposed to whatever my real address is). Any email that gets sent to this address will get forwarded to my real account (because of the filter in step #6), and I’ll know that the email came from viarail.ca.

If I start getting a bunch of spam, I can look at the recipient’s (“my”) address to determine who I initially gave that email address to, blocklist that address in a filter so they don’t get to my inbox, and know not to do business with them again.

If this isn’t sufficient security for you, Sneakemail is pretty great – it rewrites the sender on messages you get so that when you reply, it goes through their servers and your real address is never leaked. The downside is that it requires a second login to create the customized address, and there’s no way to remember the addresses that’s associated with a particular service – which are both are somewhat serious usability negatives, which then impact how often the service gets used, and thereby how effective it is in controlling my inbox spam.