or Connect
AppleInsider › Forums › General › General Discussion › Apple wants to stop, track down spammers with automated disposable email addresses
New Posts  All Forums:Forum Nav:

Apple wants to stop, track down spammers with automated disposable email addresses

post #1 of 69
Thread Starter 
The U.S. Patent and Trademark Office on Thursday published an Apple patent application describing a system that thwarts spam mail by automatically generating and handling "disposable" email addresses, all while being transparent to the end user.

Disposable


According to Apple's patent filing, suitably titled "Disposable email address generation and mapping to a regular email account," the integrated system would work at the server level to act as a screen for incoming spam mail.

Further, these generated email accounts can be intelligently tagged with contextual clues to help users track down the source responsible for handing off the address to a spam provider.

As noted in the document, email has become a ubiquitous form of communication. Just as physical mail has "junk mail" (advertisements, pamphlets, etc.), so too does email in the form of spam. Unlike snail mail, however, the level of spam can quickly become unmanageable. Not only are user addresses easily obtainable and transferable, but the costs associated with sending digital junk are comparatively miniscule.

To help combat the rising tide of spam, some users have turned to disposable email addresses that can be easily destroyed or deactivated once abused by a spammer. These accounts usually forward mail to a permanent email address without exposing said address to unwanted parties. This saves users from the hassles associated with changing a permanent email address, such as remembering and notifying important contacts.

As it stands, the disposable email system is cumbersome, says Apple, and may require obtaining accounts from sources other than their primary provider. The generated account names are usually easily recognizable and are sometimes not accepted by certain automated online services that block bots.

Apple proposes an automated system that in some embodiments automatically creates and handles a temporary email address, associating it with a permanent non-disposable address. If and when a disposable account is misused, the user can dump it and move on to a new one without ditching their permanent address.

Disposable
Source: USPTO


In some cases, the system can assign context information when creating the disposable account. For example, if a user is giving their address to a vendor, context information associated with that vendor's name can be added as part of the address. If the user receives spam through that specific account, they will be able to examine the associated context information and use it to take action against the vendor for providing the address to an unauthorized party.

An important part of the application relies on the backend system's handling of incoming messages. With normal disposable address methods, emails are forwarded directly to users' permanent accounts. This may lead to accidental replies from a non-disposable address. Apple's system would automatically detect which account a reply is coming from and handle the transfer accordingly without exposing the user.

The temporary accounts would preferably be indistinguishable from a permanent address. For example, if email addresses associated with the server usually use the format "FirstName.LastName@domain.com," the system would create a similar disposable account for a user. Obviously, real names would not be used in such a scenario.

The remainder of the application details various implementations of the invention, such as browser plug-ins, email clients and server-level instruction sets. Also discussed are possible graphical user interfaces for both a dedicated app and Web clients.

Apple's disposable email patent application was first filed for in 2012 and credits Cameron J. Esfahani, Carl J. Norum, Daniel R. FletcherJames C. Murphy, Santo S. Sapienza, Shachar Ron and Stanley A. Rabu as its inventors.
post #2 of 69
"Further, these generated email accounts would be intelligently tagged with contextual clues that help users track down the source responsible for handing off the address to a spam provider."

YES! 1000 times YES!

Once they do that I'll be able to get my cyber hands around their cyber throats.
post #3 of 69
I wish that Apple at least started to do what Google does with Gmail: Cache all pictures and stuff on their own servers.

Today most spam gets validation thru HTML mail. Having picture/links cached on local servers stops this.

I understand that Google does this because THEY want to data mine the stuff instead. In Apples case: I trust them more, since they don't make their money from advertising/data mining.
post #4 of 69
This is so obvious that I'd expected it earlier. Still, great if they implement such a system. I used to create a gmail (sic) account if I ordered something online, and delete the account from Mail once delivered. As good as gmail is at getting rid of spam, I moved on, because, well, gmail is still Google after all.
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #5 of 69
Is the RFC process dead? Shouldn't the industry, through the RFC process deal with this problem?
post #6 of 69
Therein lies the difference between Apple & Google, one seeks ways to protect, one seeks ways to abuse privacy.
just waiting to be included in one of Apple's target markets.
Don't get me wrong, I like the flat panel iMac, actually own an iMac, and I like the Mac mini, but...........
Reply
just waiting to be included in one of Apple's target markets.
Don't get me wrong, I like the flat panel iMac, actually own an iMac, and I like the Mac mini, but...........
Reply
post #7 of 69
Quote:
Originally Posted by Wings View Post

"Further, these generated email accounts would be intelligently tagged with contextual clues that help users track down the source responsible for handing off the address to a spam provider."

YES! 1000 times YES!

Once they do that I'll be able to get my cyber hands around their cyber throats.

 

I've been using this system for some time

  • Generate private 'key'
  • Hash it + website url together using crypt algorithm
  • Resultant hash becomes your email, 59h209hf8234hf892etcyougettheidea@domain.com

 

If only I had realised this was patentable!

post #8 of 69
Good God.

You all sound like you don't want bigger, more erect penises!

1wink.gif
Android: pitting every phone company in the world against one, getting a higher number, and considering it a major achievement.
Reply
Android: pitting every phone company in the world against one, getting a higher number, and considering it a major achievement.
Reply
post #9 of 69
Quote:
Originally Posted by GTR View Post

Good God.

You all sound like you don't want bigger, more erect penises!

1wink.gif

LOL, that made me nearly spill my coffee.
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
post #10 of 69
sounds like spamgourmet.com to me. Works like a charm.
post #11 of 69

I used to have this with Yahoo mail, until Marissa's redo, when it disappeared. It was nice that they had it somewhat integrated into existing accounts.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #12 of 69
Quote:
Originally Posted by waldobushman View Post

Is the RFC process dead? Shouldn't the industry, through the RFC process deal with this problem?

 

The "industry" includes companies who want to spam you and other companies who want to track you.  The RFC process has proven to be ineffective in cases where there are competing interests (ref: Adobe/HTML5 and Google/Do Not Track).

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #13 of 69

So stupid. It's just e-mail. If someone wants to e-mail you, they should be allowed to do so.

post #14 of 69
Quote:
Originally Posted by John.B View Post
 
Quote:
Originally Posted by waldobushman View Post

Is the RFC process dead? Shouldn't the industry, through the RFC process deal with this problem?

 

The "industry" includes companies who want to spam you and other companies who want to track you.  The RFC process has proven to be ineffective in cases where there are competing interests (ref: Adobe/HTML5 and Google/Do Not Track).

 

As if on cue:  Firefox to start putting new ads in new places | Ars Technica

 

I rest my case.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #15 of 69
Brilliant! I wish I thought of that.

But seriously, there have been many other companies doing this for many, many years. Lots of prior art. One good one today is called Abine.com.
post #16 of 69
Quote:
Originally Posted by pmz View Post
 

So stupid. It's just e-mail. If someone wants to e-mail you, they should be allowed to do so.

I want the exact opposite.  If anyone you don't know or approve wants to email you, they cannot.  Surely this would not be hard to implement.

post #17 of 69
Quote:
Originally Posted by GTR View Post

Good God.

You all sound like you don't want bigger, more erect penises!

1wink.gif

 

I love this company. Like was said earlier, Apple seeks to protect their users from spam while Google is the exact opposite. Bring it on!

 

 

Maybe those who are raving about it…..don't need the help! :D 

You talkin' to me?
Reply
You talkin' to me?
Reply
post #18 of 69

This is why I have my hotmail account and had it since the 90's, anytime I do business over the internet with a company I am not sure about they get the hotmail account email and I let M$ deal with all the spam. Since I have been doing this my person IPS email address has never been spammed. M$ does a pretty good job of filtering out the spam, but the account does get hit from time to time with Spam.

post #19 of 69
Quote:
Originally Posted by waldobushman View Post

Is the RFC process dead? Shouldn't the industry, through the RFC process deal with this problem?

Clearly, the RFC process has not demonstrated a stellar track record in dealing with this problem.

post #20 of 69
Originally Posted by GTR View Post
Good God.

You all sound like you don't want bigger, more erect penises!

1wink.gif

 

Oh, no. You don’t understand. It’s not us… it’s Apple. Apple is doing this to get back in bed (so to speak) with the spambots! I have proof! Look at the mailing address! 

 

post #21 of 69
Quote:
Originally Posted by GTR View Post

Good God.

You all sound like you don't want bigger, more erect penises!

1wink.gif

"I once tried setting my email password to penis, but it was too short"

(getting old, but hope it's still allowed)
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #22 of 69
Originally Posted by PhilBoogie View Post
(getting old, but hope it's still allowed)

 

That’s fine; you’re allowed to get old.

post #23 of 69
Quote:
Originally Posted by Tallest Skil View Post

That’s fine; you’re allowed to get old.

LOL, without getting hurt.
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #24 of 69

Disposable emails sounds like too much of a hassle. I use a spam filtering service which works wonderfully and I don't have to do anything. It just works. I don't usually get any spam on iCloud either so Apple apparently has pretty good filtering already. 

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #25 of 69
Quote:
Originally Posted by GTR View Post

Good God.

You all sound like you don't want bigger, more erect penises!

1wink.gif
You win the Internet for the day! Just toooo funny! 1biggrin.gif
Knowing what you are talking about would help you understand why you are so wrong. By "Realistic" - AI Forum Member
Reply
Knowing what you are talking about would help you understand why you are so wrong. By "Realistic" - AI Forum Member
Reply
post #26 of 69
When google apps for domains was free, I used their groups (not today's Groups) to do exactly this.

Since all those domains were grandfathered in for free, I still use it there.

But, really, patent? That's a joke and an abuse of the concept of patents.

Nobody patented junk mail yet?
post #27 of 69

I already do this manually using an email service with sub-domain support.  It's very effective.  I provide a unique email address to every service I register and as soon as one gets compromised I simply block it.  Depending on the service I may even block the address proactively and only unblock it if or when I need to.

 

It's great that Apple are looking to take this approach on board at the server level and make it automatic and transparent to users.  A very intelligent idea and I hope they can implement it soon (if they haven't already).

 

The other benefit to this approach is limiting the linking and unification of profiles from a government spying perspective...


Edited by s.metcalf - 2/13/14 at 11:33am
post #28 of 69
Quote:
Originally Posted by WelshDog View Post
 

I want the exact opposite.  If anyone you don't know or approve wants to email you, they cannot.  Surely this would not be hard to implement.

 

You can achieve something like this using email rules.  Most email applications have pretty good rule management including Mail in OS X.  For instance you can set up a rule to only receive emails from people in your contact list and people you've emailed previously.  The problem is this isn't occurring at the server level.  You'd still be getting emails from others but would just be automatically deleting them or forwarding them to the trash.

 

Some other services like the one I mentioned above give you more powerful rule management to block emails at the server level so they're never actually delivered but either bounce or are deleted before being delivered.


Edited by s.metcalf - 2/13/14 at 11:36am
post #29 of 69
Quote:
Originally Posted by WelshDog View Post
 
Quote:
Originally Posted by pmz View Post
 

So stupid. It's just e-mail. If someone wants to e-mail you, they should be allowed to do so.

 

I want the exact opposite.  If anyone you don't know or approve wants to email you, they cannot.  Surely this would not be hard to implement.

 

Exactly.  An email whitelist.  If I wanted email from you, I would've added your account already.  If they can't authenticate email sources (i.e. spoofing), that would be the next best thing.

 

Come to think of it, I'd like that for my cell phone as well.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #30 of 69
We have prior art. Our CanIt anti-spam system has had a feature called Locked Addresses that does exactly this (only in a better-designed way) since 2005.

I have filed an application with USPTO outlining our prior art.
post #31 of 69
Originally Posted by dskoll View Post
We have prior art. Our CanIt anti-spam system has had a feature called Locked Addresses that does exactly this (only in a better-designed way) since 2005.

I have filed an application with USPTO outlining our prior art.

 

Thanks, patent troll. Get off it. Unless you’re just giving an example of that, in which case: spectacular sarcasm.

post #32 of 69
I am not a patent troll. We did NOT apply for a patent for our Locked Addresses feature since we do not believe in software patents. I merely sent the prior art to the USPTO to PREVENT Apple from being granted a patent.

You can Google "CanIt Antispam" to see who we are and what we're all about.
post #33 of 69
Originally Posted by dskoll View Post
I am not a patent troll. We did NOT apply for a patent for our Locked Addresses feature since we do not believe in software patents. I merely sent the prior art to the USPTO to PREVENT Apple from being granted a patent.

 

And you’re confident that you have this as a patent and there’s no difference whatsoever in Apple’s proposed implementation?

post #34 of 69
Quote:
Originally Posted by Tallest Skil View Post

 

And you’re confident that you have this as a patent and there’s no difference whatsoever in Apple’s proposed implementation?

 



I am confident that our Locked Addresses feature implements most of the claims in Apple's application, yes. It also predates the application filing date by some seven years.

A clever patent lawyer will most likely find a way to salvage some of Apple's claims... that's the job of a patent lawyer. But I'm pretty sure we can invalidate most of the important claims.
post #35 of 69
Quote:
Originally Posted by Maestro64 View Post
 

This is why I have my hotmail account and had it since the 90's, anytime I do business over the internet with a company I am not sure about they get the hotmail account email and I let M$ deal with all the spam. Since I have been doing this my person IPS email address has never been spammed. M$ does a pretty good job of filtering out the spam, but the account does get hit from time to time with Spam.

 

  Same here.  My main email has been Verizon/Yahoo and I need to use Gmail ones for work, but I also have a don't-use-for-anything-else Hotmail account that I started in the late '90s for anything that doesn't have to be my real email.  Lots of verifying via email sent to me.  I also use it as my cc to myself so that doesn't fill up my Apple Mail.  And that semi embarrassing Hotmail account has turned out to be the least screwy experience of all of them.  Gmail gets less junk than the others but is by far the worst to use, as far as I'm concerned.  Verizon/Yahoo has far too many technical problems (even aside from the disastrous remaking of their webmail site).

 

 Weird but true.  Hotmail not be the most amazing experience but by not getting worse like nearly every other large service they don't come off badly at all.

post #36 of 69
Originally Posted by dskoll View Post
I am confident that our Locked Addresses feature implements most of the claims in Apple's application, yes. It also predates the application filing date by some seven years.

 

Could you link to the USPTO page for that patent, please?

 
But I'm pretty sure we can invalidate most of the important claims.

 

Doesn’t even exist and you’re already gunning to invalidate? Expect no sympathy here.

post #37 of 69
If you read the article, it clearly states that this system would be transparent to the user.
They are probably looking to implement this with the iCloud email system.
Quote:
Originally Posted by mstone View Post

Disposable emails sounds like too much of a hassle. I use a spam filtering service which works wonderfully and I don't have to do anything. It just works. I don't usually get any spam on iCloud either so Apple apparently has pretty good filtering already. 
post #38 of 69
Quote:
In some cases, the system can assign context information when creating the disposable account. For example, if a user is giving their address to a vendor, context information associated with that vendor's name can be added as part of the address. If the user receives spam through that specific account, they will be able to examine the associated context information and use it to take action against the vendor for providing the address to an unauthorized party.

 



This is what I would do with my own mail server. Put the site name on the address I registered to so I could have prove the site is abusing my email address.
post #39 of 69
Quote:
Originally Posted by Wings View Post

"Further, these generated email accounts would be intelligently tagged with contextual clues that help users track down the source responsible for handing off the address to a spam provider."

YES! 1000 times YES!

Once they do that I'll be able to get my cyber hands around their cyber throats.

As I think about it, maybe it's not so surprising that Apple came up with this. After all, it's kind of what they've been doing (as it's been rumored) to ensure secrecy of their new products - they give different employees different parts of it, with different "contextual clues", so if it leaks, they can track down where the leak came from. It's pretty clever to expand this to a system of tracking down spammers.

post #40 of 69
@Tallest Skil:

Our Locked Addresses feature is not patented because I am philosophically opposed to software patents.

Secondly, under patent law, prior art does not need to be patented. You merely need to show that an invention has been invented and published before the filing date. We invented and published the Locked Addresses feature in 2005. If you wish, I can post release notes, our source-code control history or the mailing list archive announcing the feature. Or you can find various online sources who covered our release... for example, http://net-security.org/article.php?id=854

I also described the basic idea in 2003 to the IETF's anti-spam research group... you can read an archived email here, for example: http://www.ietf.org/mail-archive/web/asrg/current/msg00672.html

Amusingly, I used the Locked Addresses feature to sign up to Apple Insider. If they sell my email address, I'll know about it!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple wants to stop, track down spammers with automated disposable email addresses