Thursday, January 8, 2009

No, Mailinator didn't spam you

I must say, it's rare these days but I still now and then get emails from folks that think Mailinator spammed them. As it says on our contact page, this is pretty unlikely. I say that because Mailinator is custom software and that software contains no specific way to actually have a user "send" email. There's no chance of Mailinator being an open-relay as it stands. And of course, there is no place at all on the site to accept an email for sending.

I suppose its possible, but it would involve a hacker breaking into the server, installing some other email server (which would likely conflict with mailinator itself), configuring it, and then start pummeling it for their nefarious purposes. Given that any self-respecting spammer has a billion zombies at their disposal and that this would definitely be discovered very quickly (my colo vendor loves to watch my bandwidth), it doesn't seem like an efficient way to spam.

In any case, I still get accused of spamming at times. And all that accusation takes is for a spammer to forge the return address as a mailinator address. Let me tell you, forging a return address is stunningly easy. Here's 3 million or so guides how to do it if you're wondering.

Below is an actual email header someone sent me.

The interesting parts are really the first two lines. As you see the forged return path is Now if you know mailinator, you know ANYONE can check that box. It belongs to no one and everyone (as outlined in the FAQ - Mailinator guarantees NO PRIVACY. All emails are viewable by ANYONE).

The 2nd line (i.e. Received:) shows the IP (and dns) of the server that actually sent the email. Something at That looks like a hosting company somewhere. One thing I can tell you though is that that server has zero to do with mailinator. The spam email never ever touched the mailinator server. So even if I devoted my life to stopping this email, there's nothing I could do.

Received: from (
by (8.14.1/8.14.1) with SMTP id n083RPV6001157;
Thu, 8 Jan 2009 03:27:26 GMT
From: "RON"
Reply-To: "RON"
To: xxxxxxxxxxxxxx --> edited

This is sort of similar to a phishing attack. Someone gets an email from their bank, then goes to the phish site, then loses all their money. In truth their bank had nothing to do whatsoever with any of that but the bank still gets blamed.

The saddest part for me is that even after I respond to people showing them the real culprit, its not uncommon for them to stay mad at me. I suppose its because they then don't know who they're going to yell at now and I'm still available for the job.

Mailinator is about letting you protect your real email address. It might be to prevent spam but at times it might even be to receive spammy email they really want (just not at their primary address).

Regardless what you use it for, it won't email you. It just doesn't do that.

Plenty of people threaten to blacklist Mailinator from ever sending them email again. Yes, please do! As I've said in the past, feel free to put on the tippy-tippy-top of all your spam blacklists. Mailinator doesn't send any email at all - so you can be sure any email that looks like it came from a mailinator address is forged. And I'll sleep just fine if such email gets blacklisted.


Joni said...

Goes to show that when dealing with email you get affiliated with all sorts of phenomenon it has created over the years. Thank you for the educative attitude for those seeking answers and the service itself! I'm sure you have an excellent position as admin of mailinator to look at the trends in spamming as well.

BbL-Kevinus said...

It is kinda funny that someone would think mailinator spams his/her email.

Anonymous said...

I have a website of my own, and I received email that I had spam them. The truth is that a user or more than one users created blogs from my website's free blog hosting services, and then they spammed other blogs and websites with their blog links. Other bloggers thought that my website had spammed them. This is a big headache for me. So I can understand how you feel when others said that Mailinator had spammed them. I think if other people actually take time to look into the website or service that they want to accuse before they actually jump on the gun.

Anonymous said...

Dude, I just wanted to say. Mailinator has been a trusted friend for many years. Wanted to thank you for the service, and keep on fighting spam!!

hewfish said...

Do you have SPF records for An SPF may reduce the occurrences of this if the receiving party does an SPF check.

Email Spam Protection said...

Great Explanation Thanks : Anatomy of a Spammy Campaign

Mailinator is a popular disposable email service. It's also become a great tool for QA Teams to test email receipt, acknowledgment, au...