any junkware free coupon sites?

Hi All,

I have a customer who like to print out coupons for grocery
stores, etc. (brink and mortar). Chuckle: she catches a lot of
junkware.

Anyone know of a site she can go to that is "clean"?

Many thanks,
-T

"T" wrote in message ...
Hi All,

I have a customer who like to print out coupons for grocery
stores, etc. (brink and mortar). Chuckle: she catches a lot of
junkware.

Anyone know of a site she can go to that is "clean"?



Don't know a specific site, but I would suggest installing this.

WOT (Web Of Trust)
http://www.mywot.com/
--

~Bruce

On 10/5/2015 3:29 PM, T wrote:
Hi All,

I have a customer who like to print out coupons for grocery
stores, etc. (brink and mortar). Chuckle: she catches a lot of
junkware.

Anyone know of a site she can go to that is "clean"?

Many thanks,
-T
I have two strategies for such things...

Comodo Firewall has a single-click that turns your whole
computer into a sandbox. Any ?-ware that gets installed
will vanish when you close the sandbox and return when you
reopen it. Can also be deleted when you clear the sandbox.
I'm sure there
are other sandboxes, but this one is trivial to use.
Also great for those driver download sites that install
crapware before they tell you that they don't actually
have the driver you want.

Install another instance of an OS on virtualbox and run
your coupon escapades in there.

T wrote:

I have a customer who like to print out coupons for grocery
stores, etc. (brink and mortar). Chuckle: she catches a lot of
junkware.

Anyone know of a site she can go to that is "clean"?

Many of these sites require an e-mail address. They will e-mail you
their coupons. You may need to create an account at the site before
they show you their coupons. Often that means they send you a
confirmation e-mail with a link on which you must click to complete the
account registration. They want an e-mail address to use their site.
Learn to use aliases. Not forwarding services since those do not
protect your true e-mail address. A forwarding service works by you
giving your forwarding e-mail address to an untrusted or unknown sender,
and that e-mail getting forwarded to your true e-mail address. If you
reply to a forwarded e-mail, you will divulge your true e-mail address.

Aliasing services will hide your true e-mail address (to where aliased
e-mails are delivered). The sender uses the alias and their e-mail gets
forwarded to you. However, when you reply, it goes back through the
aliasing service (because they inserted a Reply-To header that points
back to them). Your reply gets headers strip that would show your true
e-mail address and replaced with their headers to make it look like your
reply originated at the aliasing service. That way the sender knows
about your alias and your reply to them is from your alias. The sender
never knows your true e-mail address.

There are several aliasing services. Spamgourmet is free plus you do
not have to login to an account to create, modify, or delete aliases.
That means you can create aliases on the fly, like someone at a party
asks for your e-mail address but you dole out an alias. SpamEx and
Sneakemail are paid aliasing services. For those, you log into your
account to create, modify, or delete aliases.

By using an aliasing service, you keep your true e-mail address
protected, even when replying to aliased e-mails. By using a unique
alias to each sender, you know exactly who violated your trust when that
alias gets abused by spam. You can also void an alias (set receive
count to zero for Spamgourmet or delete the alias for Sneakemail and
SpamEx) so you never receive any further e-mails through an alias.

It is not just coupon sites that will spam you. Some game sites do
that, too, like gamespot.com (about 3 days after giving them an e-mail
address, you will get spammed by their "affiliates" to whom they sold
your e-mail address). Menards.com will spam me within an hour (and from
a different domain because they contract someone else to handle their
spam jobs) of giving them an e-mail address that was supposed to only
get used to notify me for when a special order arrived at their store.
By give them an alias, they never knew my true e-mail address. Any
reply by me would go back through the aliasing service so they still
never knew my true e-mail address. By assigning each a unique alias, I
knew exactly who violated my trust. Their spam was immediately killed
by disabling/deleting the alias. They could never send me spam again.

Of course, your client has been doling out her true e-mail address so
that will remain floating around to everyone she gave it to. E-mail
addresses can float around for many years. I just did an online search
using several search engines looking on my personal information
(telephone number, address, name, and SSN). Some sites sell personal
information (because it is public data). They may have to buy the info
from the gov't but they sell it for more to anyone that wants that info
about you. Some give out teaser info: a bit of your personal info to
show it is accurate to lure someone (who wants to know more about you)
into buying the rest of the data. From even that teaser info, I found
some of these sites listed an old Yahoo Mail address that I had
somewhere around 12 years ago. So your client's true e-mail address
will float around for a long time. Even if she starts protecting her
e-mail address now, her old one is still out there. So she might
consider deleting her current account and create a new one so she won't
get any spam sent directly to her old e-mail address. Then she needs to
jealously protect her new e-mail address. Just because someone asks for
her e-mail address doesn't mean she has to dole out her new e-mail
address. Instead she gives them an alias.

I usually wait 9 months to update an account to show my true e-mail
address (enough time to ensure they didn't sell off my alias) *if* I
should decide to give them my true e-mail address (I could just keep
letting them know only my alias). The problem with adding any further
processing in the e-mail chain is reduce reliability of delivery.
Anything you add in the e-mail chain, even local proxies on your own
host, will reduce delivery reliability. So I they haven't violated my
trust after awhile, I'll update my account to let them know my true
e-mail address.

As far as junkware when visiting a web site, you cannot thwart your
client from stupidly installing software they give her. It is still her
choice to download the crap and install it. Some coupon sites
desparately want you to install their "coupon printer" under the guise
that you must use it to accurately print their coupon since, after all,
printing from a web browser is never reliable. Uh huh. If I site
requires that I download their software to look at or print their
content then I go elsewhere. Printing works just fine in the web
browser. I don't need their spyware. One way to get around using their
bogus print software but I want to get the coupon is to display their
coupon on their web site. Then I can use a screen capture to paste it
into Paint or another application to print it from there. The UPC bar
code still works when resized. Having to use PrintScreen to capture the
entire screen or Alt+Printscreen to just capture the current window's
content that has focus is clumsy. I use a clipboard manager (Clipmate)
that includes both window and region capture. There are other screen
capture utilities (e.g., PicPick) that can capture windows or selected
regions of the screen. If you can see it then you can capture it.

The site doesn't have to be "clean". If they want an e-mail address,
give them an alias. If they show you their coupon, you don't need their
spyware to print their coupon. Just capture the screen or just the
window showing their coupon and print that.

On 10/05/2015 08:21 PM, VanguardLH wrote:
T wrote:

I have a customer who like to print out coupons for grocery
stores, etc. (brink and mortar). Chuckle: she catches a lot of
junkware.

Anyone know of a site she can go to that is "clean"?

Many of these sites require an e-mail address. They will e-mail you
their coupons. You may need to create an account at the site before
they show you their coupons. Often that means they send you a
confirmation e-mail with a link on which you must click to complete the
account registration. They want an e-mail address to use their site.
Learn to use aliases. Not forwarding services since those do not
protect your true e-mail address. A forwarding service works by you
giving your forwarding e-mail address to an untrusted or unknown sender,
and that e-mail getting forwarded to your true e-mail address. If you
reply to a forwarded e-mail, you will divulge your true e-mail address.

Aliasing services will hide your true e-mail address (to where aliased
e-mails are delivered). The sender uses the alias and their e-mail gets
forwarded to you. However, when you reply, it goes back through the
aliasing service (because they inserted a Reply-To header that points
back to them). Your reply gets headers strip that would show your true
e-mail address and replaced with their headers to make it look like your
reply originated at the aliasing service. That way the sender knows
about your alias and your reply to them is from your alias. The sender
never knows your true e-mail address.

There are several aliasing services. Spamgourmet is free plus you do
not have to login to an account to create, modify, or delete aliases.
That means you can create aliases on the fly, like someone at a party
asks for your e-mail address but you dole out an alias. SpamEx and
Sneakemail are paid aliasing services. For those, you log into your
account to create, modify, or delete aliases.

By using an aliasing service, you keep your true e-mail address
protected, even when replying to aliased e-mails. By using a unique
alias to each sender, you know exactly who violated your trust when that
alias gets abused by spam. You can also void an alias (set receive
count to zero for Spamgourmet or delete the alias for Sneakemail and
SpamEx) so you never receive any further e-mails through an alias.

It is not just coupon sites that will spam you. Some game sites do
that, too, like gamespot.com (about 3 days after giving them an e-mail
address, you will get spammed by their "affiliates" to whom they sold
your e-mail address). Menards.com will spam me within an hour (and from
a different domain because they contract someone else to handle their
spam jobs) of giving them an e-mail address that was supposed to only
get used to notify me for when a special order arrived at their store.
By give them an alias, they never knew my true e-mail address. Any
reply by me would go back through the aliasing service so they still
never knew my true e-mail address. By assigning each a unique alias, I
knew exactly who violated my trust. Their spam was immediately killed
by disabling/deleting the alias. They could never send me spam again.

Of course, your client has been doling out her true e-mail address so
that will remain floating around to everyone she gave it to. E-mail
addresses can float around for many years. I just did an online search
using several search engines looking on my personal information
(telephone number, address, name, and SSN). Some sites sell personal
information (because it is public data). They may have to buy the info
from the gov't but they sell it for more to anyone that wants that info
about you. Some give out teaser info: a bit of your personal info to
show it is accurate to lure someone (who wants to know more about you)
into buying the rest of the data. From even that teaser info, I found
some of these sites listed an old Yahoo Mail address that I had
somewhere around 12 years ago. So your client's true e-mail address
will float around for a long time. Even if she starts protecting her
e-mail address now, her old one is still out there. So she might
consider deleting her current account and create a new one so she won't
get any spam sent directly to her old e-mail address. Then she needs to
jealously protect her new e-mail address. Just because someone asks for
her e-mail address doesn't mean she has to dole out her new e-mail
address. Instead she gives them an alias.

I usually wait 9 months to update an account to show my true e-mail
address (enough time to ensure they didn't sell off my alias) *if* I
should decide to give them my true e-mail address (I could just keep
letting them know only my alias). The problem with adding any further
processing in the e-mail chain is reduce reliability of delivery.
Anything you add in the e-mail chain, even local proxies on your own
host, will reduce delivery reliability. So I they haven't violated my
trust after awhile, I'll update my account to let them know my true
e-mail address.

As far as junkware when visiting a web site, you cannot thwart your
client from stupidly installing software they give her. It is still her
choice to download the crap and install it. Some coupon sites
desparately want you to install their "coupon printer" under the guise
that you must use it to accurately print their coupon since, after all,
printing from a web browser is never reliable. Uh huh. If I site
requires that I download their software to look at or print their
content then I go elsewhere. Printing works just fine in the web
browser. I don't need their spyware. One way to get around using their
bogus print software but I want to get the coupon is to display their
coupon on their web site. Then I can use a screen capture to paste it
into Paint or another application to print it from there. The UPC bar
code still works when resized. Having to use PrintScreen to capture the
entire screen or Alt+Printscreen to just capture the current window's
content that has focus is clumsy. I use a clipboard manager (Clipmate)
that includes both window and region capture. There are other screen
capture utilities (e.g., PicPick) that can capture windows or selected
regions of the screen. If you can see it then you can capture it.

The site doesn't have to be "clean". If they want an e-mail address,
give them an alias. If they show you their coupon, you don't need their
spyware to print their coupon. Just capture the screen or just the
window showing their coupon and print that.


Dude! Wow! Thank you.

On 10/5/2015 8:21 PM, VanguardLH wrote:

Aliasing services will hide your true e-mail address (to where aliased
e-mails are delivered).

don't understand why you need a service???
the objective is to NOT get emails.
the service will deliver them.

Just create a different email account and use that
for things you don't want to see.
Check it every month or so and delete stuff so it doesn't
overflow.

mike wrote:

VanguardLH wrote:

Aliasing services will hide your true e-mail address (to where aliased
e-mails are delivered).

don't understand why you need a service???
the objective is to NOT get emails.
the service will deliver them.

How do you know an e-mail is spam? Only AFTER you have received the
e-mail. Your logic concludes that no one should use e-mail. The object
is NOT to "not get e-mails". Obviously if you have an e-mail account
then you DO want to get e-mails. It is the spam you want to get rid of,
not of not getting rid of e-mails en masse.

An aliasing service lets me assign a unique e-mail address to a sender.
That means I can determine who abused my trust, if they do. You can't
do that by receiving all e-mails to one address. You won't know from
whom a spammer got your e-mail address. You cannot even filter out a
determined spammer. Only ignorants think blacklisting will stop spam.

As to "NOT get e-mails", that's for not getting spam or any other
unwanted e-mails from a sender or to whomever they divulged your e-mail
address. The aliasing service will only deliver e-mails as long as I
leave the alias active. Pretty simple to stop the abuse to an alias by
deleting or voiding an alias. Turn off the alias and no more e-mails
through that alias. Poof, all gone, but ONLY through that alias.

Perhaps you like having to repeatedly create temporary e-mail accounts.
Then when it gets abused (but you won't know who betrayed you), you
delete or abandon that account and go through the nuisance to create
another temporary e-mail account. And do that over and over every time
your current valid e-mail address gets abused. If you want to go
through all that effort which means the spammers have won by making you
do the water ballon dance (see below), you go right ahead. Keep going
through the process again and again of creating new accounts.

I prefer to retain an e-mail account and control who can send e-mails to
it. Yes, I could use rules but even you know that spammers never use
the same From header and bounce around to other servers.

Ding dong.
Who is there?
John, the plumber.
I didn't call a plumber.
Add John to the blacklist.

Ding dong.
Who is there?
Mark, the dishwasher repairman.
My dishwasher works fine. I didn't call anyone.
Mark goes in the mailbox.

Ding dong.
Who is there?
Mary (in a falsetto voice), your neighbor.
Don't have a neighbor named Mary.
Blacklist Mary.

and repeat ad nauseum.

Blacklisting a spammer by their name or e-mail address gives the spammer
the satisfaction of knowing you will not block their later spam and you
are stupidly building blacklists that will never stop their spam.
However, killing an alias means no more e-mail will come through that
alias. Doesn't matter what they call themself or from where they send
their spam. It ain't getting through an alias that is no longer active
or no longer exists.

Just create a different email account and use that for things you
don't want to see.

Oh joy, go through the entire process of manually creating a new e-mail
account. Go to their login/signup page, give a new name and e-mail
username, enter a password, accept, might have to wait for a
confirmation e-mail to let you use their service, might have to dole out
a phone number, and then go through all the configuration options to set
up the account to behave how you want. Yeah, like that is efficient.
Waste a lot of time creating new e-mail accounts.

Check it every month or so and delete stuff so it doesn't overflow.

Wow, you only check your e-mails once per month? Guess none of your
e-mails are important. What if your pharmacy wants to tell you that
your medicine is ready to pick up? What if your bank wants to tell you
that there has been suspicious activity in your account? What if your
dentist wants to verify your appointment or tell you it must be
rescheduled? You won't see those e-mails for a month, or longer. If
e-mail is so unimportant to you, why do you use e-mail at all?

I also suspect that you only review whether you have new e-mails by
having to use a web browser to log into each temporary e-mail account to
check there. Geez, what a nuisance. I prefer to use a local e-mail
client that polls ALL my e-mail accounts so I get e-mails as soon as
they are delivered to the mail server, not once per day, once per week,
or once per month.

I can have a single e-mail account used with an aliasing service. I
never have to create a new account because the senders never knew what
is the e-mail address for that account. They only know the unique alias
that I gave them. I don't even have to be concered whether server- or
client-side anti-spam filters work well. Once an alias is deactivated,
no more crap through that alias. Kill the alias, kill the spam. You
and I are effecting the same strategy but via different means. You do
it by having to repeatedly create new temporary accounts. I do it with
aliases so I don't have to create new account, just kill aliases either
deliberately or just let them expire (exceed their max usage count).

In fact, unlike you, I can assign a unique sender to an alias. Only
that sender can get their e-mail to me through a specific alias. I
don't use it often but will use it for aliases doled out to companies,
banks, credit card companies, etc. I want to make sure THEIR e-mail
does gets to me. All other senders are blocked from sending through
that alias. If a semi-trusted sender abuses an alias where I ensured
their e-mails got redirect to me, I can just kill that alias. No
further abuse. So I can even further restrict who gets to use an alias.
You can't do that with new temporarily accounts (unless you keep
defining new filters in each new account to whitelist known good
senders). Not all abuse or spam originates from the semi-trusted
sender. They dole it out to "affiliates" or sell it off and someone
ELSE ends up sending you their spam through that alias or to your
temporary e-mail account.

Your scheme requries a LOT more work. First of all, you have to visit
somewhere to create a new account. I can create aliases on the fly.
Never have to login. I can dole out an alias to someone when I don't
even have a computer. You'll have to wait until back on the grid.

If what you do works for you then stick with it. I used to do that,
too, a long time ago. Then I learned how easy and far more controllable
are aliases. When an alias gets abused, poof, no more alias. I can
specify only a specific sender can use an aliase. I know exactly who
got that alias. I can kill them or let them expire (max usage count).
I don't have to delete or abandon (rude to the e-mail provider) the old
account in my e-mail client to then define a new account. I don't have
to change anything on my end. The middleman (aliasing service) does the
work of allowing or blocking e-mails.

I do have multiple e-mail accounts across multiple e-mail providers.
Each has its own purpose. But none of them have to get killed and a new
one created just to get rid of spam. Alias gone = abuse gone.
Everything on my end remains the same. No nuisancesome changes.

Your scheme is like a spammer throwing water balloons: to duck them you
have to keep moving. I don't move. I can relax. I let an aliasing
service catch and destroy the water balloons in mid-flight. Unless I go
check, I don't even know water balloons were hurled at me. You like to
do the "evade the water balloons" dance. That's not for me. I'm not a
good dancer.

My easy means of creating aliases on the fly and disabling those through
which I no longer want to receive e-mail is akin to you creating a new
account and doing so repeatedly. Yet I can assign a unique alias to
each sender, especially to track who betrayed me. Do you create a new
temporary e-mail account for EACH sender? If so, how the hell do you
manage all those dozens or hundreds of temp e-mail accounts?

On 10/5/2015 5:29 PM, T wrote:
Hi All,

I have a customer who like to print out coupons for grocery
stores, etc. (brink and mortar). Chuckle: she catches a lot of
junkware.

Anyone know of a site she can go to that is "clean"?


Yeah - the sites for the actual retailers or manufacturers who are
providing coupons. Those generic coupon sites and toolbars are malware
traps designed to nail suckers.

Words can't express how much I hate them. I have recurring problems
with certain persons who will not stop installing those goddamned
coupon toolbars onto their pcs. I give them two chances, after that I
tell them they created the problem, they get to clean it up themselves.

On 10/6/2015 2:10 AM, VanguardLH wrote:
mike wrote:

VanguardLH wrote:

Aliasing services will hide your true e-mail address (to where aliased
e-mails are delivered).

don't understand why you need a service???
the objective is to NOT get emails.
the service will deliver them.

How do you know an e-mail is spam? Only AFTER you have received the
e-mail. Your logic concludes that no one should use e-mail. The object
is NOT to "not get e-mails". Obviously if you have an e-mail account
then you DO want to get e-mails. It is the spam you want to get rid of,
not of not getting rid of e-mails en masse.

An aliasing service lets me assign a unique e-mail address to a sender.
That means I can determine who abused my trust, if they do. You can't
do that by receiving all e-mails to one address. You won't know from
whom a spammer got your e-mail address. You cannot even filter out a
determined spammer. Only ignorants think blacklisting will stop spam.

As to "NOT get e-mails", that's for not getting spam or any other
unwanted e-mails from a sender or to whomever they divulged your e-mail
address. The aliasing service will only deliver e-mails as long as I
leave the alias active. Pretty simple to stop the abuse to an alias by
deleting or voiding an alias. Turn off the alias and no more e-mails
through that alias. Poof, all gone, but ONLY through that alias.

Perhaps you like having to repeatedly create temporary e-mail accounts.
Then when it gets abused (but you won't know who betrayed you), you
delete or abandon that account and go through the nuisance to create
another temporary e-mail account. And do that over and over every time
your current valid e-mail address gets abused. If you want to go
through all that effort which means the spammers have won by making you
do the water ballon dance (see below), you go right ahead. Keep going
through the process again and again of creating new accounts.

I prefer to retain an e-mail account and control who can send e-mails to
it. Yes, I could use rules but even you know that spammers never use
the same From header and bounce around to other servers.

Ding dong.
Who is there?
John, the plumber.
I didn't call a plumber.
Add John to the blacklist.

Ding dong.
Who is there?
Mark, the dishwasher repairman.
My dishwasher works fine. I didn't call anyone.
Mark goes in the mailbox.

Ding dong.
Who is there?
Mary (in a falsetto voice), your neighbor.
Don't have a neighbor named Mary.
Blacklist Mary.

and repeat ad nauseum.

Blacklisting a spammer by their name or e-mail address gives the spammer
the satisfaction of knowing you will not block their later spam and you
are stupidly building blacklists that will never stop their spam.
However, killing an alias means no more e-mail will come through that
alias. Doesn't matter what they call themself or from where they send
their spam. It ain't getting through an alias that is no longer active
or no longer exists.

Just create a different email account and use that for things you
don't want to see.

Oh joy, go through the entire process of manually creating a new e-mail
account. Go to their login/signup page, give a new name and e-mail
username, enter a password, accept, might have to wait for a
confirmation e-mail to let you use their service, might have to dole out
a phone number, and then go through all the configuration options to set
up the account to behave how you want. Yeah, like that is efficient.
Waste a lot of time creating new e-mail accounts.

Check it every month or so and delete stuff so it doesn't overflow.

Wow, you only check your e-mails once per month? Guess none of your
e-mails are important. What if your pharmacy wants to tell you that
your medicine is ready to pick up? What if your bank wants to tell you
that there has been suspicious activity in your account? What if your
dentist wants to verify your appointment or tell you it must be
rescheduled? You won't see those e-mails for a month, or longer. If
e-mail is so unimportant to you, why do you use e-mail at all?

I also suspect that you only review whether you have new e-mails by
having to use a web browser to log into each temporary e-mail account to
check there. Geez, what a nuisance. I prefer to use a local e-mail
client that polls ALL my e-mail accounts so I get e-mails as soon as
they are delivered to the mail server, not once per day, once per week,
or once per month.

I can have a single e-mail account used with an aliasing service. I
never have to create a new account because the senders never knew what
is the e-mail address for that account. They only know the unique alias
that I gave them. I don't even have to be concered whether server- or
client-side anti-spam filters work well. Once an alias is deactivated,
no more crap through that alias. Kill the alias, kill the spam. You
and I are effecting the same strategy but via different means. You do
it by having to repeatedly create new temporary accounts. I do it with
aliases so I don't have to create new account, just kill aliases either
deliberately or just let them expire (exceed their max usage count).

In fact, unlike you, I can assign a unique sender to an alias. Only
that sender can get their e-mail to me through a specific alias. I
don't use it often but will use it for aliases doled out to companies,
banks, credit card companies, etc. I want to make sure THEIR e-mail
does gets to me. All other senders are blocked from sending through
that alias. If a semi-trusted sender abuses an alias where I ensured
their e-mails got redirect to me, I can just kill that alias. No
further abuse. So I can even further restrict who gets to use an alias.
You can't do that with new temporarily accounts (unless you keep
defining new filters in each new account to whitelist known good
senders). Not all abuse or spam originates from the semi-trusted
sender. They dole it out to "affiliates" or sell it off and someone
ELSE ends up sending you their spam through that alias or to your
temporary e-mail account.

Your scheme requries a LOT more work. First of all, you have to visit
somewhere to create a new account. I can create aliases on the fly.
Never have to login. I can dole out an alias to someone when I don't
even have a computer. You'll have to wait until back on the grid.

If what you do works for you then stick with it. I used to do that,
too, a long time ago. Then I learned how easy and far more controllable
are aliases. When an alias gets abused, poof, no more alias. I can
specify only a specific sender can use an aliase. I know exactly who
got that alias. I can kill them or let them expire (max usage count).
I don't have to delete or abandon (rude to the e-mail provider) the old
account in my e-mail client to then define a new account. I don't have
to change anything on my end. The middleman (aliasing service) does the
work of allowing or blocking e-mails.

I do have multiple e-mail accounts across multiple e-mail providers.
Each has its own purpose. But none of them have to get killed and a new
one created just to get rid of spam. Alias gone = abuse gone.
Everything on my end remains the same. No nuisancesome changes.

Your scheme is like a spammer throwing water balloons: to duck them you
have to keep moving. I don't move. I can relax. I let an aliasing
service catch and destroy the water balloons in mid-flight. Unless I go
check, I don't even know water balloons were hurled at me. You like to
do the "evade the water balloons" dance. That's not for me. I'm not a
good dancer.

My easy means of creating aliases on the fly and disabling those through
which I no longer want to receive e-mail is akin to you creating a new
account and doing so repeatedly. Yet I can assign a unique alias to
each sender, especially to track who betrayed me. Do you create a new
temporary e-mail account for EACH sender? If so, how the hell do you
manage all those dozens or hundreds of temp e-mail accounts?

WoW!!!
You extrapolated to the max.
I suggest using ONE fake email address and to use that for everything
that you NEVER want to hear from.
If I'm creating an account for the sole purpose of printing a coupon,
I don't EVER want to receive an email from them, or the dozen
other download sites or any of the other hundred sites that
require my login to get a goodie or any of those who purchased my info.
If I have to respond to a confirmation email, I know exactly which
icon to click to go to that ONE email source. The email I seek
should be on top of the stack. Otherwise, the address is a sink
for undesired stuff, but still maintains the data if I should ever need
it. I don't care who sent me an email I didn't want. If you care
about that stuff, you should definitely create a new alias for
each of your hundreds of internet encounters so you can punish
those who "betray" you.
For me, that would be overkill.

mike wrote:

I suggest using ONE fake email address and to use that for everything
that you NEVER want to hear from.

I'll assume that you meant "never want to hear from /again/". There
would be no point in creating a temporarily e-mail account if you never
wanted to hear from them.

If I'm creating an account for the sole purpose of printing a coupon,
I don't EVER want to receive an email from them, or the dozen other
download sites or any of the other hundred sites that require my
login to get a goodie or any of those who purchased my info.

If the site wants an e-mail address for you to crete an account to use
their service or software, which e-mail address are you going to give
them? The same one as you use for every other site that asks for an
e-mail? If so, how do you know if a spam hit you by random or if a site
sold you out and that's why you are getting spam?

Are you going to add a spammer to a blacklist? I already mentioned why
that is an ignorant's approach to eliminate spam. How are you going to
stop the site to whom you gave an e-mail address from sending you more
e-mails? Many companies contract out their marketing effort so the
e-mails from the site may come for a different source?

Once you dole out the e-mail address, you have no valve to shut it off
from the sender to whom you have it, or to whomever they gave it to.

If I have to respond to a confirmation email, I know exactly which
icon to click to go to that ONE email source.

Because you are expecting that e-mail. How are you going to stop any
further e-mails from them? Or from those to whom they gave your e-mail?

The email I seek
should be on top of the stack.

How do you get wanted e-mail to the top of "the stack" (whatever that
means)? Do you mean sorting your Inbox so new e-mails sent in the last
day or so are at the top of the list? Why wouldn't continued e-mails
from a site you gave your e-mail to also be at the top? Why wouldn't
newly sent spam be at the top?

Otherwise, the address is a sink for undesired stuff, but still
maintains the data if I should ever need it.

Sounds rude to the e-mail provider to use their services to deliberately
receive spam. They don't want to waste their resources on spam, either.

I don't care who sent me an email I didn't want.

Since you are using one account to receive all those e-mail, you won't
know if an e-mail is unwanted or not until you look.

If you care about that stuff, you should definitely create a new alias
for each of your hundreds of internet encounters so you can punish
those who "betray" you. For me, that would be overkill.

Versus creating one e-mail account for them all to sent their spam there
that you somehow manage not to see but consumes the resources of the
e-mail provider. You don't look at the headers to see who claims to
have sent you unwanted e-mails but you'll have to still look at the
e-mails to determine which ones are unwanted. You utilitize yourself as
the filter ran than let computer do what computers can do.

I did it the old way you are doing it. Then I learned the advantages of
using aliases. I don't have to look at a list of e-mails to determine
which ones are unwanted. As for "hundreds of Internet encounters",
well, that also applies to your use of a special or temporary e-mail
account. We're discussing how to differently control what e-mail even
reaches an account. Your solution, so far, seems "ignore them". But
you cannot ignore until you look. If you have to monitor spam, even to
ignore it, you lost.

On 10/7/2015 6:36 AM, VanguardLH wrote:
mike wrote:

I suggest using ONE fake email address and to use that for everything
that you NEVER want to hear from.

I'll assume that you meant "never want to hear from /again/". There
would be no point in creating a temporarily e-mail account if you never
wanted to hear from them.
Try accepting what I said instead of nitpicking and assuming.
You use the existing temporary account because they won't give you the
goodie if you don't. If you have to respond to their confirmation email,
you know exactly where it is and can get there with a few clicks on your
desktop. So, I never WANT to hear from them. I will go look at the
confirmation email if it is REQUIRED to get the goodie.

If I'm creating an account for the sole purpose of printing a coupon,
I don't EVER want to receive an email from them, or the dozen other
download sites or any of the other hundred sites that require my
login to get a goodie or any of those who purchased my info.

If the site wants an e-mail address for you to crete an account to use
their service or software, which e-mail address are you going to give
them? The same one as you use for every other site that asks for an
e-mail?
It's not quite that simple, but YES.
My bank knows my real email address.
Google knows my real google address.
My HMO knows my real email address.
Anybody with direct autopay from my bank knows my email address.
Coupons-R-Us knows my junkmail address.
If so, how do you know if a spam hit you by random or if a site
sold you out and that's why you are getting spam?
I'm not anal about it. I don't care how or why I got the spam.
I risked spam in my junk email to get the goodie.

Statistics can be misleading.
I probably get ten times more spam in my spam account than I get
total in my primary inbox. Oh, the horror of it all.
Probably half the junk comes from the provider of the free
email account and cannot be blocked. Ok, fine, I'll get over it.
BUT
I'm already well into diminishing returns.
I spend less time in a year sifting thru my junkmail account than
I've already spent on this thread.
And sometimes, in the second before I hit the empty button,
I notice something interesting and actually buy it.

Are you going to add a spammer to a blacklist? I already mentioned why
that is an ignorant's approach to eliminate spam. How are you going to
stop the site to whom you gave an e-mail address from sending you more
e-mails? Many companies contract out their marketing effort so the
e-mails from the site may come for a different source?
I'm not going to do anything but delete the junkmail.
Punishing the sender is an exercise in futility. It raises your blood
pressure, but doesn't put much of a dent in the junk mail.
Remember that the junk email address is there for the purpose of
getting a goodie...nothing else.

There are some things you can do to reduce spam.
I discovered years go that if your email address contains
the substring "spam", you get a LOT less spam.
Unfortunately, many providers will no longer let you create
such an email address.

Once you dole out the e-mail address, you have no valve to shut it off
from the sender to whom you have it, or to whomever they gave it to.
I don't need to shut it off. I don't care one little bit. It's a junk
mail sink and it's doing its job.

If I have to respond to a confirmation email, I know exactly which
icon to click to go to that ONE email source.

Because you are expecting that e-mail. How are you going to stop any
further e-mails from them? Or from those to whom they gave your e-mail?
I don't need to shut it off. I don't care one little bit. It's a junk
mail sink and it's doing its job.

The email I seek
should be on top of the stack.

How do you get wanted e-mail to the top of "the stack" (whatever that
means)? Do you mean sorting your Inbox so new e-mails sent in the last
day or so are at the top of the list? Why wouldn't continued e-mails
from a site you gave your e-mail to also be at the top? Why wouldn't
newly sent spam be at the top?
Well...there's no guarantee, but if I signed up at a site and they
sent me a confirmation email and I go check it, there is a very high
probability that it will be at the top of the stack sorted by arrival date.
If, by some quirk of fate, it's the second one in the list, I won't have
a cardiac event. I'll just spend half a second looking at the second
one in the list. So far, it's never happened.

Otherwise, the address is a sink for undesired stuff, but still
maintains the data if I should ever need it.

Sounds rude to the e-mail provider to use their services to deliberately
receive spam. They don't want to waste their resources on spam, either.
WoW! You're really going out of your way to be contrary.
I'm doing what I have to do to get
the goodie. The spam is gonna go somewhere. I'm just choosing where
it DOESN'T go.

I don't care who sent me an email I didn't want.

Since you are using one account to receive all those e-mail, you won't
know if an e-mail is unwanted or not until you look.
EVERYTHING in the junk email account is stuff I don't want in my
primary email. If I miss the notification that I have a check
for $8.5 million waiting for me in a foreign account, I'll live with it.
I can't imagine anybody with the free time to waste here needing
more money.

If you care about that stuff, you should definitely create a new alias
for each of your hundreds of internet encounters so you can punish
those who "betray" you. For me, that would be overkill.

Versus creating one e-mail account for them all to sent their spam there
that you somehow manage not to see but consumes the resources of the
e-mail provider. You don't look at the headers to see who claims to
have sent you unwanted e-mails but you'll have to still look at the
e-mails to determine which ones are unwanted. You utilitize yourself as
the filter ran than let computer do what computers can do.

I did it the old way you are doing it. Then I learned the advantages of
using aliases. I don't have to look at a list of e-mails to determine
which ones are unwanted. As for "hundreds of Internet encounters",
well, that also applies to your use of a special or temporary e-mail
account. We're discussing how to differently control what e-mail even
reaches an account. Your solution, so far, seems "ignore them".
Yes, I made that decision one time when I gave them my junkmail address.
But
you cannot ignore until you look.
I believe we have different definitions of "ignore".
If you have to monitor spam, even to
ignore it, you lost.

You've set up narrow criteria and judged yourself the winner.
That's fine with me.
It's not a competition.
I choose a different method and don't sweat the small stuff.
Ranting about spam does nothing but raise my anxiety level.
Doesn't to much about the spam.
Others reading this will choose whatever they choose.
I don't really care one way or the other.

Changing the topic slightly...
I'm more annoyed by the password requirements of sites I visit.
I don't have to remember a bunch of aliased email addresses, because
there's only one.
More annoying to me is the password.
Different sites have different minimum password requirements...a
capital plus a punctuation plus 3-5 numbers...
"password" no longer works for many sites.
It's absolutely stupid to require a "secure password"
to get read access to a public website.
I used to give the same password to junk sites, but now, I have
a whole spreadsheet of different passwords for different sites.
It's time to pick a new universal password and change them all.
But it's more trouble than it's worth cuz I almost never go there
anyway.

mike wrote:

VanguardLH wrote:

mike wrote:

I suggest using ONE fake email address and to use that for everything
that you NEVER want to hear from.

I'll assume that you meant "never want to hear from /again/". There
would be no point in creating a temporarily e-mail account if you never
wanted to hear from them.

Try accepting what I said instead of nitpicking and assuming.

If what you said was accurate, you would not need any e-mail account.
You don't need an account for "everything that you NEVER want to hear
from". If what you meant to say is that you dole out an invalid e-mail
address to a sender from whom you never want to receive e-mail, well,
e-mail accounts or aliases aren't even involved in that discussion.
Giving them lid or work. In fact,
if you look at the e-mail address in my From header in my posts in
Usenet, it is not even a valid e-mail address. There is no .LH TLD
(top-level domain). Any spammer attempting to harvest my e-mail address
from here would received an immediate error from their SMTP server since
the target e-mail address is invalid (no .LH TLD). If IANA ever defines
an .LH TLD then I'll have to change my bogus e-mail address to some
other still-not-defined TLD.

Guess we should leave it that each of us is eliminating spam but through
different means. I'm ensuring the use of a unique pipe to an e-mail
account that can be permanently shutoff or only a particular sender can
use that pipe, plus each pipe identifies the sender to whom that pipe
was given. You use the cistern approach and allow anything to dump
there and then you use your brain, rules, or blacklists to sift out the
unwanted e-mails. To me, it is easier to keep the cistern clean when
the debris can't get there. I don't have to monitor yet another
special-use account. What you do works for you. I decided on a
different approach to control who can send to my true e-mail account.

Changing the topic slightly... I'm more annoyed by the password
requirements of sites I visit. I don't have to remember a bunch of
aliased email addresses, because there's only one.

You use the same password at each web site?

More annoying to me is the password. Different sites have different
minimum password requirements...a capital plus a punctuation plus 3-5
numbers...

Even if a site does not require capitalized alphabetic characters, you
can use an algorithm that uses them. The site that doesn't require
capitalization is probably case insensitive.

"password" no longer works for many sites. It's absolutely stupid to
require a "secure password" to get read access to a public website.

True if you are connecting via HTTP to the web site instead of HTTPS.
A site should not require login credentials unless, of course, the data
is considered private, like keeping you from seeing someone else's
account configuration and personal identifying data.

Presumably "password" was an example and not what you are actually using
as a password string at various sites. If you are using "password" then
I can see why sites would prevent the use of that string, and they
probably prevent use of many other common strings that are not
considered safe at any time. Twould be like giving the same master key
to every apartment tenant. Usernames along with e-mail addresses are
rarely considered safe strings, so the username component of login
credentials is often treated as a throwaway string. The password is
relied upon to secure accounts at a site. Lots of people know your name
or e-mail address or they can use simple generators to create the
username field of a login.

I used to give the same password to junk sites, but now, I have a
whole spreadsheet of different passwords for different sites. It's
time to pick a new universal password and change them all. But it's
more trouble than it's worth cuz I almost never go there anyway.

I came up with an algorithm that generates a unique password for each
domain. I don't need to install software or sync anything to the
"cloud". I know what the password is because I know the domain where I
visit. I pick some strings (characters and numbers) from various
tidbits of my own personal data along with some characters from the
domain name. The characters are not contiguous character in that data.
The string might be, for example, the 2nd, 4th, and 1st character in the
source string, in that order or any order you can remember. Some for
picking some numbers that I always know their value (they're personal
data) but only some numbers are used and their order is jumbled but
always the same order for me. Do the same to pick out characters from
the domain (and optionally include the TLD if the domain is short, like
in cub.com). Similarly to how you pick characters out of the source
strings or numbers, you decide which alphabetic chars get capitalized.
When you get done, even someone with your personal data using keylogging
software would see your passwords as a jumbled mess and yet each one is
unique to a site. That also means if a site shares their credentials
database with another sister or affiliate site that has a separate
credentials database that the same login is not used as both places.

After visiting the web sites that you inhabit regularly, find out what
is their minimuam and maximume string length for login credentials. I
had some that maxed at only 8 chars long but others that had a min of 10
chars. Eventually they all upped to a min of 10 chars. Try creating
new accounts (and then terminate the new account process before a new
account is actually created). That usually asks for a username (if not
your e-mail address) and a password. You could then test what was the
minimum password length (if you enter just 2 chars, they'll probably
popup a warning showing their minimum requirements). You could then see
if they'll accept a 10-char string (or whatever min length for password
that you want to achieve) for the password. For me, all the sites where
I'm registered will accept a 10-char password. Might be different for
you.

It only takes one malicious web site to get your login credentials to
use them elsewhere. That is why it is not recommended to use the same
password at every site. If you use a unique password at each site (like
how I assign unique aliases to each untrusted or unknown sender) then
the malicious site won't have your password to use somewhere else.
Users tend to use the same username or e-mail address as their username
login credential. Using a unique password per site eliminates a site
from using your login credentials elsewhere.

I have 3 personal data and the 1 domain data source strings used in the
fields used in my passwords. Different parts of each personal and
domain data gets used but always the same parts (i.e., don't use
contiguous strings), their order is not in the same order as in the
personal or domain data (jumble them around but always the same way),
and which chars are capitalized are not the same for each field but do
stay static within each field. So, in my head, I can generate a unique
password for every site. When I had some sites that had a max of 8
chars for the password and others where they had a min of 10 chars, my
algorithm still worked for both but might require 1 guess that failed
(opps, this one doesn't like 10 chars so I'll have to truncate some
chars to get down to 8).

If you cannot do that then I suggest using a password manager. Some
will store your passwords list on their server (in the "cloud") so you
can use their software on a different host to use the passwords on
multiple computers. Make sure whatever password you get encrypts the
password string on YOUR (client) end, not after it got uploaded to their
server for your account with them. While they may use HTTPS to transfer
your passwords from client up to their server, that won't protect you
from a malevolent employee getting at your passwords in their database.
If it is encrypted on their end (server) then it is possible whomever is
in charge of their database could decyrypt that data, like if they get
ones of those "national security letters" from the FBI (who uses DOJ
judges to issue them). Encrypting at the client ensures no one at the
server end can get at your passwords. You will have to install the
password manager on every host you use. That won't be possible on
locked down hosts, like at Internet cafes, libraries, or at some
workplaces. So check if the password manager software has a portable
version; however, the locked down hosts may also block access to USB
ports so you toting around a USB thumb drive won't work everywhere.

With my in-head password scheme, I've not had one account hacked at one
site and then other accounts hacked. I've not even had one of my
accounts hacked because my scheme generates strong passwords but each is
unique to a site. If I couldn't remember that scheme then I might look
at password manager software, and see if there was a portable version,
too.

On 10/8/2015 2:53 AM, VanguardLH wrote:
mike wrote:

VanguardLH wrote:

mike wrote:

I suggest using ONE fake email address and to use that for everything
that you NEVER want to hear from.

I'll assume that you meant "never want to hear from /again/". There
would be no point in creating a temporarily e-mail account if you never
wanted to hear from them.

Try accepting what I said instead of nitpicking and assuming.

If what you said was accurate, you would not need any e-mail account.
You don't need an account for "everything that you NEVER want to hear
from". If what you meant to say is that you dole out an invalid e-mail
address to a sender from whom you never want to receive e-mail, well,
e-mail accounts or aliases aren't even involved in that discussion.

Well, what I meant was exactly what I said.
As an example...
I might have one REAL monitored email address that I keep secure and give
to people from whom I expect/need communication. That address almost
NEVER receives ANY spam at all.

I might have ONE spam email address that I use for everything else.
Many read-only public websites REQUIRE an account for some/all of
their content. They enforce a valid account by REQUIRING a response
to a confirmation email.
I use a single password for all the accounts that will accept it...
and it's often "password". That email account gets about 20 spams
a week, many from the account provider that can't be blocked anyway.
There's a button for "empty" and it works well.

You seem to be incapable of understanding that I don't care who sends
me spam. I can't stop it. I don't worry about it. I delete it.
I don't care that someone hacking my account at coupons-R-us might
find it easier to hack my account at Coupon-Maximum or Supercoupons
or any other damn public website.

Your method works for you. I get it. I don't need it.
Most people could be served by a secondary email address for spam-related
account creation.

I've repeated my self several times.
I don't know what else to say.
I guess I'm done here.

Giving them lid or work. In fact,
if you look at the e-mail address in my From header in my posts in
Usenet, it is not even a valid e-mail address. There is no .LH TLD
(top-level domain). Any spammer attempting to harvest my e-mail address
from here would received an immediate error from their SMTP server since
the target e-mail address is invalid (no .LH TLD). If IANA ever defines
an .LH TLD then I'll have to change my bogus e-mail address to some
other still-not-defined TLD.

Guess we should leave it that each of us is eliminating spam but through
different means. I'm ensuring the use of a unique pipe to an e-mail
account that can be permanently shutoff or only a particular sender can
use that pipe, plus each pipe identifies the sender to whom that pipe
was given. You use the cistern approach and allow anything to dump
there and then you use your brain, rules, or blacklists to sift out the
unwanted e-mails. To me, it is easier to keep the cistern clean when
the debris can't get there. I don't have to monitor yet another
special-use account. What you do works for you. I decided on a
different approach to control who can send to my true e-mail account.

Changing the topic slightly... I'm more annoyed by the password
requirements of sites I visit. I don't have to remember a bunch of
aliased email addresses, because there's only one.

You use the same password at each web site?

More annoying to me is the password. Different sites have different
minimum password requirements...a capital plus a punctuation plus 3-5
numbers...

Even if a site does not require capitalized alphabetic characters, you
can use an algorithm that uses them. The site that doesn't require
capitalization is probably case insensitive.

"password" no longer works for many sites. It's absolutely stupid to
require a "secure password" to get read access to a public website.

True if you are connecting via HTTP to the web site instead of HTTPS.
A site should not require login credentials unless, of course, the data
is considered private, like keeping you from seeing someone else's
account configuration and personal identifying data.

Presumably "password" was an example and not what you are actually using
as a password string at various sites. If you are using "password" then
I can see why sites would prevent the use of that string, and they
probably prevent use of many other common strings that are not
considered safe at any time. Twould be like giving the same master key
to every apartment tenant. Usernames along with e-mail addresses are
rarely considered safe strings, so the username component of login
credentials is often treated as a throwaway string. The password is
relied upon to secure accounts at a site. Lots of people know your name
or e-mail address or they can use simple generators to create the
username field of a login.

I used to give the same password to junk sites, but now, I have a
whole spreadsheet of different passwords for different sites. It's
time to pick a new universal password and change them all. But it's
more trouble than it's worth cuz I almost never go there anyway.

I came up with an algorithm that generates a unique password for each
domain. I don't need to install software or sync anything to the
"cloud". I know what the password is because I know the domain where I
visit. I pick some strings (characters and numbers) from various
tidbits of my own personal data along with some characters from the
domain name. The characters are not contiguous character in that data.
The string might be, for example, the 2nd, 4th, and 1st character in the
source string, in that order or any order you can remember. Some for
picking some numbers that I always know their value (they're personal
data) but only some numbers are used and their order is jumbled but
always the same order for me. Do the same to pick out characters from
the domain (and optionally include the TLD if the domain is short, like
in cub.com). Similarly to how you pick characters out of the source
strings or numbers, you decide which alphabetic chars get capitalized.
When you get done, even someone with your personal data using keylogging
software would see your passwords as a jumbled mess and yet each one is
unique to a site. That also means if a site shares their credentials
database with another sister or affiliate site that has a separate
credentials database that the same login is not used as both places.

After visiting the web sites that you inhabit regularly, find out what
is their minimuam and maximume string length for login credentials. I
had some that maxed at only 8 chars long but others that had a min of 10
chars. Eventually they all upped to a min of 10 chars. Try creating
new accounts (and then terminate the new account process before a new
account is actually created). That usually asks for a username (if not
your e-mail address) and a password. You could then test what was the
minimum password length (if you enter just 2 chars, they'll probably
popup a warning showing their minimum requirements). You could then see
if they'll accept a 10-char string (or whatever min length for password
that you want to achieve) for the password. For me, all the sites where
I'm registered will accept a 10-char password. Might be different for
you.

It only takes one malicious web site to get your login credentials to
use them elsewhere. That is why it is not recommended to use the same
password at every site. If you use a unique password at each site (like
how I assign unique aliases to each untrusted or unknown sender) then
the malicious site won't have your password to use somewhere else.
Users tend to use the same username or e-mail address as their username
login credential. Using a unique password per site eliminates a site
from using your login credentials elsewhere.

I have 3 personal data and the 1 domain data source strings used in the
fields used in my passwords. Different parts of each personal and
domain data gets used but always the same parts (i.e., don't use
contiguous strings), their order is not in the same order as in the
personal or domain data (jumble them around but always the same way),
and which chars are capitalized are not the same for each field but do
stay static within each field. So, in my head, I can generate a unique
password for every site. When I had some sites that had a max of 8
chars for the password and others where they had a min of 10 chars, my
algorithm still worked for both but might require 1 guess that failed
(opps, this one doesn't like 10 chars so I'll have to truncate some
chars to get down to 8).

If you cannot do that then I suggest using a password manager. Some
will store your passwords list on their server (in the "cloud") so you
can use their software on a different host to use the passwords on
multiple computers. Make sure whatever password you get encrypts the
password string on YOUR (client) end, not after it got uploaded to their
server for your account with them. While they may use HTTPS to transfer
your passwords from client up to their server, that won't protect you
from a malevolent employee getting at your passwords in their database.
If it is encrypted on their end (server) then it is possible whomever is
in charge of their database could decyrypt that data, like if they get
ones of those "national security letters" from the FBI (who uses DOJ
judges to issue them). Encrypting at the client ensures no one at the
server end can get at your passwords. You will have to install the
password manager on every host you use. That won't be possible on
locked down hosts, like at Internet cafes, libraries, or at some
workplaces. So check if the password manager software has a portable
version; however, the locked down hosts may also block access to USB
ports so you toting around a USB thumb drive won't work everywhere.

With my in-head password scheme, I've not had one account hacked at one
site and then other accounts hacked. I've not even had one of my
accounts hacked because my scheme generates strong passwords but each is
unique to a site. If I couldn't remember that scheme then I might look
at password manager software, and see if there was a portable version,
too.

mike wrote:

You seem to be incapable of understanding that I don't care who sends
me spam. I can't stop it.

That's where you are wrong. You don't try to stop it.

Changing the topic slightly... I'm more annoyed by the password
requirements of sites I visit.
snip - my response
no response from mike - guess it wasn't important

On 10/8/2015 3:13 PM, VanguardLH wrote:
mike wrote:

You seem to be incapable of understanding that I don't care who sends
me spam. I can't stop it.

That's where you are wrong. You don't try to stop it.

Changing the topic slightly... I'm more annoyed by the password
requirements of sites I visit.
snip - my response
no response from mike - guess it wasn't important

Good guess...