Jump to content.

Give your email address, and you may be sharing much more than that

Its no surprise that once you give your email address to someone, it may be shared, sold and re-sold, added to so called “opt-in” marketing lists, burring your inbox with a mountain of spam in the future.

However, it’s worse than that! By giving your email address to someone, you disclose much more than that. A a company called “FullContact” has developed “clever” software that can match your email address with your name, your address, which company you work for, how much you earn and other highly personal information. [A link to their opt-out form is given below]

They openly advertise their services and offer it as an API service. So businesses provide their lists of email addresses and return with all kinds of data that they have on these emails, some of this data is much more than you would normally want share.

So for example, you give them an email address such as bigyoada99@example.com, they may return with the person’s name, what websites they own, demographics including age and location, lists of social profiles and more. It’s quite frighting how much information they can hold on you just from your email address.

Which makes you wonder – how did they manage to get all this info on you? Unfortunately, the business of re-selling contact is getting more slimy and advanced and there are many tricks they can use to collect this. After digging around on their website, we could not find where they list their sources or how they collect this information.

This is yet another reason for why you should use a disposable email address service like Guerrilla Mail – and protect your privacy from websites that you do not trust yet.

As for “Full Contact”, the have an opt-out feature where you can give them your email address and ask them to remove your info from their databases.

See the opt-out form here: http://www.fullcontact.com/privacy/claim/

Whenever they honor their promise is yet to be proven.

New Server – 4x increase in capacity; Happy New Year!

Guerrilla Mail has increased capacity to 4x with the installation of a new server! One of the greatest features of this server is an SSD drive.

Guerrilla Mail’s software stack has been evolving too. Incoming emails are now stored in memory using Redis instead of going to disk – removing the biggest bottleneck. A Memcached server is also used for caching some requests. These improvements all help with speeding up Guerrilla Mail.

Some data needs to be persistent. This is where the SSD comes in handy – when its time to backup the data that’s in RAM, this can be done in a flash! Also, not all of the data can fit in RAM, especially the data for the file transfer feature.

Another important improvement was the addition of SSL encryption to our email server. Did you know that email on the internet usually travels between server to server without encryption? Email is really analogous to post-cards sent via snail-mail. When servers talk to each other to deliver your email, they can optionally negotiate a TLS connection, but it’s not required. Guerrilla Mail’s server now makes it possible to negotiate a TLS connection to ensure that email transfers get encrypted as desired by the sending server.

It’s also quite surprising to see our SMTP server that’s guzzling down all the email is working so well. What’s so surprising? Well, it’s written in PHP. The performance has been quite adequate. It barley goes over 5% CPU, even with thousands of connections open and hundreds of emails per second. The source code has been released here https://github.com/flashmob/Guerrilla-SMTPd

Although in the near future, Guerrilla Mail’s SMTP server will be switching to the Go programming language. A new project has been already started https://github.com/flashmob/go-guerrilla

2012 saw a lot of new features added to Guerrilla Mail, including the Alias Address, Password Manager, Email Sending, File Transfer and other smaller features. The site also added 4 new language translations.

Guerrilla Mail is looking forward to next year with more improvements and new features! We wish you a Happy New Year and see you next year!

Guerrilla Mail was mentioned in a FastCompany article

Guerrilla Mail was mentioned in a FastCompany article – http://www.fastcompany.com/3003061/real-cyberforensics-used-snoop-petraeus-and-you

It’s awesome to be mentioned in FastCompany! Although a little inaccurate. Guerrilla Mail has no concept of email account, there’s no registration or login. Guerrilla Mail is not your regular email, not designed for any real communication, but for times when you don’t want to give them your real email to protect yourself from spam!

Brace yourself, spam is coming!

For those who celebrated Thanksgiving, we hope you enjoyed your turkey!

It’s now coming up to the season where the spam and ham volume increases as businesses fight for your dollar and promote their Black Friday and Cyber Monday sales. Need to give your email address for a coupon or using a site that you don’t trust with your email? Guerrilla Mail is here to make your shopping safer and protect you from future spam!

Here are some quick tips:

– It is best not to click on any of the links in a commercial email. Most commercial email messages contain tracking links, which record your click. If you click on a tracking link then there’s a chance that the sender will send you similar emails in the future. Instead, try to locate the site by typing in the URL in the browser and navigating directly.

– If you must click on the link, be sure to hover over the link first to see that the address of the link is in fact to the website that you’re familiar with. Phishing emails often can appear as newsletters / alerts from sites that you registered with before. Phishing emails may look real, even contain your real name or other personal info as sophisticated phishing attacks are becoming more common.

– Ensure that HTTPS is on. When visiting the seller’s website, be sure to check for the padlock icon on the left of your browser’s address bar. You want click on the padlock icon to check that their certificate is valid and that the server that you have connected to is verified.

– Your real email address is valuable information, they want it badly so that they can spam you with deals! One aggressive practice some sites use to grab your email is to hold you up with a pop-up or a modal window. Look for a cross button to close it, most sites will let you close it and get the deal anyway without giving your email. Some site make it user-unfriendly to close it. For example, Groupon.com has a “Already registered?” link which will close the window and allow you to continue.

– How many times do you see, “Earn $10 for submitting your email address”? Would you like spam with that? You’re better off with going to a website where the price is $10 off already. If you must give them an email, we’re here to help!

– It’s better to buy from a trusted seller. However, there are times when even though you trust the seller to deliver you a good product/service, you still don’t trust them with your email! For that, you know what to do – https://www.guerrillamail.com is your friend.

Happy shopping this season from Guerrilla Mail!

Mozilla Persona – A new way to log in with an email address

Mozilla, the non-profit organization behind FireFox, has recently came up with a new method for registering and logging in to web sites called “persona”. https://developer.mozilla.org/en-US/docs/Persona

The problem?

Lets face it, registering in to websites is one of the biggest annoyances. Registration screens these days require you to fill in your email address, your password and many ask for other information. Yet again, you have to fill out another form, yet again, you have to make up a new password and make sure it conforms to the site’s rules.

What’s it about?

With Mozilla Persona, you only fill in your email and that’s all. Once you fill in the email address, you check it and click on the confirmation link. Persona logs you in automatically as soon as you click on this link. There is no need to fill in a password during the process.

Mozilla Persona is not only just for convenience. The ‘killer feature’ is it that eliminates the need for passwords altogether. Why is this important? Well, can you trust a random site with your password? Will the password be stored securely or will the password be exposed as soon as the site gets hacked? With the recent high-profile hacks, this problem is escalating in priority, yet using a new password for each website is too cumbersome.

Persona works perfectly with a temporary email service provider! It will work with Guerrilla Mail too. Because Guerrilla Mail doesn’t need a password, this will eliminate the need for passwords once and for all, if persona catches on.

It’s great, but it’s not perfect

Like with any login system, there are some concerns that we have too.

The major concern is that Persona will reveal your email address to the website that you are logging in to. This can be just as bad as giving a password to a website, since the website can use your email address to launch a phishing attack or send you spam.

For example, the website can ask you to log in to your website using a Persona, and then it will learn of your email address which you used to log in. A bad website could send you a fake email telling you that your login failed, and present you with a fake login screen that looks like a login screen to your email. Once a hacker breaks in to your email account, they will probably have access to all websites that you have logged in to with persona in the past, because they may see the records from your email archive. Using 2-factor authentication for your email can help mitigate this problem.

Another problem is that your email address becomes the identity. So what happens if your email address changes or you no longer have access to your email address? What if your email service provider goes out of business or your jobs change?

More weaknesses with persona are described here: http://www.opine.me/mozilla-persona-browserid-is-a-step-in-the-wrong-direction/

Our verdict
GuerrillaMail believes that an email address are not the best way to provide identity, due to some of the weaknesses of Mozilla Persona mentioned above. Although we do think that Persona has a very strong point – that is logging in to websites without a password which make it very attractive to the average user.

Guerrilla Mail is enabled for Persona Right now! You can try it out by logging in to http://theopenphotoproject.org/


Testing now: Sending – our most requested feature!

Today we are rolled out a beta version of the most requested feature: ability to Compose, Forward and Reply emails.

We also added the ability to transfer files! Right now, the maximum is 150MB, but this will change in the future as we improve our system. We’re thinking that in the future, Guerrilla Mail may be used for temporary file hosting – right now, files stay up for 24hrs for whoever has the link from the sent email.

This is just a beta version for now, we’ll see how it goes. Currently we have use mandatory CAPTCHA to deal with spam. We also run the outgoing messages through a spam filter to check spam.

We hope to get your feedback! http://www.guerrillamail.com

New Feature: Alias Address

Guerrilla Mail doesn’t require registration or login – you simply visit the site and a new email address is minted right before your eyes, no clicking or typing necessary.

That’s great, however, since there’s no password, you’ve probably already assumed that anyone who knows your Inbox ID may have access to your email. That’s satisfactory for most cases, but if you need more privacy and security, then we have the Alias Address feature.

Using an Alias Address will further protect your privacy and security by providing you with a special address which points to your inbox, but hides your Inbox ID.  Alias Address cannot be used as an Inbox IDs, so it’s not easy for someone to know what Inbox ID was used.

For example, an Alias for test@guerrillamail.com is sjyj+wok@sharklasers.com

For the best results, make your Inbox ID harder-to-guess! Why?

Because the Alias is always identical for each Inbox ID, and if you use a common name such as ‘test’, there’s a greater probability that someone used the identical Inbox ID before, and they have remembered which Inbox ID generated that alias. Email addresses are often leaked on the web, so someone could do a web search for the Alias to see if it has been used it before. Of course, these are just possibilities – not that anyone would want to do that, and you’re better off instead with using and email service provider that actually has passwords and 2-factor authentication. [Insert a Paranoid Parrot meme here]

So, the Alias Address adds another layer of security without the need for passwords. The random 8 character address given to you at the start should be adequate for most uses. Enjoy!

‘Extend’ Button Removed

Antoine de Saint-Exupery once said “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”

Today we removed the ‘Extend’ button. There no need to extend the time any-more! Now it will extend automatically for as long as you stay on the site. Actually, that’s how it worked for a year now. The extend button was just a placebo and wasting bandwidth ;)

All addresses work all the time now, so they cannot expire. We capture email for all addresses into the quarantine.

When an email arrives at Guerrilla Mail, it waits in the quarantine for up to 1 hour. If a user checks their inbox, Guerrilla Mail will check the quarantine for new email. If found, the email will be moved from the quarantine. Else, emails will be deleted from the quarantine if they wait for longer than one hour to be picked up.

Once the email is in an inbox, it will be given 1 hour more, or until the user deletes it.


Updates: HTTPS always on

Today we turned on SSL for guerrillamail.com and decided that HTTPS will always be on for all web traffic. This should help increase privacy, and get ready for some other features that may be rolled out in the near future! Although Guerrilla Mail doesn’t need passwords, it still uses sessions, which means that using HTTPS will ensure that the session information is always encrypted when it is transferred on the internet.

Here is a summary of what was rolled out today:

– Increased page load speed: Split in to ‘on-demand’ tabs, Password Manager is loaded on demand, moved all the social buttons to the About Us page.

– User Interface changes:  Adjusted styles for buttons, moved content up so that inbox  is more visible, email is selected by default so that it can be copied with the keyboard, re-arranged domain selection, changed Inbox id editing to be more obvious

– Password Manager bug fixes

– Fixed a bug with IE8 (thanks for reporting)


Finally, here is a cool plugin you can use to turn HTTPS on by default with many major websites:

“HTTPS Everywhere” https://www.eff.org/https-everywhere/


Thanks for visiting us!

New Feature: Password Manager

Wouldn’t it be great to remember only one password, but use a different password for each site?

Most definitely, it would be great! Especially with the increase of high-profile hacking incidents, it’s becoming even more important these days not to re-use a password. That way, if your password is compromised for one site, then it won’t be compromised for all others.

“Remember a new password for each site?”, we hear you cry! Yes, it’s impossible to remember a new password for every site that you register with, so that’s why you may need a Password Manager.

This was one of the most requested features, and we thought that this would be an awesome addition.   So we’ve added a new ‘Password Manager’ feature under the new Tools tab.

See http://www.guerrillamail.com/tools

So how is it different to a normal password manager?

The main difference is that your master password is never sent, stored or transmitted in any form. Not even the ‘hash’ or signature. Nothing. Everything done on the client-side.

The generated password will always contain at least one number, one upper case character and one symbol. We may add fancy options later for this, but right now, lets keep things simple to just one option.

Yes, we know –  These rules that most websites impose don’t make sense for us, because there is always a chance that our Password Manager may generate a super strong password even without numbers, upper-case and symbols. In fact, in some cases, websites who impose these rules may unintentionally reduce the search set so that a cracker doesn’t have to try all the combinations…

How to use it?

Type in the domain name of the site asking for login and enter a very strong Master Passphrase. http://en.wikipedia.org/wiki/Passphrase

You may copy and paste the url or host name of the site that is asking for a password. There will be a counter showing how many characters the new password will be. The minimum is 8 characters. If you want to have a longer password, just type in a longer Master Passphrase.

How does it work? (Warning: Nerd Talk ahead)

You may wonder about the technical details. Here is how it works:

1. A hash is taken from the Master Passphrase using SHA256 algorithm.

2. The hash from step 1 is passed through 10,000 rounds of HMAC-SHA256, this process is mainly for key stretching (see http://en.wikipedia.org/wiki/Key_stretching). The domain name is used as salt.

3. The hash from step 2 is used to to generate a new password. The domain is used as the salt, again.

4. If a password is not found according to the rules, repeat step 3, but this time change the salt by appending a counter.

– From a 256bit value, the generated password is converted from base 16 to a base of the following alphabet: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`~!@#$%^&*()_-+=}]{[;:”\’?/>.<,

– All this is done in your browser using Javascript.

One final note. This tool is in beta and doesn’t guarantee anything or carry any warranty. Use at your own risk. Although this should be perfect for most Guerrilla Mail use cases.

« Previous PageNext Page »