Automatically Expiring Email Addresses

Written 14 years ago by Mike Cardwell

Previously, whenever I gave out an email address to an organisation, no matter how trustworthy they might seem, I created a specific email address for them. Eg, if I entered a competition run by Dixons, I might give them ““. I did this to protect my main email address in case the organisation I give the address to leaked it or abused it, either maliciously or accidently.

This was a bit of a pain though because it involved me having to configure up a new address each time I wanted to sign up for something. I didn’t want a catchall configured because I would end up receiving large amounts of spam. So I came up with a new idea which is, automatically expiring email addresses.

I wanted to be able to hand out email addresses of the format ““ without having to create new aliases each time. These email addresses would work until the date YYYY-MMM-DD was reached. So for example, if today is the 3rd of June 2009 and I enter an online competition that ends in one month, and I know there will be no further email correspondence regarding the competition after two months, I just give them an email address which will work for the next two months and then stop working:

In my Exim acl_smtp_rcpt acl, I have the following:

deny domains     =
     set acl_m0  = ${sg{$local_part}{\N[/\.]\N}{-}}
     set acl_m0  = ${if match{$acl_m0}{\N^(\d+)-(.{3})-(\d+)$\N}{\
                          xJan=01 xFeb=02 xMar=03 xApr=04 xMay=05 xJun=06 \
                          xJul=07 xAug=08 xSep=09 xOct=10 xNov=11 xDec=12\
     condition   = ${if !match{$acl_m0}{\N^20\d\d-(0\d|1[0-2])-([012]\d|3[01])$\N}}
     message     = Bad recipient address: $local_part@$domain
deny domains     =
     condition   = ${if <{${sg{$acl_m0}{-}{}}}{${sg{${sg{$tod_log}{ .+}{}}}{-}{}}}}
     message     = $local_part@$domain has expired
     log_message = Expired address: $local_part@$domain
accept domains   =

With the above configuration, if I wanted to give a company an email address that they could send me email to until the 3rd of June 2009, all of the following work:

Strictly, my configuration would allow for things like “2009/“ as well, but I tend to stick to the “2009-Jun-03” format.

If an address is ever abused which is far in the future, eg with a local part of “2020-Jan-01” I can always just put in a rule to block email to that alias. That would require a targetted malicious attack against me though because I don’t give out such addresses. I could also just change the domain from “” to something else, or add more data to the local part, eg “

Want to leave a tip?BitcoinMoneroZcashPaypalYou can follow this Blog using RSS. To read more, visit my blog index.