Automatically Expiring Email Addresses

Written 8 years ago by Mike Cardwell

Previously, whenever I gave out an email address to an organisation, no matter how trustworthy they might seem, I created a specific email address for them. Eg, if I entered a competition run by Dixons, I might give them “”. I did this to protect my main email address in case the organisation I give the address to leaked it or abused it, either maliciously or accidently.

This was a bit of a pain though because it involved me having to configure up a new address each time I wanted to sign up for something. I didn’t want a catchall configured because I would end up receiving large amounts of spam. So I came up with a new idea which is, automatically expiring email addresses.

I wanted to be able to hand out email addresses of the format “” without having to create new aliases each time. These email addresses would work until the date YYYY-MMM-DD was reached. So for example, if today is the 3rd of June 2009 and I enter an online competition that ends in one month, and I know there will be no further email correspondence regarding the competition after two months, I just give them an email address which will work for the next two months and then stop working:

In my Exim acl_smtp_rcpt acl, I have the following:

deny domains     =
     set acl_m0  = ${sg{$local_part}{\N[/\.]\N}{-}}
     set acl_m0  = ${if match{$acl_m0}{\N^(\d+)-(.{3})-(\d+)$\N}{\
                          xJan=01 xFeb=02 xMar=03 xApr=04 xMay=05 xJun=06 \
                          xJul=07 xAug=08 xSep=09 xOct=10 xNov=11 xDec=12\
     condition   = ${if !match{$acl_m0}{\N^20\d\d-(0\d|1[0-2])-([012]\d|3[01])$\N}}
     message     = Bad recipient address: $local_part@$domain
deny domains     =
     condition   = ${if <{${sg{$acl_m0}{-}{}}}{${sg{${sg{$tod_log}{ .+}{}}}{-}{}}}}
     message     = $local_part@$domain has expired
     log_message = Expired address: $local_part@$domain
accept domains   =

With the above configuration, if I wanted to give a company an email address that they could send me email to until the 3rd of June 2009, all of the following work:

Strictly, my configuration would allow for things like “2009/” as well, but I tend to stick to the “2009-Jun-03” format.

If an address is ever abused which is far in the future, eg with a local part of “2020-Jan-01” I can always just put in a rule to block email to that alias. That would require a targetted malicious attack against me though because I don’t give out such addresses. I could also just change the domain from “” to something else, or add more data to the local part, eg “”

Looking to hire somebody like me? I'm open to offers of full time employment and small contract jobs. Check out my hiring page. You can follow this Blog using RSS or . To read more, visit my blog index.

Feeling generous?BitcoinMoneroZcashPaypal