LastPass Forums

It would be nice if you guys included a feature for disposable emails. Similar to the Nyms service offered by Anonymizer.com.. you could totally do it for less or contract with them for a reduced cost to pass on to your user base. Makings of a deal there (or just build it yourselves .. LOL)

+1 for this idea

LastPass is a password manager.. not an email provider..

This is true.. Lastpass probably is better off in a core competency. What is interesting is that dynamic plus aliasing is already free from gmail anyway.. So let's say you have an email like myemail@goolge.com you can use plus aliasing to create random numbers and letters so your username (usually your email) cannot be easily enumerated when registering on multiple sites and let LastPass do what it does best.. store your stuff including alias emails securely. So for site 1 you could register with myemail+site175656565GTY@gmail.com you WILL receive the email confirmation at your myemail@gmail.com account reguardless of what you put after the +sign and before the @ symbol. Just save the email alias name in LastPass as your usernamefor each site or you will forget what distinct alias you used to register with on different sites. Again worth repeating.. Google's dynamic plus aliasing is FREE..

So what this effectively does is two things.. 1) it lets you identify who is spamming you for free as you will see the name of each site if you choose to do it that way I outlined above and 2) If you also append random numbers and letters at the end no one will even be able to guess your username so it is not so easy to enumerate across multiple sites that used to use the same email address. So you effectively leveraged two technologies.. Dynamic plus aliasing from gmail and lastpass to remember the aliases you used to register on sites as well as the password.. Thereby reducing your exposure across multiple sites where your email is the username.

You can say thank you now.. keep safe and secure and use lastpass and email aliases across different sites!!

Above post .. The example email was myemail@gmail.com. Ignore the brain fart myemail@google.com .. Sorry for that typo/brain fart..

Hey.. Here's a brain fart to keep on topic for a lastpass feature that would cost LastPass next to nothing to do.. Autogenerated plus aliases.. Google doesn't care what you use after the + and before the @ they just forward it on to your base email address.. so if lastpass detects the gmail.com email domain as part of the username offer an option to autogenerate a cool dynamic autogenerated plus email alias for that site (like +sitename and some random alphanumeric characters) while autogenerating the password would be WAY cool!! A little help widget could clue people in to the benefit of doing this when they autogen the password to also autogen the email plus alias.. I think other email providers also support plus aliasing fastmail comes to mind.. but you guys can research all the email domains that do this.

japman Wrote:myemail+site175656565GTY@gmail.com

1) it lets you identify who is spamming you for free as you will see the name of each site if you choose to do it that way I outlined above

Wouldn't it be fairly easy for spammers to check for the plus sign in the email addresses they got and remove everything from the "+" to the "@"?

While it is true a real spammer would know and simply remove/filter it.. So you are right it is not much for spamming purposes. But assuming they just sell it as part of a broader list it is possible no filtering would happen. It is still not as powerful as a true disposable email but you would be surprised how lame some spammers are. But more importantly I think is the inability for a hacker to enumerate your username (when using your email as such). They would have to guess what you put in after the +.and before the @ on every site.. And if you keep it higly random they are now not able to enumerate the username. This combined with a truly complex password makes it two things they gotta guess that changes from site from site and not just the password.

Unless they entirely compromised the site and already have your username of course. But even then they would not compromise every site as you do not use the same username across sites if you do this,