Use-After-FreeMail

Disposable email services provide temporary email addresses, which allows people to register online accounts without exposing their real email addresses. In this paper, we perform the first measurement study on disposable email services with two main goals. First, we aim to understand what disposable email services are used for, and what risks (if any) are involved in the common use cases. Second, we use the disposable email services as a public gateway to collect a large-scale email dataset for measuring email tracking. Over three months, we collected a dataset from 7 popular disposable email services which contain 2.3 million emails sent by 210K domains. We show that online accounts registered through disposable email addresses can be easily hijacked, leading to potential information leakage and financial loss. By empirically analyzing email tracking, we find that third-party tracking is highly prevalent, especially in the emails sent by popular services. We observe that trackers are using various methods to hide their tracking behavior such as falsely claiming the size of tracking images or hiding real trackers behind redirections. A few top trackers stand out in the tracking ecosystem but are not yet dominating the market.

show abstract

Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust

Miramirkhani

Ferdman

et al. 2022

2022 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Use-After-FreeMail

Cited by 9 publications

References 32 publications

GDPiRated – Stealing Personal Information On- and Offline

GDPiRated – Stealing Personal Information On- and Offline

Characterizing Pixel Tracking through the Lens of Disposable Email Services

Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust

Contact Info

Product

Resources

About