Disposable email addressing, also known as DEA or dark mail, refers to an approach which involves a unique email address being used for every contact, entity, or for a limited number of times or uses. The benefit is that if anyone compromises the address or utilizes it in connection with email abuse, the address owner can easily cancel (or "dispose" of) it without affecting any of their other contacts.

Ideally, owners share a DEA once with each contact/entity. Thus, if the DEA should ever change, only one entity needs to be updated. By comparison, the traditional practice of giving the same email address to multiple recipients means that if that address subsequently changes, many legitimate recipients will need to receive notification of the change and to update their records — a potentially tedious process. Additionally, because access has been narrowed down to one contact, that entity then becomes the most likely point of compromise for any spam that account receives (see "filtering" below for exceptions). This allows users to determine firsthand the trustworthiness of the people with whom they share their DEAs. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned as undeliverable if the DEA is deleted outright. Further, because DEAs serve as a layer of indirection between the sender and recipient, if the DEA user's actual email address changes, for instance because of moving from a university address to a local ISP, then the user need only update the DEA service provider about the change, and all outstanding DEAs will continue to function without updating.

Some forum and wiki administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, Internet trolls, vandals and other users that may have been banned may use throwaway email addresses to get around the ban.[7] Using a DEA provider only makes this easier; the same convenience with which a person may create a DEA to filter spam also applies to trolls.[8] Website operators expecting to generate revenue by selling the user email addresses they gather may choose to ban DEAs as well, due to the low market value of such addresses. There are several free lists available to help detect DEA domains, as well as managed services. Banning DEAs might not be as effective at deterring undesirable users. More effective techniques for controlling undesirables without inconveniences to legitimate DEA users might include: recognizing legitimate DEAs for what they are (they usually have a proper domain and a fixed prefix or suffix), distinguishing them from short-lived, random throwaway address patterns or domains used by undesirables, wildcard banning. As with any kind of threat and defense measures, no attempts to use or thwart DEAs are foolproof — any filtering method is bound to result in some false positives (legitimate users getting banned), and some false negatives (undesirables getting through, and legitimate users managing to come up with a DEA pattern getting around limitations imposed by site administrators). This is because the email address may be partly or fully defined by the user, made to appear as "permanent"-looking as needed, or made to avoid a particular pattern, defeating any filtering because for all intents and purposes it is not different from a permanent one, despite being limited to one purpose. Caught in the crossfire between Internet undesirables and administrative and user attempts to deal with them, DEA providers have trouble presenting a total solution. A user may find it necessary to come up with a conventional-looking email address (or create a separate mailbox in the worst case) to a public/commercial entity if required. There is always uncertainty about the trustworthiness and reputation of the site administrators, the availability of options to hide email addresses, the existence/enforcement of an acceptable privacy policy and the chance that the site may one day be compromised or transferred to new owners. Even the largest and otherwise reputable companies have been compromised or resorted to sending spam or giving away emails to third parties. A human correspondent's computer or mailbox may be compromised by malware and his address book can be stolen and sold to spammers.

SpamCop is an email spam reporting service, allowing recipients of unsolicited bulk or commercial email to report IP addresses found by SpamCop's analysis to be senders of the spam to the abuse reporting addresses of those IP addresses. SpamCop uses these reports to compile a list of computers sending spam called the "SpamCop Blocking List" or "SpamCop Blacklist" (SCBL).

Address munging is the practice of disguising an e-mail address to prevent it from being automatically collected by unsolicited bulk e-mail providers. Address munging is intended to disguise an e-mail address in a way that prevents computer software from seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com", for instance. Any e-mail address posted in public is likely to be automatically collected by computer software used by bulk emailers (a process known as e-mail address scavenging). Addresses posted on webpages, Usenet or chat rooms are particularly vulnerable to this.[1] Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a mailing list that is archived and made available via the web, or passed onto a Usenet news server and made public, may eventually be scanned and collected.