-
-
Save nocturnalgeek/1b8fa44283314544c487 to your computer and use it in GitHub Desktop.
| @binkmail.com | |
| @bobmail.info | |
| @chammy.info | |
| @devnullmail.com | |
| @letthemeatspam.com | |
| @mailinater.com | |
| @mailinator.net | |
| @mailinator2.com | |
| @notmailinator.com | |
| @reallymymail.com | |
| @reconmail.com | |
| @safetymail.info | |
| @sendspamhere.com | |
| @sogetthis.com | |
| @spambooger.com | |
| @spamherelots.com | |
| @spamhereplease.com | |
| @spamthisplease.com | |
| @streetwisemail.com | |
| @suremail.info | |
| @thisisnotmyrealemail.com | |
| @tradermail.info | |
| @veryrealemail.com | |
| @zippymail.info |
We don't send a newsletter. We don't send unsolicited mail.
@kode54 All web sites claim this. It's called lying. If you weren't sending unsolicited mail, you wouldn't care if the e-mail address I give you is the one I actually attempt to use to receive legitimate e-mails. Since you do care, that means you either plan on spamming me yourself, or you plan on selling my address to spammers, who want assurance that the product you're selling is real peoples' real e-mail addresses.
Oh get stuffed, you over paranoid sack of crap. It's a forum, it sends notifications for topics you subscribe to, and for personal messages sent to you. And if you enable it, admins, and further if you enable it, regular users, can send you direct emails through the forum script. If you ever want to come back and forget your password, you'll need a working address to recover your account, or else you're just clogging our registration system up with dead accounts. Of which we have literally hundreds of thousands, which we'll never delete, because we don't know if any of them will ever become active again.
We've had people use disposable emails that can clearly be accessed by just anyone, and which will cease functioning within an hour, come to ask questions, then leave. They'll never get a notification if someone replies to them. They'll have to manually visit the forum periodically to check if they've gotten a reply. There's no way to contact them, whatsoever, without them manually logging in and checking the forum.
Maybe you should be more paranoid about the person who hosts our forum. He has admin access, so he could literally be scraping the entire database to sell his software products to the user base. Which would get him in trouble with the law in his home country.
It's a forum, it sends notifications for topics you subscribe to, and for personal messages sent to you.
...and it probably also gives or sells those addresses out to phishers, advance-fee fraudsters, and other criminals. How else would you propose that these scumbags get people's e-mail addresses?
Git logs frequently contain email addresses. Site database leaks from one of dozens of web sites contain email addresses.
E: Forgot one: Some spammers take lists of known usernames, also from site leaks, and stuff them at popular free mail provider domains, regardless of if they have a definite knowledge of such an address existing.
E2: Thought of a theoretical. We use SendGrid to send email. Wouldn't be surprised to find someone try to hack that service and harvest it for destination addresses from all the customers who use the service for mail sending.
You're welcome to use unique addresses for every site you visit. But please, ensure that it's a valid-for-life address, and then you're welcome to report us to whatever authority you want when it turns out someone manages to spam it.
@kode54 I know for a fact that even so-called "reputable" websites voluntarily hand over their users' e-mail addresses (and other information) to criminals, and furthermore I have no reason to want some fly-by-night forum to have information that can actually be used to get in contact with me outside of the forum itself. You don't need that information. The things you claim to need it for are not real needs.
- If I want to see my PMs, I'll log into the forum. If I don't log into the forum, it's because I don't give a shit if I got any messages.
- I don't forget forum passwords because my password on a forum will always be "password", because forum accounts are not worth protecting. Therefore, I have no need for the password recovery feature.
Cool, so your forum accounts are open to password stuffing attacks, and since you don’t care about them, anyone can use them. I’ll just have to watch out for your sorry ass and ban you on sight. But as you said, forum accounts are essentially worthless, since nobody has any reputation on forums anyway. So if you have no reputation anywhere, what are you, other than some worthless nobody who should immediately be disregarded?
By the way, I just consider email a means to an end. It’s practically worthless these days, other than being the most important linchpin to accessing every single service you’ve ever registered at. I expect most mail providers intentionally expose their full user list to the world, and it’s expected to see your spam folder fill up from day one.
@kode54 Nobody is attacking your 10-user forum. That's exactly why it doesn't matter what the password is.
This doesn’t look like 10 users to me...
I LOVE THESE EMAIL ADDRESSES!! I USE THEM TO HARM FORUM OWNERS AND SYS ADMINS AS MUCH AS POSSIBLE!!! IT'S HILARIOUS TO ME!!
Cool, so your forum accounts are open to password stuffing attacks, and since you don’t care about them, anyone can use them. I’ll just have to watch out for your sorry ass and ban you on sight. But as you said, forum accounts are essentially worthless, since nobody has any reputation on forums anyway. So if you have no reputation anywhere, what are you, other than some worthless nobody who should immediately be disregarded?
I didn't register to your forum in order to post to your forum. I don't want to post to your forum. I don't even want permission to post on your forum.
Here are things I've wanted to do on a forum, that've required me to register on said forum before I could do them:
- search the forum
- download an attachment on a post
- view inline images on a post
- de-scramble the URLs embedded in a post
- de-scramble blockquoted text embedded in a post
- (most egregious of all) view posts on subforums other than some useless "announcements" subforum
If your forum prevents guests from doing these things, while also allowing registered users to post arbitrary content, then at some point one of your users is going to post some important resource on your forum that other people are going to link to. And people are going to come from outside your community, via those links, to get that resource. And—presuming the important resource requires one of the above operations to get at it—these guest users are going to find an account-registration-wall in their way.
Even though, when you think about it, these are all non-mutative operations. Spambots and other such bot-traffic have absolutely no incentive to be doing any of them, because doing them doesn't get them any closer to posting spam.
The only thing that account-limiting these operations does do, is to disincentivize humans from using your forum as a makeshift public blogging engine†, by making it so that random people who arrive to a post on your forum from an external link, won't get any value from that post until they register.
† (It also previously was a protection against using the forum as a hotlink image/file host. But requiring CSRF tokens to be passed in the query-string of your embedded-image and file-attachment URLs, neatly sidesteps that concern.)
You'd think that this disincentive would mean that people just won't bother to host important stuff they want to externally link to, on your forum.
But nope! People still end up doing that anyway—probably because they're so integrated into your forum's community that they've completely forgotten what the forum experience is like for an unregistered guest. And in the process, they force everyone who visits their post to register for your forum in order to get at the thing they've posted. (Because, very often, these are things people need, and will go through any amount of annoyance to get. Patched drivers for their 20-year-old computer, for example.)
So, some advice:
-
If you are a person who writes forum software: if you must rate-limit these costly-but-non-mutative actions, just put them behind a CAPTCHA or something. Like Cloudflare does when it doesn't trust people.
-
If you are a person selecting forum software to run your community on: please select software that allows guests to—by some mechanism other than registering—access the important resources that happen to only exist in the form of posts on your forum.
(Because, if you don't, users have every reason to register fake accounts on your forum. They don't trust you; they don't want to trust you. They don't even want you to trust them. They don't want to establish any kind of relationship with you—not an ongoing one, and not a temporary one. They just want to download the 140KB .zip file that someone decided to make your forum the canonical file-host for. Let them do that, and you'll see any human interest in using temp emails for your forum registration, disappear.)
Thank you @tsutsu for taking the time to write this. The amount of times I have run into this is infuriating and it's so completely unnecessary. There is never any need hide non-mutating access behind any kind of login. If people coming to your forum simply to read it is causing you problems you have no business running a website in 2020. And if you let Google index something that I can't see as a human following the link you are an asshole of the first order.
It's even worse when you actually have something worthwhile to contribute. Plenty of times I have had to research issues where the first Google hits only give you posts by other people with the same problem. I'm persistent so I will usually figure out the solution. I sometimes try to go back to the top Google result to leave a quick note for people who come after me but if you make me jump through countless hoops and block maillinator-like domains it's not going to happen.
I'm not going to give you my real email address to make one post on a forum I'm never coming back to. In 90% of the cases your stupid PHP site is going to get hacked in the next 12 months and the whole db leaked.
Kiwi Searches is the top online people finder to look up people, addresses, and phone numbers by name. free person lookup
If in any sort of 'online merchantilism' the validy of my email is important and not the money I'll be paying or receiving, then you're doing something shady with my email.
Either you're selling it, or you're using it to send adverts through some other puppet outlet and other such things.
Because otherwise, you're not going to buy a loaf of bread at the bakery with my email, you're buying it with cash.
So, again, if you sweat about my email and not about actual money, they my email is money to you, and I don't want my email to be your income.
Personally, I Want to get a copy of my sales invoice, and I want to get another email telling me it has been shipped and how. Also, them having a correct email lets them communicate with me if there is a problem with my order or credit card. Its much cheaper for business's to communicate over email rather than calling people. Yes, I run a couple businesses, and I have never sold or supplied any customers email with anyone. I would say there has never been any legit business who has ever cared more about an email over money from sales.
I get direct marketing e-mails from several companies where I've signed up for accounts. The deluge of trash never stops. Nearly every company does it. Companies have completely ruined e-mail as a way to contact a person. I probably won't get that e-mail about a problem with my order because it'll be buried among a thousand spam messages that made it past the filter. You'd have to call me anyway to tell me what's in the Subject line so I can isolate your e-mail from all the spam. Otherwise I won't notice that I got an e-mail at all.
I'm gonna simply repeat myself. If in any sort of merchantile environment that is ultimately about money, my email must be some sort of actual ID like thing, then you're doing something shady with it.
Otherwise it's like supplying a home address and then moving. Like giving a cellphone number and switching providers/numbers/areas/whatever.
It's like calling me on landline and I'm not picking up cause I'm outside.
It's like sending me a postcard and my neighbor picks it up by mistake.
It's like calling me in person and I mishear you and don't respond.
None of this has ever stood in the way of anything truly serious.
If my email address is a complete pile of junk that anyone can read and you block it because of that, then that's STILL you being shady.
Instead of accepting my poor protocol regarding communciation, you still shouldn't ultimately care, as long as the money that exchanges hands for whatever goods, is good.
Fussing about my email == you're making money off it. 150%, nine times out of eight, every time. No exceptions.
You can simply create any mail to your disposable number. This will protect you from spam and advertising. It's very easy to do today. One of the best services with low prices: SMS-Man
There is a section on the site with their API documentation. You can easily write your own app and buy numbers in bulk. I've already done that and I'm using it safely.
@AlphaDG If you want all these things you are free so give them your real email and take the risk of the business being shady or just incompetent at keeping your information secure. And lets be real, a lot of websites asking for email will never need to send you an invoice or anything else important. Users know this.
The key part is that if you ask for an email let the user give you an email they are happy with, even if it's a temporary one. It doesn't mean an account is fake. It just means the user has made a rational decision regarding the tradeoffs involved.
As you can see in all these comments people just have been burned too many times and understand that a large percentage of sites have no real need for an email address and just use it to track people and spam them.
@markopy I agree with you 100% on if someone feels they need a temp email, and I have no problem with that. I personally have an option that a lot of people don't have.. I have my own server, so I create a 'forwarding' email for every single site I sign up for, and every single supplier. It takes about a minute to create one :) If I start getting anything not from who that email was created for, I just delete that email. They are all real, and are from one of my own websites, but I never give out my 'main' email :)
Most websites I give an email, are suppliers, so I do need to keep an open line of communication with each. As for asking for emails, I run 6 social sites, so having something real so they get their friend requests, message notifications, etc is important to me, and I feel it is important to them. If they give a temp email, I don't see them being serious about their profile, or returning. I have found with over 60,000 members (total) that 99.9% who use a temp email never return, or complete their profile. So many social sites are full of fake {or BS) profiles, and I don't want to expose those to the other members. There is a logic to my methods :) All of my sites give each person the option to 'Not' receive any notifications, and when anyone creates an account, it is set to 'No Notifications' initially.
Lets look at the 'person' above who wrote "I USE THEM TO HARM FORUM OWNERS AND SYS ADMINS AS MUCH AS POSSIBLE!!!". Its because of people like that is why a lot of sites block temp emails. Creating thousands of fake profiles means nothing to me since I never see them. The software scans for empty profiles (not used in 3+ months) once a month and deletes them :) Each one takes a few bytes on a server with several terabytes of storage, and none are seen by other members. This guy is not 'harming' anyone, and wasting his time. :)
@AlphaDG Sounds like we don't disagree on much anymore. 2015 was a long time ago and I'm glad you automated things and don't spend 4-5 hours each week deleting fake profiles anymore :)
And that's really my main point. If someone using a fake email is "harming" your site you are doing something fundamentally wrong and need to take a step back and look a the bigger picture of why that is instead of reflexively blocking those emails.
Is it because people are forced to register when they shouldn't, like in all of @tsutsu's examples?
Are you trying to fight professional spammers, in which case a captcha before signup is probably much more effective? Also nofollow links, etc.
Are you trying to protect the culture and active members of your forum? If so, sure, you can use a fake email as a weak signal but there is no need to outright block them. You will likely get better results by simply using their behavior on your site to decide whether to ban them.
All the website operators who hate mailinator should take a moment to consider why it exists in the first place. It's not because the people who use it are primarily malicious, they are just trying to protect themselves. I mean this is such a big problem that even Apple has a feature now to automatically generate random emails for you: https://support.apple.com/en-us/HT210425
Yes, there is no way we should use legitimate email addresses online for anything except the most important resources we use (banking, social security, tax office). All the rest is too much at risk of being hacked or leaked, as webmasters do not properly maintain and apply security updates to their websites and forums. Not associating a real email to random website registration forms is a good security practice, as is a regular check on haveibeenpwned...
Be careful: willmedtrainingsolutionscom's list includes @gmail.com!
It also contains @gmx.com which is used by millions of people. Since he is using the list for lead generation he is probably doing them all a favor though.
I ban disposable email providers from my forum the moment they're noticed by staff. We don't send a newsletter. We don't send unsolicited mail.
gmail accounts are free so i'm not sure what you think you're accomplishing here
@bucketss gmail accounts are not free.
If something appears to be free, you are the product.
as of today
| domain | status |
|---|---|
| binkmail.com | ✅ |
| bobmail.info | ✅ |
| chammy.info | ✅ |
| devnullmail.com | ✅ |
| fakeinformation.com | ❌ |
| letthemeatspam.com | ❌ |
| mailinater.com | ✅ |
| mailinator2.com | ❌ |
| mailinator.com | ✅ |
| mailinator.net | ✅ |
| mailismagic.com | ❌ |
| mailtothis.com | ✅ |
| monumentmail.com | ✅ |
| notmailinator.com | ✅ |
| reallymymail.com | ✅ |
| reconmail.com | ❌ |
| safetymail.info | ✅ |
| sendspamhere.com | ✅ |
| sogetthis.com | ✅ |
| spambooger.com | ❌ |
| spamgoes.in | ❌ |
| spamherelots.com | ❌ |
| spamhereplease.com | ✅ |
| spamthisplease.com | ❌ |
| streetwisemail.com | ❌ |
| suremail.info | ✅ |
| thisisnotmyrealemail.com | ✅ |
| tradermail.info | ✅ |
| veryrealemail.com | ✅ |
| zippymail.info | ✅ |
Those with ❌ moved to another IP: https://bgp.he.net/ip/146.71.77.198#_dnsrecords
Interesting debate
I ban disposable email providers from my forum the moment they're noticed by staff.
Then you probably won't see me there, and probably don't miss much either :)
We don't send a newsletter. We don't send unsolicited mail.
sure but do I have to trust you to never ever have data leak ?
Maybe someone above suggested it would be a better idea to require SMS verification?
there are ways to get disposable mobile number even if a bit harder than getting email address
spammers
I manage a community driven event platform (think of meetup.com but free), and most (I would say 99%) of the spam comes from users having a gmail address. Still I can't ban gmail as most (I would say 50%) of the legit users are also having gmail address.
But hey, your plaftorm, your rules.
Those with ❌ moved to another IP: https://bgp.he.net/ip/146.71.77.198#_dnsrecords
still operated by mailinator ? afaict, it seems not.
plus some are "ns1.namefind.com" so domain to sell.
@setop after ~10 years, I'm not surprised it's not up to date. The code I wrote to build this is long gone.
@setop after ~10 years, I'm not surprised it's not up to date. The code I wrote to build this is long gone.
Sure that was it was worth an update ;)
And thanks for the initial job of collecting them.
I recovered it as you message remind me I did the same in the past :)
I know they use to show some of them on homepage. This is not the case anymore.
My list - and the code I used to build it - is eight years old.
I merged our both lists in my comment.
Do you have any source to get more of them ?
Not my platform any more. I divested myself from it. They can clean up after all the spam manually.
@kode54 All web sites claim this. It's called lying. If you weren't sending unsolicited mail, you wouldn't care if the e-mail address I give you is the one I actually attempt to use to receive legitimate e-mails. Since you do care, that means you either plan on spamming me yourself, or you plan on selling my address to spammers, who want assurance that the product you're selling is real peoples' real e-mail addresses.