Detecting throwaway email addresses during registration
Detecting throwaway email addresses during registration
Spammers, trolls, and ban evaders often use temporary email addresses. PieFed now checks a list of known temporary email providers and displays a warning icon next to registrations that use such services.
If registration mode is set to "Open" (no approval needed) then the site admin(s) receive a notification instead.
A throwaway email address isn't always a bad thing but it's one factor that admins might want to take into account.
Seems like an overreach. Most spam I see is from gmail.com not alias services.
As others have stated this is a terrible idea especially for the fedi where people are far more likely to use alias addresses. Incredibly tone deaf.
It's just a warning, you can still register using it I'm pretty sure
Yeah. Just off to the right of the screenshot is the approve button which didn't seem relevant at the time.
I have to chime in and say this feels a bit underthought feature. I use a throwaway email for everything possible, and I would imagine a large portion of Fediverse users do that too.
I also get the motivation behind the feature. I didn't feel like throwaway addresses are worth it before I started using them. They may seem like an obvious spammer flag. But I'd say it's 50/50, just like with any free email provider like gmail or Proton mail.
You say it's 50/50 based on your own experience/anecdotal evidence. Admins will probably be able to make that determination with a much greater deal of accuracy based on what they see happening on their instance. So it makes sense to leave the choice to them/enable them to make that choice, right?
True, I failed to mention that I think there could be a setting to enable the feature, or dismiss the warning per-account. @rimu@piefed.social maybe consider this?
We'll see. If it turns out to be useless noise, I'll remove it from the signal.
I think it's good that it's a simple flag and not an outright block.
It's just a way for admins to see "maybe take a closer look at this registration."
I'm sure there are a lot of legitimate users that use these types of emails, though.
I don't really understand the hostility to this. Do users understand why emails are part of account registration in the first place instead of letting you sign up without an email?
I literally do not.
Because people forget passwords and demand a password reset mechanism. Also a place to send terms and conditions and changes to those.
To be fair Lemmy does allow you to sign up without any email at all (or at least used to, dunno if they changed it), so it's not surprising that this goes against many peoples expectations.
Pretty much every Lemmy instance requires email. The only ones that do not require it are small enough that spammers haven't found them yet.
I have to say that's extremely unfortunate that you would add such a feature. We use aliases to maintain our privacy and this is come corpo surveillance shit. Not cool.
Aliases are different and not flagged by this feature. It just looks at domain names.
Multiple big Lemmy instances have been using the exact same blocklist for a long time (although it's not a core feature, they've patched it in somehow). I got the idea by lurking in the Lemmy matrix rooms and seeing their discussion.
Aliases are different and not flagged by this feature.
How are they meaningfully different? I just checked the list you posted above and several of the alias domains I use are on that list.
I got the idea by lurking in the Lemmy matrix rooms and seeing their discussion.
Did you think about it before implementing it?
Ok, but that's not the only use case for it. It's also used by spammers and abusers to make everyone else's lives worse and it's admins who have to bear the brunt of that.
So I think it's fair to give them the option to weigh the costs and benefits of allowing it and then either do or not do something about it.
Hello! Representing a real human with a throwaway registration 👍
Yeah but we all know you're a troll @RumorsOfLove@lemmy.dbzer0.com
Does this include people that use email aliases to keep the connections between accounts harder to make? I pay for this service so it's genuinely not a throw away account. Just a way to maintain some privacy.
I don't know which service you use or whether it is on the list. But if it's a paid service then it's probably not on the list. Things on the list are like https://10minutemail.com/ or https://www.guerrillamail.com/
You're free to maintain your privacy and admins are free to weigh the potential risk of accepting an application with a warning icon on it. I'm sure there will be plenty who ignore it.
Also a real human with a throwaway registration address!
Same!
i don't have a dog in this race but i must say that this is quite the spectacular manner by which to throw the babies out with the bathwater!
literally 1984!
Nice, Another powerful feature admins can use if they want.