[ImPostingOnHN]

you are mistaking scammers with spammers, and also mistaking what the poster thinks with reality

the reality is they are spammers, because spamming the poster is the only way they can end up with a reply email containing a link with a valid key to interact with this API

if they didn't send unsolicited commercial emails, there's no way they can interact with this API and get their passwords logged

[legalcorrection]

This is a common misconception. Cold emailing is legal under the CAN-SPAM Act.

[ImPostingOnHN]

this is a common misconception, unsolicited commercials emails are still spam, whether or not they are legal

spam is orthogonal to legality