[TemporaryMail]

>Aliases you can discard are ad blockers for emails, disposable services are for bots, scams, and fraud.

What is the difference between the two though?

This kind of reasoning is why people can't run their own email servers anymore and instead have to rely on the big services.

>If you know the space, you'll be aware CAPTCHAs are trivially defeated today, regardless of the provider.

They are a lot more reliable than an email which is basically just a domain that anyone can buy and setup within mere minutes giving them access to endless email addresses.

>you generally need some sort of unique relatively hard to get many of identifier

Why not use phone numbers instead if the issue is truly important to them? This would cost spammers and bots way more money than emails.

Perhaps it's due to the fact that they won't be able to use the phone number to send their spam (or they could I guess, but it would cost them some money).

[zzo38computer]

> [CAPTCHAs] are a lot more reliable than an email which is basically just a domain that anyone can buy and setup within mere minutes giving them access to endless email addresses.

CAPTCHAs also can be unreliable with false positives and false negatives and other problems (although some CAPTCHAs are worse than others). "CAPTCHAs are trivially defeated today, regardless of the provider" is just one more thing, that makes even more worthless.

> Why not use phone numbers instead if the issue is truly important to them?

Even telephone numbers you might not have, or might be shared with someone else (more likely to have shared telephone numbers than with email).

[ocdtrekkie]

Another fun fact, of course, is that CAPTCHAs not only suck for most people in general, they're especially frustrating for blind users, people who have privacy settings in their browser (hi Cloudflare!), etc.

It's one somewhat irritating tool in the toolbox, but honestly abuse-enabling services like disposable mail providers really just need to be taken down. We need to stop giving free help to criminals. Privacy is vitally important, but that should look more like a web of trust, not a fog of anonymity. No, every site shouldn't know your phone number, but they should be able to assume that your email provider does or knows enough about you to be confident you are a real person they can transact with.

[TemporaryMail]

In your ideal world we would be all be:

- Be hooked to a bunch of paid plans for stuff that's currently free.

- At the mercy of all the big providers that could one day just decide to turn our account off without a reason.

- Receive more spam than we currently do as all service providers would have our email addresses. Although these would all be aliases, we would have to spend a decent amount of time organizing folders, identifying which aliases that are receiving the spam and turning these off without losing access to the account.

I referred to your other points in detail here also: https://news.ycombinator.com/item?id=40968143

I really enjoy that you challenge my views on this though as we both have the same goal of stopping abuse on online services, while at the same time preserving user privacy. Your plan would work if all service providers were honest and didn't abuse your trust, my plan currently works and I'm no longer getting emails from politicians asking for donations.

[tracker1]

> At the mercy of all the big providers that could one day just decide to turn our account off without a reason.

This had me genuinely concerned when a lot of the superfuous account bans were happening on Twitter and Facebook around the 2020 election cycle. Retweeting a joke could knock you off, and I'd been using Twitter as a 2FA for many/most sites where it was offered at the time.

Now, I'm much more inclined to choose email/password options. I've also been using a wildcard domain for most new things. Ex: site@mydomain, etc for every site, store, etc I use.

[TemporaryMail]

That's funny in a bizarre way.

Imagine having to tell someone that you can't access your accounts because you retweeted something that wasn't deemed acceptable.

Perhaps if we're lucky we will advance to having the big corps create a social credit system for us as well, ha!

[ocdtrekkie]

> What is the difference between the two though?

If you have a hundred aliases on say, Fastmail, and someone reports one of them, Fastmail can investigate the abuse you are involved in and can suspend your account. But the places you are using those aliases have no way to identify the main account of an alias, they can only report the alias, and Fastmail, the company providing your core service, is the only one that has the ability to deanonymize that relationship. Most of the services who allow these excess aliases are paid services or have identity checks, so other service providers can trust they will do a reasonable job to prevent abuse.

Meanwhile, if you bother to investigate how your service is being used, the percentage of users using it to abuse other sites will inevitably approach 100%. As bot spammers realize you're another set of free email addresses they can stack up, they'll swarm to each new domain you rotate to. If you are as privacy focused as you say, you'll have no tools at your disposable to regulate this either, they have plenty of IP addresses to work with, mostly compromised devices on residential IPs that are part of botnets, that will look like real users from a cursory glance.

> This kind of reasoning is why people can't run their own email servers anymore and instead have to rely on the big services.

That's why it's so fundamental that you understand rotating your domains is abuse, and it hurts the email ecosystem. Every time someone like you thinks this is okay, you make more service providers lock down what email domains they accept, punishing folks like me who just want their own domain on their email. Because disposable mail services do this, we all get punished for your bad behavior.

> Why not use phone numbers instead

Well, that's what a lot of major providers do. Gmail makes it much harder to get going without a phone number these days, mostly for that reason. I certainly don't want to have to give my phone number to every site I sign up with, but if that is, in your opinion better for privacy, by all means, enjoy the fruits of you screwing over email for this.

[TemporaryMail]

> Fastmail can investigate the abuse you are involved in and can suspend your account.

What if the Fastmail account is simply just using their free 30 day trial, how will they track the user then?

My point is that the malicious user will still have a way, while the legitimate user is punished by having to pay a fee to the email provider.

> Every time someone like you thinks this is okay, you make more service providers lock down what email domains they accept, punishing folks like me who just want their own domain on their email.

How about no one gets punished and service providers verify phone numbers instead of emails and we get to keep our inboxes clean?

[tracker1]

> How about no one gets punished and service providers verify phone numbers instead of emails and we get to keep our inboxes clean?

There are plenty of scammer bots/accounts that get around this just fine.

[ocdtrekkie]

I honestly am very concerned you are releasing this with clearly... no understanding of the Internet abuse space. To be honest, good luck, you will need it. Make sure your cloud service allows what you're doing, make sure you have cost controls in place, and make sure you already have a relationship with a good lawyer.

(Trials usually both restrict features like this and require valid payment info is already entered, having websites all ask for people's phone numbers is way more privacy-invasive than asking for their email, and of course... you can keep your inbox clean without disposable email.)

[TemporaryMail]

> I honestly am very concerned you are releasing this with clearly... no understanding of the Internet abuse space.

I've given this some thought over the years so I know where I stand morally. As I've mentioned several times already, the issue lies in the service provider for forcing the user to give up their email address, in the majority of cases it will end up with you receiving spam from many different sources as your address will be sold, leaked and more.

>good luck

Thanks for the motivation!

> Make sure your cloud service allows what you're doing, make sure you have cost controls in place, and make sure you already have a relationship with a good lawyer.

Yeah, it's an expensive service to run (if you want to run it properly at least), but as long as it helps users and I see people sending in positive comments through the contact form, it will give me the motivation to continue.

A close friend of mine is a lawyer also so the day it becomes illegal to receive emails, I'll have to give him a call.

>Trials usually both restrict features like this and require valid payment info is already entered

That's good at least, but what I'm trying to say is that anything can be abused, the same way that the

>having websites all ask for people's phone numbers is way more privacy-invasive

It costs sites way more to send out texts than it does to send out an email, I'm sure that if we were to look at the overall amount of spam one receives in their lifetime, then we would see a great decrease. It's also a lot easier to stop spam coming from phone numbers as they are all registered and regulated compared to emails that aren't.

> you can keep your inbox clean without disposable email

You can also walk to the destination without taking a car, you can get fit without going to the gym and you can cook a meal without a recipe, but it won't be as convenient.

---

I'm starting to sound like a broken record as I'm just repeating myself, but to summarize things, we are both on the same page as our goals are to stop spam to users and abuse of services. The majority of the times an email address shouldn't even be needed and when it comes to sites where spam is more prevalent (e.g you mentioned The Verge), then they could simply verify your phone, payment details and a ton of other measures (captchas, checking IPs, rate-limiting, etc).