SimpleLogin domains marked in your disposable emails list about burner-email-providers HOT 16 OPEN

In this case you should block:

(no verification)
skiff.com
tutanota.com
tutanota.de
tutamail.com
tuta.io
keemail.me

anonaddy.com
anonaddy.me

anonaddy.com and anonaddy.me are the same of SimpleLogin.

If you are blocking such services then block all. Or unblock SimpleLogin because now it is kind of discrimination.

from burner-email-providers.

Hi Nikola.

Thank you for reaching out.

These domains are on the list because the on-boarding process for ProtonMail permits anonymous signup.

from burner-email-providers.

Hello,

Thank you for following up.

Could you please elaborate further?

Please note that when creating a Proton account, one has the option to verify via different means, including by utilizing email verification and/or via a phone number. We are privacy-focused, but do not advertise ourselves as being anonymous.

Keep in mind that we take Anti-Abuse and Anti-Spam very seriously at Proton and have a number of mechanisms in place to ensure against registration-, phishing-, and spam-related abuse. If you have any concrete examples you'd like for us to review, we'd be more than happy to oblige.

Looking forward to your response.

from burner-email-providers.

Just signed up to proton.me anonymously using the following workflow:

• https://account.proton.me/mail/signup?plan=free&billing=12&minimumCycle=12&currency=EUR&ref=prctbl
• Username: xxxx, password: xxxx
• Create Account ->
• Verification: Slide the jigsaw piece into place
• Recovery methods: skip
• Into the mailbox that now allows full send / receive capability

At no stage was I asked to provide personally identifiable information to verify my identity from another vector (e.g. phone number).

The lack of human verification stage means that anyone can register for protonmail for any reason at any time - such as creating email accounts that are temporary (i.e. disposable) with the intent of using the email address to sign up to 3rd party sites.

As there is zero friction in identifying a person before provisioning a fully working email address, protonmail is vulnerable to easy exploitation by individuals seeking to secure temporary/disposable email address resources. This is why it is in the disposable list.

Hope this helps clarify the rationale behind including protonmail on the list.

Of course it is the right for individuals to use anonymous email boxes such as protonmail. It is also the right for 3rd party services to be aware of anonymous email addresses so that appropriate risk analysis can occur.

from burner-email-providers.

Hello,

Thank you for following up.

Please note that verifying via Captcha is also an option we have.

This was introduced in light of problems in restrictive countries, where human verification using your phone number and/or email address is not feasible. Using the latter two options should, however, have been available to you.

Keep in mind that, as pointed out in our previous message, we do have anti-abuse and anti-spam mechanisms in place that safeguard against the sort of problems you've mentioned. In case you (or any third-party service) have a concrete example, we would appreciate it if you could let us know so our team can review and attune our system in an adequate manner.

from burner-email-providers.

@emh-rowland-oconnor

from burner-email-providers.

@ghost
Agreed and point taken on the discrimination issue. Will stick in a PR in due course.

Just one note on these lists of burner email providers. It is that these lists are not "blocking" anything. The lists exist to allow for visibility of domains that might present concern for certain 3rd party use cases (e.g. such as onboarding trial accounts). It is the decision of whomever consumes these lists whether or not to implement "blocking" or other such risk mitigation measures.

from burner-email-providers.

It is the decision of whomever consumes these lists whether or not to implement "blocking" or other such risk mitigation measures.
That's right, you nailed it. Thanks.

from burner-email-providers.

Agreed and point taken on the discrimination issue. Will stick in a PR in due course.

I created PR #417

@emh-rowland-oconnor and @Nikola-Test-for-Proton

from burner-email-providers.

It is the decision of whomever consumes these lists whether or not to implement "blocking" or other such risk mitigation measures. That's right, you nailed it. Thanks.

But many services BLOCKS such mails based in this lists…

from burner-email-providers.