Hi! Please remove ProtonMail domains from your list. Yes, they provide anonymous registration, but outlook (from Microsoft evil corp) provides anonymous registration too! Here is a proof: vid.mp4 Y...
Blacklists like these aggressively and unapologetically collect all privacy-focused email domains they find, including simple forwarding and tagging services. With more and more sites using these lists to reject or black-hole email addresses, it has become difficult to protect one’s self from spam and cross-site account tracking.
Dear web developers, please don’t use these lists. Well-intended or not, they are privacy and user-hostile.
I’m okay with people using burner email addresses to get my free content, I just need to be able to filter them out of my list so it doesn’t drive up bounces and hurt deliverability.
AWS SES, for example, is fucking rabid about bounces. Being able to filter out addresses you know are going to bounce is pretty important.
Can a list like this be used for anti-privacy measures? Absolutely! Does that mean we should never create lists like this? For me that depends on whether or not you think we should prevent encryption because bad actors can use it for bad purposes.
I feel like having different attributes for each domain might be helpful so that those services using the list can filter for just the things they care about such as burner emails, anonymous registration, whether it requires any email/phone verification, etc. Right now domains kind of have the problem of just being on the list or not, with no indication on why they might be a problem.
The beauty of open source code is that you can fork this project and add that. The repo maintainer seems to have a simple litmus test for whether or not something should be on the list: is it something that will cause a bounce for email distribution? That’s a really subjective test so you kinda have to talk to the repo maintainer about answering it. I suspect they feed it into a library, perhaps one of the ones linked, for use with their platform, so their problem is most likely solved.
You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down because of how others are abusing it. Should the original dev be punished by their email provider because they shouldn’t be allowed to use this? Should anything that has potential harm be required to be a private repo? Who gets to decide all of that?
In the interest of specifics, can you point to where this specific list has done harm? I spent a fair amount of time looking around to make sure I wasn’t going out on a limb for someone with neutral views.
You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down
No, I don’t believe I said any such thing. Since you mention it, though, I think taking this list down and removing the false positives before bringing it back up would be the responsible thing to do.
In the interest of specifics, can you point to where this specific list has done harm?
I know from personal experience and investigation (both as a user and on the admin side) that there are now many cases of privacy-focused email addresses being rejected, or even worse, accepted and then silently black-holed, due to the domains being inappropriately added to lists like this one. I don’t know of a place where people report such cases so they can be documented in aggregate, but if I find one, I’ll be sure to bookmark it in case your question comes up again in the future.
So you’re lumping this resource into a bucket with other resources that were malicious but you have no direct connection from this resource to harm you claim it causes? You’re saying a dev using this list to allow people to download free content but prune emails to save his bounce rate is doing bad things and needs to convert their FOSS use-case to yours?
Who gets to decide? You didn’t answer that and in the interest of good faith I’ll pull that one down as the important one since it follows from the argument I feel you’re making.
You’ve ignored my questions attempting to flesh out your point and refuse to link this specific list to anything bad. I don’t think you understand good or bad faith. Good luck with that!
Devs can use them to block DISPOSABLE mails, not PRIVACY legitimate emails. That’s why it is critical to remove privacy oriented email domains from such lists
It’s not just Protonmail.
Blacklists like these aggressively and unapologetically collect all privacy-focused email domains they find, including simple forwarding and tagging services. With more and more sites using these lists to reject or black-hole email addresses, it has become difficult to protect one’s self from spam and cross-site account tracking.
Dear web developers, please don’t use these lists. Well-intended or not, they are privacy and user-hostile.
That’s not what this specific list is for.
AWS SES, for example, is fucking rabid about bounces. Being able to filter out addresses you know are going to bounce is pretty important.
Can a list like this be used for anti-privacy measures? Absolutely! Does that mean we should never create lists like this? For me that depends on whether or not you think we should prevent encryption because bad actors can use it for bad purposes.
I feel like having different attributes for each domain might be helpful so that those services using the list can filter for just the things they care about such as burner emails, anonymous registration, whether it requires any email/phone verification, etc. Right now domains kind of have the problem of just being on the list or not, with no indication on why they might be a problem.
The beauty of open source code is that you can fork this project and add that. The repo maintainer seems to have a simple litmus test for whether or not something should be on the list: is it something that will cause a bounce for email distribution? That’s a really subjective test so you kinda have to talk to the repo maintainer about answering it. I suspect they feed it into a library, perhaps one of the ones linked, for use with their platform, so their problem is most likely solved.
Yet it has a lot of legitimate domains, and has had them for years.
Regardless of whether the maintainer is malicious or just irresponsible, his list is doing harm.
You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down because of how others are abusing it. Should the original dev be punished by their email provider because they shouldn’t be allowed to use this? Should anything that has potential harm be required to be a private repo? Who gets to decide all of that?
In the interest of specifics, can you point to where this specific list has done harm? I spent a fair amount of time looking around to make sure I wasn’t going out on a limb for someone with neutral views.
No, I don’t believe I said any such thing. Since you mention it, though, I think taking this list down and removing the false positives before bringing it back up would be the responsible thing to do.
I know from personal experience and investigation (both as a user and on the admin side) that there are now many cases of privacy-focused email addresses being rejected, or even worse, accepted and then silently black-holed, due to the domains being inappropriately added to lists like this one. I don’t know of a place where people report such cases so they can be documented in aggregate, but if I find one, I’ll be sure to bookmark it in case your question comes up again in the future.
So you’re lumping this resource into a bucket with other resources that were malicious but you have no direct connection from this resource to harm you claim it causes? You’re saying a dev using this list to allow people to download free content but prune emails to save his bounce rate is doing bad things and needs to convert their FOSS use-case to yours?
Who gets to decide? You didn’t answer that and in the interest of good faith I’ll pull that one down as the important one since it follows from the argument I feel you’re making.
The connection is very clear, because you can see what domains are on the list.
Please stop putting words in my mouth. As you seem to be arguing in bad faith, I’m done with this conversation.
You’ve ignored my questions attempting to flesh out your point and refuse to link this specific list to anything bad. I don’t think you understand good or bad faith. Good luck with that!
So this is the list that you used as an admin? Or this is the list that blocked you as a user?
Devs can use them to block DISPOSABLE mails, not PRIVACY legitimate emails. That’s why it is critical to remove privacy oriented email domains from such lists
That’s what they claim, but in practice, they seldom distinguish between the two.
You are telling truth unfortunately. That’s why I asked help from community…