Dnia 2.09.2021 o godz. 11:09:39 IP Abuse Research via mailop pisze: > Having observed a large number of disposable gmail address sites out there > with supporting APIs, abused accounts are likely a component. Websites like > https://www(.)gmailnator(.)com/ and supporting APIs ( > https://rapidapi(.)com/johndevz/api/gmailnator > ) that facilitate abuse of Google services yet receive ad revenue from > Google really makes one wonder. > > To provide an even assessment, the problem isn't limited to Gmail > addresses. Is anyone tracking disposable email websites and associated > sending domains or is this just seen as noise in the larger scope? Is > anyone interested in trying to more assess the impact of these platforms > and their core use cases? > > A few quick examples of the many available: > > https://temp-mail(.)org/en/ ( Also has apps in the Google and Apple App > store ) > https://www.fakemail(.)net/ > > http://www.fakemailgenerator(.)com/
As far as I know, most (if not all) of these "disposable email" websites are for receiving only, not for sending. Their core use case is providing a fake (but working) email address for registering on some websites that require registration, but you are afraid that the address you provide during registration may be used for spamming (or you just want to remain anonymous to the site and not be associated with any known e-mail address). You generate a "disposable" address, put it into the registration form and receive the confirmation link or code in the "disposable" mailbox. That's all - at this point most users leave the "disposable email" site and never return to it again (until they need to register somewhere else). And the generated address is usually deleted shortly after you stop accessing it via the website. As these sites usually don't provide any interface for sending mail from these addresses, I don't see them as any spamming threat. While the first one you mentioned (gmailnator), does indeed have a link "Compose Email", it is possible only to send mail from their own domains (like @psnator.com) and not from those fake Gmail accounts. Plus it doesn't work ;) - I tried to send a few messages to myself (to various addresses) from this site, and always got a sending error. You can't also send a mail yourself from those Gmail accounts as you don't have actual access to them (you don't know the password) - you can only browse the incoming mail via the website. Of course, you can still try to forge the sender address and send from a random server, but in that case there's no difference if you use a "disposable" address or any other address, on Gmail or elsewhere. The address doesn't even have to exist - almost no servers check the existence of actual sender address when receiving mail as this gives too many FPs; usually only existence of the domain is checked, and spam from non-existent addresses is still quite common. But in any case, forged address is forged address and SPF/DMARC won't match. So I'm pretty sure "disposable email" websites is not something that spammers will use. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
