search

ProtonMail / WebClients

Monorepo hosting the proton web clients
GNU General Public License v3.0
4.44k stars 561 forks source link

Hunter.io indexing your proton.me domain #300

Closed ghost closed 6 months ago

ghost commented 1 year ago

Hello! Service hunter.io indexes proton.me domain (screenshot 1), when the domain protonmail.com is excluded from the search because of that is a personal email creating service (screenshot 2).

Please contact the hunter.io team with a request to exclude your domains from the search as well. They exclude all domains that are using to create personal addresses (but they need an official request).

Screenshot 1 Screenshot 2

bartbutler commented 1 year ago

Thanks for the heads up--I've sent them an email.

Deuchnord commented 1 year ago

Just found this issue, it looks like my domain name-specific email address is in their list too. Do I need to contact them myself?

bartbutler commented 1 year ago

I don't know. I haven't received a response from them.

AmrithVengalath commented 1 year ago

I would like to mention it also indexes protonmail.ch domain Screenshot-1

gglepori commented 1 year ago

Giovanni here from Hunter - thanks for your report.

The domains have been added to our webmail list and emails will no longer be provided or collected for them: image

bartbutler commented 1 year ago

Hi @gglepori ,

Thanks for the reply. Can you please ensure that none of protonmail.ch, protonmail.com, pm.me, and proton.me? This is a complete list of our current user domains.

Thanks!

ghost commented 1 year ago

Giovanni here from Hunter - thanks for your report.

The domains have been added to our webmail list and emails will no longer be provided or collected for them: image

Hello @gglepori! Thank you for your measures.

But there is some more domains that had not been removed from your search.

There is a service of mail aliases simplelogin.io, which generates a full e-mail address, which works, roughly speaking, as a bridge between the real address and the sender, thereby hiding the real e-mail recipient.

This service is also intended for personal use and publishing its addresses in your search results may entail serious risks to users' privacy and security.

It is also important to note that SimpleLogin is also owned by Proton.

Proof one. Proof two.

Here's a list of SimpleLogin domains that should also be excluded from your search:

simplelogin.com
simplelogin.fr
aleeas.com
slmail.me
8shield.net
dralias.com

Please remove them from your search.

Here is a link to the original issue in the SimpleLogin repository. And here is a link to their official discussion of the issue.

gglepori commented 1 year ago

Thanks for sharing this!

All the domains you reported have been successfully added to our webmail domains list. We no longer provide emails for them.

Thanks again for taking the time to report this to us 🙏

Giovanni

On Sun, Feb 12, 2023 at 1:32 PM Yvugrfuft @.***> wrote:

Giovanni here from Hunter - thanks for your report.

The domains have been added to our webmail list and emails will no longer be provided or collected for them: [image: image] https://user-images.githubusercontent.com/22502961/216619646-58754ee4-27fb-467a-a450-9ceb95bc09fa.png

Hello! Thank you for your measures.

But there is some more domains that had not been removed from your search.

There is a service of mail aliases simplelogin.io, which generates a full e-mail address, which works, roughly speaking, as a bridge between the real address and the sender, thereby hiding the real e-mail recipient.

This service is also intended for personal use and publishing its addresses in your search results may entail serious risks to users' privacy and security.

It is also important to note that SimpleLogin is also owned by Proton.

Proof one. https://proton.me/blog/proton-and-simplelogin-join-forces Proof two. https://simplelogin.io/blog/simplelogin-join-proton/

Here's a list of SimpleLogin domains that should also be excluded from your search:

simplelogin.comsimplelogin.fraleeas.comslmail.me8shield.netdralias.com

Please remove them from your search.

Here is a link https://github.com/simple-login/app/issues/1528 to the original issue in the SimpleLogin repository. And here is a link https://github.com/simple-login/app/discussions/1529 to their official discussion of the issue.

— Reply to this email directly, view it on GitHub https://github.com/ProtonMail/WebClients/issues/300#issuecomment-1427021349, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFLV4MNMCKG7QDOUFYESMODWXDJ5FANCNFSM6AAAAAATYQDT6Q . You are receiving this because you were mentioned.Message ID: @.***>

ghost commented 1 year ago

Thanks for sharing this! All the domains you reported have been successfully added to our webmail domains list. We no longer provide emails for them. Thanks again for taking the time to report this to us 🙏 Giovanni

Dear @gglepori, they have added new domain slmails.com. Can you, please, exclude it too?

Here is a proof: 883013F0-DF96-4115-9B2A-0F7CE95CEB60

ghost commented 1 year ago

Thanks for sharing this! All the domains you reported have been successfully added to our webmail domains list. We no longer provide emails for them. Thanks again for taking the time to report this to us 🙏 Giovanni

Dear @gglepori, they have added new domain slmails.com. Can you, please, exclude it too?

Here is a proof: 883013F0-DF96-4115-9B2A-0F7CE95CEB60

Dear @gglepori, Small update :) They also added silomails.com

Please take measures!

Proof: 7E2B6BC9-4B94-4C9D-A0CC-F53772402993

gglepori commented 1 year ago

@ghost

Thanks for sharing this! All the domains you reported have been successfully added to our webmail domains list. We no longer provide emails for them. Thanks again for taking the time to report this to us 🙏 Giovanni

Dear @gglepori, they have added new domain slmails.com. Can you, please, exclude it too? Here is a proof: 883013F0-DF96-4115-9B2A-0F7CE95CEB60

Dear @gglepori, Small update :) They also added silomails.com

Please take measures!

Proof: 7E2B6BC9-4B94-4C9D-A0CC-F53772402993

Done, we've removed slmails and silomails. Thanks again for the report.

ghost commented 1 year ago

Thank you for your cooperation:)

ghost commented 1 year ago

Dear @gglepori they launched a Proton Pass and added next domains:

@passinbox.com @passfwd.com

Please remove them too :)

Proof: IMG_8126

AmrithVengalath commented 1 year ago

I'm wondering why can't proton use existing domains like apple use(hide my email - something@icloud.com, something@privaterelay.apple.com)

Is there actually any benefit?

image

bartbutler commented 1 year ago

Risk reduction. Nobody is going to block signups for icloud.com, they are too big. We are not "too big to block" so having multiple domains A) protects the non-alias domains B) gives users more options in case sites decide to block domains.

But I agree, it would be better to be able to use alias.proton.me or the like.

gglepori commented 1 year ago

Thanks for the report. We've added them to our webmail list.

On Wed, Jun 28, 2023 at 12:54 PM Hvycycyctfh @.***> wrote:

Dear @gglepori https://github.com/gglepori they launched a Proton Pass and added next domains:

@passinbox.com @passfwd.com

Please remove them too :)

Proof: [image: IMG_8126] https://user-images.githubusercontent.com/138008095/249440359-7398bb02-5ff0-4869-a232-bdcd2d7d29e6.jpeg

— Reply to this email directly, view it on GitHub https://github.com/ProtonMail/WebClients/issues/300#issuecomment-1611188815, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFLV4MPXM66D243LRS4F7MTXNQENJANCNFSM6AAAAAATYQDT6Q . You are receiving this because you were mentioned.Message ID: @.***>

ghost commented 1 year ago

Dear @gglepori, Sorry for bothering you again but they had added new two domains again.

Here is the proof: IMG_8612

Please exclude following domains: @passmail.com @passmail.net

gglepori commented 1 year ago

All set 👍 Thanks for sharing the domains.

RokeJulianLockhart commented 6 months ago

https://github.com/ProtonMail/WebClients/issues/300#issuecomment-1651673861

This should be closed.