Prefix and suffix checks seem too aggressive

[collimarco]

Thanks for this list.

I see that you recommend this:

It is also highly recommended that you check for strict equality, and for a list of admin, mailer-daemon, and no-reply usernames, you should check for strict equality, starts with, or ends with comparisons as well.

However when I check this file: https://github.com/forwardemail/reserved-email-addresses-list/blob/master/admin-list.json

I see words like "app", "dev", "hello", "dns"... etc.

What about "awesomeapp", "whatsapp", "devtutorials", "devto", "hellokitty", "dnsimple"... all those names are legit and probably used as handles on social media. Isn't too much to block all of them?

[collimarco]

I think that the safest approach would be to stick to exact matches only to avoid false positives.

[titanism]

You can't do exact, you have to do partial. Some users do phishing attacks such as admin1, admin2, etc. If you want to exclude certain matches, you could use this library and then delete those that you don't like from the Array. Perhaps putting a PR and note in our README about certain ones that you may want to manually exclude.

[collimarco]

@titanism I understand that, however I think that the check on prefix/suffix should be reserved only to specific cases, only when strictly necessary.

I don't see why a user can't use a username like "hellokitty" or a company can't register a name ending with "app"...

All those names above are normally available on social media and other platforms (you can check that on Twitter for example).

[titanism]

The admin reserved usernames is specific for Forward Email, so if you don't need admin-specific, just exclude them if necessary or use a different approach. You as a programmer have the freedom to use what you want.

[collimarco]

It was just a suggestion :)

I thought about using it based on the README, however the current approach is too aggressive and blocks many valid names.

Even a name like "moderna" (the pharmaceutical company) is considered invalid and reserved for admins (it starts with "mod")... I could easily find hundreds of similar false positives.