Giving an exempt for Spamgourmet domains

[lwcorp]

https://www.spamgourmet.com is not your standard "launch and forget" disposable service, as:

1. It requires registration.
2. It forwards incoming mail into one's real address.
3. It can be set for unlimited messages from the original senders.

It's meant to stop websites from selling your addresses to a third party, not from you to get mail at all.

As a result, projects like Mantis Bug Tracker don't allow the Spamgourmet users to participate in trackers, while having every intention to get the trackers' replies, just not being affected in case the trackers should expose addresses.

Will you consider giving an exempt for Spamgourmet domains?

[vboctor]

Kickbox suggests that this domain is disposable. See here

I have added a feature that enables consumers of the library to add / remove domains from the list of disposable domains.

[lwcorp]

I've actually went ahead and approached Kickbox. They said unlike you they're a reporting service and not a blocking one. This statement suggests they don't mind stepping into gray areas and let someone else decide whether to use this info for blocking or not.

But your case is different because you take an active stand. If a domain is on your list, it's game over for it. Sure, now you let add/remove domains, but I think we can safely assume it's not like thousands of admins out there will know to start whitelisting Spamgourmet. Actually, even if they did, they'll need to register and sign in to Spamgourmet to even know which domains to whitelist other than the main one. And then sign in every time there's a new domain...

[fredericmora]

I am one of the maintainers of spamgourmet. This is not a disposable domain. This is a spam filter. Sure, you can register an account and never use it again, but that's also true for GMail and other online services. So why is spamgourmet penalized?

Once you have created an account in spamgourmet, you can use tags to identify intended recipients. This is exactly the same as GMail allowing you to register an account (joeblow @ gmail) and then specify a tag for all github email (joeblow+github @ gmail).

The one difference is that GMail does not allow you to use tags for anything but searches, whereas spamgourmet lets you block a tagged address that has been abused.

So please make an exemption for spamgourmet.

Thank you!

[gnasch]

I sustain this request, there is nothing "disposable" about Spamgourmet. Every company I trade with receives their "own" Spamgourmet address to mail me. They will get all their replies with the same address. Some do sell or lose their addresses, I will cut them off. Some do not like this treatment, they will get no business from me. Has worked well for more than 15 years Thanks! gnasch

[AgentCosmic]

Spamgourmet should be treated as a disposable email because users are empowered to abuse the "1 user 1 real email" rule. The important factor here is that the email address is disposable even though the account on Spamgourmet is not.

[fredericmora]

Hello AgentCosmic,

I am a spamgourmet developer and admin. What you are saying is true, but it also can be applied to numerous other email providers.

As an example, Gmail encourages users to supply suffixes after a +. So joe6pack@gmail and joe6pack+github@gmail are different addresses but go to the same account. GMail advises to use it to facilitate spam filtering. Which is exactly what spamgourmet is doing.

So by that yardstick, GMail should be blacklisted. It is not. Why apply a different rule to spamgourmet?

We are with the good guys in the fight against abuse. And we do it for free. So please support us.

[zzynx]

I too support this request for the full 100%. I'm a very happy user of spamgourmet for more than 15 years. Spamgourmet is an anti-spam service, not a disposable e-mail service. I want to receive the genuine e-mails that are sent to my spamgourmet addresses. And I want to be able to block the ones that come from sources that I did not allow to send me e-mails. That's exactly what Spamgourmet let me accomplish.

[fredericmora]

Spamgourmet is also invaluable for traceability. For example, I routinely buy old books from specialty and used book stores, who unfortunately lack resources to police their IT and cannot keep their PCs exempt from viruses. Twice in recent months, I purchased a book from a mom-and-pop store, giving them a custom email address. A few days later, I started seeing spam coming to the custom address. Since I only ever used the address for the store, I was able to contact the store and prove that the store keeper's PC had been compromised. Obviously, the credit card used for the transaction was cancelled. The store owner was able to remove his virus and thanked me.

Of course, there is also the case of the "American Trade" stock trading company (name slightly obfuscated) who had an insider leaking client's email address and sending them pump-and-dump spam messages. The whole affair came to light because of a client that started getting such spam on an address exclusively used by the trading company.

This is why spamgourmet deserves help.

[foresto]

This project is grossly misrepresenting itself. The statement of purpose is: "a library that allows applications to check for users signup with disposable email addresses." [sic]

Meanwhile, it reports spamgourmet domains as disposable, which is, plainly, a lie. Perhaps it was an honest mistake two years ago, but the maintainers have had so much time to correct their mistake that there is no longer a valid excuse for failing to do so.

Spamgourmet is a forwarding service, not a disposable address service. Everything about it is designed to deliver legitimate email to real users, consistently and reliably. If anything, spamgourmet addresses are more likely to reach real users than gmail or other addresses, because our inboxes are not overrun with junk mail. We give out a spamgourmet address specifically because we want to read the incoming messages.

Sadly, lists like this one have led quite a few web sites to refuse signups to legitimate users, or worse yet, to silently discard outgoing messages to legitimate addresses. Congratulations. You're encouraging broken web sites, lost information, failed communications, increased spam, a lot of frustration, and just plain bad user experiences. I strongly suggest you rethink this.

Please stop being irresponsible, and fix it. Remove all of the following domains from your list, and start exercising at least minimal competence at screening domains in the future. Until you do, your service will remain little more than a denial-of-service attack on a lot of people's communications; one that should be shut down.

0sg.net
0wnd.net
0wnd.org
9ox.net
a-bc.net
antichef.com
antichef.net
dfgh.net
disposableaddress.com
inboxclean.com
mamber.net
neverbox.com
ordinaryamerican.net
recursor.net
spamcannon.com
spamcannon.net
spamcowboy.com
spamcowboy.net
spamcowboy.org
spameater.org
spamgourmet.com
spamgourmet.net
spamgourmet.org
wronghead.com
xoxy.net

[zzynx]

@foresto Please consider removing that list of domains from your previous post! It's a bad thing to publish it in the wild. I quote the FAQ from spamgourmet.com: "There are other domains you can use, as well (search around the site and BBS, and the web, too). We don't list them all in one place, because some webmasters configure their sites to reject our addresses, and it seems like they come here to see which domains to reject."

[foresto]

@zzynx The domains I listed are already in this project's blacklist. The damage here was already done.

[zzynx]

The domains I listed are already in this project's blacklist.

In a list of 2000 domains it is not clear which ones belong to spamgourmet. Your list unfortunately makes that rather clear.

[foresto]

In a list of 2000 domains it is not clear which ones belong to spamgourmet. Your list unfortunately makes that rather clear.

I don't follow your thinking. Are you afraid that someone is going to grovel through bug reports so they can single out spamgourmet with some kind of spitefully targeted custom blacklist, rather than simply using the list that's already prepared? If you know of a plausible incentive for someone to do such a thing, then please share it.

Otherwise, I intend to leave my comment in place so that the blacklist maintainer knows which domains to remove. I'll be happy to redact my comment as soon as that is done.

[lwcorp]

I don't follow your thinking. Are you afraid that someone is going to grovel through bug reports.

I believe the meaning was that Google and other search engines' crawlers will make the Spamgourmet list public because of your comment, making it even easier for services such as this one to block Spamgourmet (if for example they decide this service's global list is too wide).

I'll be happy to redact my comment as soon as that is done.

It's not always guaranteed the edit right will be there forever.

[foresto]

making it even easier for services such as this one to block Spamgourmet (if for example they decide this service's global list is too wide).

If your hypothetical person who thinks the global list is too wide finds my comment through a google search, they will immediately learn that spamgourmet et al. don't belong on any such list, and leave it alone. That would be a good thing.

Also, if we expect the maintainers to correct their list, they need to know what corrections to make. Let's not make it difficult for them.

Finally, remember that this is a publicly visible revision control system. Every edit, including the diff when spamgourmet domains are eventually removed, is permanently visible to both web crawlers and humans. In other words, the information I posted was already available. (And correlated, in multiple places other than here; I checked before posting.) That ship has already sailed. Rather than fooling ourselves into thinking we can revoke the information, let's try to correct the misunderstandings that encourage people to misuse it.

[sysdbugfactory]

To the dev running disposable_email_checker you are the cancer behind why after 15 years of using spamgourmet services effectively and successfully it is now rejected on a growing number of places. I sincerely hate for being that thick and incompetent.

Relying on a third party provider for your library is not a smart move, specially when touching something as central as email and registration. This third party provider kickbox has clearly stated that spamgourmet is on their list not on technical reason but due to an arbitrary decision. they know this is a legitimate privacy and spam protection services but chose to blacklist anyway for fear that that their blacklisting of disposable address services would cause people to work around their blacklisting by registering and using a spamgourmet account. By this logic you would have to blacklist yahoo, gmail and pretty much any free registration email provider, but for some reason the arbitrarily chose to not apply the same policy to them.

Hopefully at some point you'll came to your senses and ditch kickbox for being too broad and raising a lot of false positives, impacting the online life of people. Or fix their broken filter by adding a default whitelist to fix their shortcomings.

[foresto]

See also: https://github.com/ivolo/disposable-email-domains

[mintar]

I 100% support removing all spamgourmet domains from this list, but I have 0% hope that it will ever happen. The devs behind disposable_email_checker and disposable-email-domains are not on the users' side but on the side of the spammers marketing department. To them, a user's email address is an "asset", and the more control a user has about what emails they receive the less valuable that asset is. That is why email services with easy spam filtering like spamgourmet are blocked - it would be a shame if the user missed all those special offers that the marketing droids are sending them, wouldn't it?

The real problem about this is that as more and more websites use this service, they silently stop sending me emails (although my spamgourmet email has worked for years with that website). Sometimes I can't even change my email address, because that would require me to click a confirmation link that the website never sends because spamgourmet.com is on this block list.

I try my best to email the website devs and alert them to the problem, and to fight the cancer that disposable_email_checker and disposable-email-domains are, but it feels like tilting at windmills.

[jamasi]

Spamgourmet should be treated as a disposable email because users are empowered to abuse the "1 user 1 real email" rule. The important factor here is that the email address is disposable even though the account on Spamgourmet is not.

That rule cannot be the scope of this or any other sane library as users can easily register multiple accounts at various free email providers like gmx.net, gmail.com, web.de, etc.

EDIT: When can we expect this issue to be resolved?

[inaun]

As a spamgourmet.com user, I'm going to chime in. And I'm going to try very hard not to use bad words.

Web developers blocking the use of spamgourmet.com email service -- which is an excellent service -- is wrong. Plain wrong. If I want to control all of the (bad word I thought removed) spam trying to flood into my e-mail box I have the right to do so! The Spamgourmet service does a single thing -- it puts me in control of my e-mail. If sombody starts abusing my e-mail address, not only do I know who is abusing it, I can quickly and easily shut them off.

So -- by blocking spamgourmet.com service, web developers are stating that they want to be able to spam me at any time, sell my address for any reason, and violate my personal space.

This service SHOULD NOT be blocked! It is a legitimate e-mail service, and I had to register with spamgourmet.com to get access to the service. There is no difference in me using spamgourmet or me using gmail -- they are both legitimate e-mail services and deserve to be treated equally.

In fact, any web developer or service that chooses to block spamgourmet.com is nothing but a (another bad word I thought removed).

I'm sorry to be so harsh, but I get really sick of sites that block my spamgourmet.com e-mail addresses. Then I have to use other much more difficult workarounds to keep spammers out of my inbox.

[inaun]

Spamgourmet should be treated as a disposable email because users are empowered to abuse the "1 user 1 real email" rule. The important factor here is that the email address is disposable even though the account on Spamgourmet is not.

That rule cannot be the scope of this or any other sane library as users can easily register multiple accounts at various free email providers like gmx.net, gmail.com, web.de, etc.

EDIT: When can we expect this issue to be resolved?

I entirely disagree! With the spamgourmet address, 1 user gives 1 email address. That follows the rule! The ONLY thing spamgourmet allows users to do is "dispose" the address if the marketing people start abusing the e-mail by sending spam.

There is NO violation of the 1 user to 1 e-mail address rule. None at all. The whole point of the service is to have a trackable e-mail address that can be provided to a given service, and to be able to shut down ONLY that service if they start abusing the fact that they have your e-mail.

In fact, almost every person these days have multiple e-mail addresses. I personally have 6 addresses. Does that mean I'm violating the 1-user 1-address rule because I have a gmail account, an outlook account, two personal domain accounts, a spamgourmet.com account, and a work account? No, it does not.

Your argument here is simply not logical.

[gnasch]

Lets not forget that this "1 user 1 email" so-called rule is just another vehicle for tracking and identifying users. So it is in the interest of empire and its surveillance. It is also in the interest of all the crooks who abuse stolen address / password pairs. Nothing will change...

Am 05.10.22 um 20:30 schrieb inaun - @.***:

    Spamgourmet should be treated as a disposable email because
    users are empowered to abuse the "1 user 1 real email" rule. The
    important factor here is that the email *address* is disposable
    even though the account on Spamgourmet is not.

That rule cannot be the scope of this or any other sane library as
users can easily register multiple accounts at various free email
providers like gmx.net, gmail.com, web.de, etc.

EDIT: When can we expect this issue to be resolved?

I entirely disagree! With the spamgourmet address, 1 user gives 1 email address. That follows the rule! The ONLY thing spamgourmet allows users to do "dispose" the address if the marketing people start abusing the e-mail by sending spam.

There is NO violation of the 1 user to 1 e-mail address rule. None at all. The whole point of the service is to have a trackable e-mail address that can be provided to a given service, and to be able to shut down ONLY that service if they start abusing the fact that they have your e-mail.

In fact, almost every person these days have multiple e-mail addresses. I personally have 5 addresses. Does that mean I'm violating the 1-user 1-address rule because I have a gmail account, an outlook account, two personal domain accounts, and a work account? No, it does not.

Your argument here is simply not logical.

— Reply to this email directly, view it on GitHub https://github.com/vboctor/disposable_email_checker/issues/21#issuecomment-1268795894, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABS3NPIZL66MC62IOWEG2W3WBXCLXANCNFSM4F6KTHEA. You are receiving this because you commented.Message ID: @.***>

-- Christian Gnägi gnasch gmbh Ipsachstr. 16 CH-2563 Ipsach

[foresto]

Spamgourmet should be treated as a disposable email because users are empowered to abuse the "1 user 1 real email" rule.

That notion is completely asinine. Internet email has no such rule, and never has. Imposing such a rule would have no purpose except to violate people's privacy.

[fredericmora]

@vboctor , if that's OK with you, I can send a PR for exempting the spamgourmet domains from the list.

BTW, spamgourmet is an OSS project available here. A quick look at the doc will show you that it is by no means an attempt at defrauding websites.