Slashdot Mirror
How To Get Websites To Ban Sign-ups From Gmail.com Accounts
An anonymous reader writes "Paul Tyma describes a simple, elegant, and hilarious method that Mailinator (hypothetically, of course) used to mess around with people who scraped its webpages in order to block its alternate domains. Quoting: 'Remember all that script-detecting code from the anti-abuse system? Well, what if I put that in here too, I thought. Let's "detect" when a script is hitting our weensy alternate-domain page. ... And what if after about 30 page hits from the same script (or so), stop displaying actual alternate domains and start sprinkling in some other things. Hmm... but what other things? I know — how about "gmail.com". Or, um, "hotmail.com". Or maybe, "yahoo.com."'"
Makes no fucking sense. A/C's bitcoin post above makes more sense.
Also:
* Type /sign for your IRC star-chart reading
* Type +++ for your 1200 baud modem speed doubler
Also, since you're new to the club I'd like to offer you a leech account on our private warez site - use your existing login name and password when you ftp to 127.0.0.1
The signal to noise ratio on that blog post was so low.. Here's the TLDR:
When you detect that someone is scraping your site, and you'd prefer that they didn't, start feeding them bad data in a way that they won't notice. The dataset that you've poisoned will then have side-effects that the scrapers wouldn't have expected.
I read the TFS twice and WTF is it all about? No wasting time to read the TFA then.
I had code to detect email harvesters and gift them addresses like abuse@fbi.gov in the late '90s. For anybody running a mailinator type service, what he's suggesting would have been so obvious that the USPTO would grant them a patent on it.
FTFA - "What, in our completely and totally hypothetical situation, would that do?"
I find it more interesting he doesn't have any scrapers as he did before. Hell, I am still amazed mailonater isn't band when some sites still don't take Hotmail or yahoo addresses still.
The scrapers would just remove gmail.com, yahoo.com, hotmail.com, all .edu and .gov domains, and leave in aol.com. Website owners probably know that most of their traffic comes from relatively few domains so as long as those are not banned, they ought to be okay. The people who were incorrectly banned would just complain and then the website owners can judge the domains one by one.
A NYC lawyer blogs. http://www.chuangblog.com/
I've never heard of Mailinator. Now that I have I guess I'm still not interested. I have my own domain and create fake accounts to track who sells my name but I generally get more spam due to mailing list posts I make than anything else, and you can't have a one-way email for mailing list accounts (although I guess you could set them to only accept mail from the mailing list, if you're willing to not accept personal replies to things you send out)
But this guy is full of himself. "Look at me, I setup a system to facilitate hiding your email address. Oh, people want to ban it? Lets see about that, hah!"
A normal response would be to just give out your list, or as he claims, stop accepting mail for that website (although that's opt-out so it's automatically less good than the alternative)
Now us evil web site owners will just have to come up with some other way to ban his bullshit.. like sharing the list publicly despite his efforts.. or.. banning his IP:
mailinator.com. 86400 IN A 66.135.37.96
spamherelots.com. 86400 IN A 66.135.37.96
thisisnotmyrealemail.com. 86400 IN A 66.135.37.96
shrug.. none of my business I suppose since I haven't heard of him, but I would be furious if I got that kind of response from an "anti-spam" company when asking them to stop spamming me.
doesnt it make sense for the validation method to ping the domain? so if site $foo pings bar@gmail.com it'll show google's server not mailinator. It'll show as a valid domain. Or am i missing something?
Regardless of whether or not this works, this is unabashedly black hat. Why is this on Slashdot?
If you read the horribly long blog, they don't say that (The here's one such alternative message) on the page scripts were scraping from.
It's an iframe to http://mailinator.com/randomdomain.jsp
Normal users get legit answer but if you hammer that page it serves up "other" results.
Just because something's not true doesn't make it fraud. Even if it were, all he'd have to do would be to say "here's either an alternative email address for this service OR a regular, existing email service from another company". Humans would have no problem determining, and scrapers get confused.
Prior knowledge required to know what the summary is talking about:
-Mailinator is a disposable email address service for people that don't like giving their email address to strangers
-There are people who have issues with allowing someone to sign up for and use your service with a disposable email account
-People started banning Mailinator off the bat
-Mailinator's creator responds by creating alternate domains the email address can use to evade the standard Mailinator ban, displaying them for the public when they visit the Mailinator page at a rate of one domain per visit
-People create scripts to collect these alternate domains for various purposes (mostly for banning)
-Mailinator describes how it could mess with these people to remain useful to its users by detecting rapid page requests and serving random domains in response.
WTF is mailinator and why, in the first place, would I want to find out about its other domains and then ban them?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The article has a lot more details than the summary. You'll find he addressed this issue if you read it.
Yeah, you have to both know what Mailinator is and how it uses alternate domains for the summary to make any sort of sense. I didn't know either, but I am glad I read the article, because it is pretty funny.
TL;DR:
* Mailinator is a throw-away email service, and some sites want users to provide "real" email address and thus try to ban use of mailinator.
* To combat this Mailinator has a bunch of alternate domain names that all resolve to the same server.
* It displays them to users at it's website one at a time, chosen randomly.
* Blockers tried to scrape the Mailinator website to get the full list of domain.
* If a scraper is detected they could instead be fed other domains like gmail.com, which would cause the scrapper to block email from those domains as well.
Have you thought about submitting that story? Cause it sure beats the topic at hand.
Don't know something? Look it up. Still don't know? Then ask.
If you actually read the blog post, you would notice that the page does not say that the false domains go to mailinator.
(1) his main page states "e-mail sent to an alternate domain goes to Mailinator too! Here is one such alternate domain: "
(2) that page calls a second page that generates the alternate domain.
(3) the second page generates a correct alternate domain if called from the main page, but false information if called (repeatedly) by itself.
So, if you go to his main page, you get correct information. If, on the other hand, you're a robot, and say "hey, I can save time by just reloading the second page,I don't need to reload the main page, since it only gives me the same information I already have"-- then you get the randomly chosen (false) data. But doing it this way doesn't put the text "Email sent to an alternate domain goes to Mailinator too! Here is one such alternate domain:" in front of the false information.
It's GMAIL for Chistie's Sake !! Teh GOOGLE is GOD !! You don't fuck with GOD and live to be a ripe old age !! REPENT BLASPHAMER !! REPENT !!
I read the whole article, and it still doesn't answer my question above.
Your alternate domain list displayed 'gmail.com'!
Hi Fred, no it doesn't. Just reloaded the homepage 10 times, nothing like that. all the best.
or I bet another would be like:
Yahoo.com? What is this some kind of joke?
Sorry, did you mean to email this to Carol Bartz? Not sure what you're talking about.
The article says some of his genuine users will notice the erroneous on the main page.
No scraper is stupid enough to just load http://mailinator.com/randomdomain.jsp
They'll load http://mailinator.com/ discard the main iframe, and then parse the randomdomain.jsp iframe.
Your claim 3 is wrong because of 2 reasons:
He predicted that some of his real users will notice the error when viewing the home page:
Your alternate domain list displayed 'gmail.com'!
Hi Fred, no it doesn't. Just reloaded the homepage 10 times, nothing like that. all the best.
or I bet another would be like:
Yahoo.com? What is this some kind of joke?
Sorry, did you mean to email this to Carol Bartz? Not sure what you're talking about.
Reason 2 is that scraper writers aren't stupid. They won't just load the second page knowing it's an obvious trap. They will load the main page like a regular user, and then parse the small iframe.
They don't have to be jerks about it, just give the scraper it's arpa address instead.
What the hell, a scraper to find out all the aliases?
Why don't they do a simply dns request and filter on the ip
They'll load http://mailinator.com/ discard the main iframe, and then parse the randomdomain.jsp iframe.
...and if they hit it more than x times per second/minute/whatever, they could still get the posioned results.
Personally, I'd be ass enough to display ";DROP DATABASE *;" for a fake alternate domain as one of the commenters on TFA had mentioned, just to see if anyone complained.
Quo usque tandem abutere, Nimbus, patientia nostra?
i fucking hate sites that require a damm email to do ANYTHING. Still anon here on slashdot after a decade.
And if they have problems with me using mailinator.. (meaning i just wanted to sign up and didn't ever want SPAM from them)
It's a shit site and i don't care to use it anyway.
So pretty much any site that blocks mailinator addresses. I won't be signing up for anyway. Fuck em. Fuck their spam. Their site is going to get a throwaway address or nothing at all.
And isp emails are a fucking joke. i've changed isps a few times over the years. those accounts are dead and useless. gmail isnt.
mailinator isnt either.. lol
Nobody would download the main page. They'd load the direct page setting the appropriate 'referrer' header to seem as it is being loaded by the main page. There's no magic way to tell if the page is being loaded in a frame or not.
Loading a full HTML renderer to load the iframe inside the normal page is complete overkill.
Dilbert RSS feed
The "hypothetical complaining users" you quoted are those running scrapers, not actual Mailinator users. And yes, clearly the scrapers were stupid enough to load http://mailinator.com/randomdomain.jsp; otherwise they wouldn't have run into the garbage data.
Your claim 3 is wrong because of 2 reasons:
He predicted that some of his real users will notice the error when viewing the home page:
Your alternate domain list displayed 'gmail.com'! Hi Fred, no it doesn't. Just reloaded the homepage 10 times, nothing like that. all the best.
No, you misunderstand. His point is that "Fred" would say this "Your alternate domain list displayed 'gmail.com'!" based on the fact it came up in the scraper's results. He then directs "Fred" to look at the homepage and verify for himself that it actually never comes up. You see?
Reason 2 is that scraper writers aren't stupid. They won't just load the second page knowing it's an obvious trap. They will load the main page like a regular user, and then parse the small iframe.
Ah, and here I thought the owner of the mailinator.com domain had access to the server statistics that would tell him how people accessed his site. But obviously you're the person with that access, right?
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
Email tends to resolve addresses only at sending time, and in a forum system, that's several subsystems away. In fact, in a full-service hosted environment, that's probably way off in your ISP's systems.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
After reading half of this post I thought: was that the cause of all those subluxations?
Why would the scraper writer ( or people buying the scraper's results) email him?
Why would he reply to the scraper writer?
Remember, these people want to ban his service. It doesn't make any sense for them to be emailing him or for him to email them back. So it follows that "Fred" must be a legitimate user confused about gmail.com appearing on his page for a few hours and then never appearing again.
Isn't this hypothetical situation just fraud?
Maybe not - he put the randomizer into a standalone URL, which just returns some text.
(Try it a few times, and do a view page source: http://mailinator.com/randomdomain.jsp )
The "clever" part is that it just returns some text, nothing labeled as an "alternate domain".
The URL suggests it is some random domain; it doesn't say anything about alternate or mainstream.
The text might be a domain.
It might be a pie recipe.
*shrug*
Anyway, his main page uses that standalone URL and labels that page labels the result as an alternate domain.
So suppose it was fraud. :-)
Next question - who would prosecute?
"Why do you feel it was fraud?"
"Because we asked for an alternate domain and they gave us gmail.com."
"Was that the only request you made for a 'random domain'?"
"Probably."
"Wasn't that request just one in a batch of 2,000 you made during a 10 minute window on July 17th, 2010?"
"Uh, I don't recall."
"Does this server log help your memory?"
"Oh. Hmm. Yeah, that might have been us..."
Why would the scraper runner email him? Why would he even both replying to these people who want to ban his service?
It only makes sense for him to answer a confused legitimate user.
Also there was no garbage data. This is all a hypothetical situation. So we have no evidence of scrapers actually falling for this silly trap.
Obligatory XKCD: http://xkcd.com/327/
Basically, it's a free webmail with no registration, no password, no security whatsoever: just send an e-mail to testaddress@mailinator.com, go to mailinator.com, and tell it you want to see the e-mails for "testaddress".
So if you go to some website and it wants your e-mail address so that it can spam you, you put in a mailinator address instead. But then the website gets wise to this and tells you that you're not allowed to put mailinator addresses in the e-mail field when you register. So Mailinator constantly creates new domains that work identically, and gives you a handful of them when you visit the site. Websites got wise to that too, and had scripts that automatically checked Mailinator and automatically blacklisted all the domains it listed.
Well, hypothetically speaking, if Mailinator's server detected that it was being accessed by a script, it could list whatever domains it wanted (google? yahoo? hotmail?) and the script would dumbly blacklist them. Result: now you can't sign up for $shitty_web_registration_account using your $real_Gmail_address, what the fuck?
-- Flame me and I will happily flame you back. Bring it!
spamgourmet.com is a much better site for generating thousands of fake email address, although not as fun as mailinator. You can forward them all to your real email address, and then turn them off individually as they are compromised.
Spamgourmet.com also has a whole range of alternative names. I, for example, use mamber.net for the domain name of the addresses I generate. Visit the site, you'll get a laugh.
So, how does spamgourmet prevent one person from getting a complete list of all alternate names? Every few months, he displays 3 more alternate domain names, and removes all references to the previous 3. Those 3 will never be shown again. It's a much simpler solution, but clearly defeats the scripts.
If you really had a want of domain names, and thought it was extremely important to not let anyone get the full list, you could fragment the list based on the requester's location. For someone to get the entire list, they would need to find proxy servers for all regions other than their own.
Free unix account: freeshell.org
Mailinator has been around for ages, this is not news, if you don't know what it is then :( for you, and as the article said back in the day it was by far the best way to get a temp email for signing up for something like a forum that requires you to register so you can get the link you need. IMHO it still is. The writer provided an epic insight into the battle between websites and bots, more than you typically hear of on a day to day basis. He went completely out of his way to implement this solution, nobody would ever code an intranet like this, but supposedly he also got results and was even able to implement a good measure. Great example of code being applied to the real world for those who haven't seen a whole lot of it.
Why don't the websites just do a DNS lookup on the domain used for the e-mail address, as all of mailinators domains seem to point to the same IP.
And, hypothetically speaking if you had code that would sneak in these non-alternate-domains in the page they weren't supposed to accessing anyway, when would be the best time to set it into action?
Well, those scripts ran at many different times, but just after midnight seemed like a popular time-slot.
If such code existed, making it active Sunday morning from Midnight to 2am seems nice. I mean heck, if my website stopped accepting signups from "gmail.com" on some Sunday morning, I'm sure I'd be downright chipper to hop into the office and find out why.
Boy. If all that stuff happened - I wonder what kind of email conversations I'd have on that Sunday afternoon? I bet they'd be like:
The people who are banning his service are emailing him because they want to know why their automated scripts, which scrape his pages, are reporting that "gmail.com" should be banned.
If I cared this is the scenario I envision:
Seems like he's on the losing side here.
For all those people... "what is mailinator" "why do I care?" -- I thought /. was for intelligent nerds. News for people who are at least educationally literate.
/ TLDR in #36637276 / has it dead on. And people who couldn't figure it out in a minute and have a chuckle are a waste of precious oxygen. Burn your damned geek card. Mailinator is mailinator.
Got it? No? Is the juxtaposition of words confusing? Do we need to add an explanation?
Mail: OH hey, you're a geek, you know what email is
"inator"... huh...sounds like other stuff that ends in that...
If you can't guess, my dictionary only has 46 words matching "inate$" ... but a glance of the webpage answers better.
Oh, they're being funny--like terminator. I can tell by going to their homepage, which took me all of FIVE SECONDS. Less if I type it in my 'google search' box and click the preview link!
Get your heads out of your ass and learn. Part of being a respectable geek is being able to learn new things--not follow some god damned manual to set up your crappy exchange server while pretending you're good enough to be a BofH. Not expecting a summary to babysit your miserable ass when you could have learned in half a second. Not bitching and moaning that you don't know some part of culture and somebody didn't explain it well enough to you, because you don't understand MATH/PHYSICS/COMP SCI/Fortran Humor/What BoFH is or whatever the fuck else someone referred too.
Hey--we invented fucking google. Use it.
Why do you care about other domains? I dunno...this is Slashdot, you'd think there'd have been an article on SPAM sometime in the past decade. Maybe some of you who weren't busy fingerfucking sharepoint and outlook might have encountered disposable email addresses back...oh, I don't know.... Around fucking 98 when they came out in qmail? I've heard rumors DEC had them before then, but I'm too young for that. Maybe some of you know a use for disposable addresses and fake domains? Maybe have written a honeypot and have the competence to compile your own MX ?
Seriously, take your autistic spectrum OCD social disorders and blow them out the back of your damned skulls and onto the walls of momma's basement. I like my geeks literate and intelligent, not bending over for the Chicago Manual of Style because it makes them feel smart to follow the rules of an idiot in the humanities department.
And now, to be modded into nothingness! So sue me for being rude, it's Friday before the fourth and I've been stuck in meetings and want a beer.
If you're still reading this, please mod a random angry stranger up so I can give a big giant explosive American fourth of July "FUCK YOU" to people who are reading this and don't get what mailinator is.
And to the ones who got it...or didn't but read...have a well earned beer for being a man.
No, your english comprehension failed.
No, he predicted that the people who run the scrapers would be suggesting to him that his website displayed "gmail.com -- not real users, but scraper-owners pretending to be real users.
The real "Libtards" are the Libertarians!
There's no magic way to tell if the page is being loaded in a frame or not.
Yea, except ... you know ... see if theres been a recent request from the same browser session for the main page. You're right its not magic, its actually really simple, and its not even new. The very same thing was once used for various silly things like authing SMTP send without logging into the SMTP server by allowing sends from IP for a few minutes after seeing a POP3 connection.
Its basic SPAM prevention really, LOTS of popular sites do this exact sort of thing, including gmail and yahoo for webmail accounts in various places.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Well, yes and no. After all, how many site admins actually give a damn about it in the first place, and how would you find enough compatriots who not only did, but would be willing to expose their own operations and help you out?
Eventually, you'd get sick of having to weed/script out not only the obvious legit domains, but others like comcast.net, att.com, frontier.net, verizon.net, and a whole raft of regional and smaller ISP (and corporate!) domains globally that he could add to the fakes list. After all, if you're running a site that discusses semiconductors, having to constantly be on the lookout for inadvertently banning intel.com (or even smaller but fairly important ones like triquint.com or wacker.com) would get pretty old, pretty quick.
Consider it this way... who has more time to dedicate to the game? You, who have a site to run, or that guy, who doesn't have to do much of anything else to do at all - not to mention all the other services that do the *exact same thing*? Remember that these guys can change IP addys and domain names in bulk.
Eventually you find yourself in a position similar to the RIAA trying to stop people from sharing music. Sure, you'll get a couple of 'em, but eventually you spend more time chasing them than you do in getting your original results.
Quo usque tandem abutere, Nimbus, patientia nostra?
My friends run into this a lot when signing up for free seminars. The idea is to prevent employees of their competiors from attending their events. Competitor domains are blocked (obviously) but also well known ISP's and free web mail services like Gmail because a employee of a competitor can easily hide there. The whole process is quite leaky though. There are just too many domains to check. If you have a personal domain or even a lesser known ISP, they let you in rather than trying to figure out what or who you are.
Anyone who scrapes the list for alternate domains is supremely dumb. It's far easier to get a list of the small number of MX records. When we wanted to ban mailinator, we just banned any domain with an MX record that matched an IP address in the mailinator MX pool. Even if he uses a few different MX records for different domains, you'd only need a small list of domains to cover all the MX machines.
Apparently Kdawson has hacked your account, please secure it immediately.
but gmail addresses with overuse of periods. I've been seeing a lot of spammers of the likes of "j.im.my.h.of.f.a@gmail.com" invading SMF forums.
Except that being vunerable to counterfeiting is one of the (maybe very few) problems that Bitcoins don't have.
Rethinking email
OK, so you do a request for the main page first, pipe the data to /dev/null and then request the domains page.
My point is that you wouldn't be loading the domains page as an iframe (which implies having a real HTML engine).
Dilbert RSS feed
The email lasts 10 minutes, you can request more time but then it auto deletes itself. I notice it changes domains almost daily to avoid blacklists.
I've used it for every forum I have ever signed up on.
Cause people would never write an exception for gmail/yahoo/hotmail etc. That has to be the biggest waste of time reading an article on here for a while. Did this guy post this himself?
I love the comments on the site calling him a genius, I hope they aren't working in IT :p
Interesting post, but a point of inaccuracy:
The hacker was able to create 2 million counterfeit BTC by manipulating the company's trading database after gaining access to a compromised administrator account on June 19
No, the hacker didn't create any counterfeit BTC. He only convinced Mt Gox that he had given them 2 million BTC to hold in escrow for him when in fact he hadn't. Which is a very different thing: the former would indicate a flaw in the entire system, whereas the latter is an isolated event that screwed up a single trader and has no real implications for other BTC users.
Yea, except ... you know ... see if theres been a recent request from the same browser session for the main page.
Except there's no reliable way to detect if two requests are in the same browser session. Drop a cookie? Enough poeple disable them that you're going to piss people off by requiring them (particularly when your target market is people paranoid about privacy, which is what mailinator does). Require same address? There are ISPs out there who feed requests through a load balanced cluster of proxy servers, so the same person's requests can come from different addresses from second to second. Besides, what about anyone who gets the main page out of cache rather than a new copy?
Why would I have to weed out "legit" domains? I'd only be hitting his page once a day. He's going to detect that as a scraper? Twenty or thirty site admins, hitting the mailinator front page at random, but realistic, times once every one to two days, sending proper headers, requesting all the linked material from the page -- that's going to show up as scraping? In a month you could feasibly burn 300 - 450 domains.
Maintaining this kind of blacklist is part of running the site. And Mr. Tyma lives on sunshine and fresh air? He doesn't have to work? He gets free hosting, bandwidth and domain registration?
And ultimately why do you think people who might find this sort of service objectionable are stupid? You think they don't know about MX records? That they couldn't take each alternate site presented and check the DNS entries and see where it's mail is delivered. And if you want to get really clever, see who owns the IP address space involved. And the obvious thing: send a trial email. It's not that hard, eh?
Make the main page a script with uncacheable results and give out unique session IDs in the URL. Then you have the most reliable way of tracking browser sessions with no user cooperation required. Actually, I see that Mailinator uses a Java servlet container and most containers such as Tomcat have a very, very robust session management built in and using it is straightforward.
http://www.moonlight3d.eu/
All the domains resolve to the same IP address:
zx2c4@ZX2C4-Laptop ~ $ host bobmail.info
bobmail.info has address 66.135.37.96
bobmail.info mail is handled by 10 bobmail.info.
zx2c4@ZX2C4-Laptop ~ $ host mailinator.com
mailinator.com has address 66.135.37.96
mailinator.com mail is handled by 10 mailinator.com.
zx2c4@ZX2C4-Laptop ~ $ host binkmail.com
binkmail.com has address 66.135.37.96
binkmail.com mail is handled by 10 binkmail.com.
If you don't know the difference between the two words try to avoid them in future.
In a month you could feasibly burn 300 - 450 domains.
...each week he could take two hours out and have 500 domains racked up from a scripted list - many registrars do let you do 'em in bulk.
Even scripted, you're doing it the hard way, and slowly. You're also only focusing on *one* service (Mailinator), out of potentially hundreds.
So, err, what part of your countermeasure plan actually makes sense?
Maintaining this kind of blacklist is part of running the site.
If you were paid to do SMTP administration for a living, I'd agree. If you're being paid to help run a larger website (and not do it by yourself), I'd also agree. Tell me - how many site admins actually do get paid to focus on such things? Most folks don't. They have other things to do.
And ultimately why do you think people who might find this sort of service objectionable are stupid?
Stop putting words in my mouth, please.
My point is that you don't/won't get a benefit anywhere near equal to the efforts.
Your job is to run a whole website, with all that entails - design, upgrades, maintenance, content, etc. Only a small part of that is to get valid email addys with which to do stuff with (authenticate, send newsletters, weed out trolls, sell to spam^Madvertisers? I don't claim to know, and I won't hazard a guess as to your particular reasons - just listing options).
His job in this game is to make sure people don't get (potentially) spammed by your website - specifically, by using engineering tricks with SMTP to pull it off. Couple that with his peers doing the same thing on their services, and folks who can create toss-off email addys with their own ISP.
Guess who is going to win this in the end? (Hint: Not you, at least not with that idea).
You think they don't know about MX records?
...which can be daisy-chained via relay, or have new IP addys in short order, or be aliased themselves - most of which can be automated. If you think that simply checking MX records will do it, I've got bad news for you.
That they couldn't take each alternate site presented and check the DNS entries and see where it's mail is delivered
That is, if every mail server on the planet sent receipts (err, the vast majority don't). Otherwise, you're only going to see a HELO/EHLO return with the name of the relay-du-jour.
And the obvious thing: send a trial email
Not sure what you mean exactly with this one, but it can go one of two ways - you get to talk to a relay, or you're going to additionally burden your potential *users* into replying with an email themselves - which can be cut+pasted and come back through *any* MTA. Oh, and then there's the new administrative burden on your part.
You may want to look up "Diminishing Returns" at this point, yanno?
~~
Lookit - your whole idea is to make sure you get a valid email from everyone that accesses your site. Thing is, Mailinator is only one thing you have to face. That service has competition that you don't even know about. On top of all those, even my ISP (Comcast) has the facility to create toss-off email addys that I can personally use to slip right by your defenses - takes all of five minutes, and I can delete/ignore it at my leisure (Hell, I have two addys built specifically for that purpose).
His entire rationale is actually valid - why should anyone open his/her mailbox to your (potential) spam machinery just to see content? Given the wide variety of options open to the clueful, clever folks don't have to. Meanwhile, you're busily focusing on *one* tiny sliver of the whole range of options, and on one tiny sliver of your operations.
Quo usque tandem abutere, Nimbus, patientia nostra?
These were hypothetical conversations, so it doesn't matter whether the scraper writers communicate with him directly or not.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
Trying to take the credit for someone else's post is pretty shitty. You didn't post that, I did, and I didn't forget to sign in. I just chose to post anonymously. Fuck you.