Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Get Websites To Ban Sign-ups From Gmail.com Accounts

Posted by Soulskill on from the battle-of-the-scripts dept.

An anonymous reader writes "Paul Tyma describes a simple, elegant, and hilarious method that Mailinator (hypothetically, of course) used to mess around with people who scraped its webpages in order to block its alternate domains. Quoting: 'Remember all that script-detecting code from the anti-abuse system? Well, what if I put that in here too, I thought. Let's "detect" when a script is hitting our weensy alternate-domain page. ... And what if after about 30 page hits from the same script (or so), stop displaying actual alternate domains and start sprinkling in some other things. Hmm... but what other things? I know — how about "gmail.com". Or, um, "hotmail.com". Or maybe, "yahoo.com."'"

9 of 175 comments (clear)

  1. Summary by Anonymous Coward · · Score: 4, Insightful

    Makes no fucking sense. A/C's bitcoin post above makes more sense.

    1. Re:Summary by Anonymous Coward · · Score: 5, Informative

      The Bitcoin post just looks dumb; phony Bitcoins? doesn't exist; they're cryptographically signed, the whole post is ridiculous. The article, on the other hand, is very simple, if you know what Mailinator is.

      Basically, it's a free webmail with no registration, no password, no security whatsoever: just send an e-mail to testaddress@mailinator.com, go to mailinator.com, and tell it you want to see the e-mails for "testaddress".

      So if you go to some website and it wants your e-mail address so that it can spam you, you put in a mailinator address instead. But then the website gets wise to this and tells you that you're not allowed to put mailinator addresses in the e-mail field when you register. So Mailinator constantly creates new domains that work identically, and gives you a handful of them when you visit the site. Websites got wise to that too, and had scripts that automatically checked Mailinator and automatically blacklisted all the domains it listed.

      Well, hypothetically speaking, if Mailinator's server detected that it was being accessed by a script, it could list whatever domains it wanted (google? yahoo? hotmail?) and the script would dumbly blacklist them. Result: now you can't sign up for $shitty_web_registration_account using your $real_Gmail_address, what the fuck?

    2. Re:Summary by Mad+Merlin · · Score: 5, Insightful

      It baffles me that people still require email addresses for random account signups. Either people are going to provide their email address, or they're not. Make it required and they'll just feed you a fake/disposable one, or not make an account at all. How about you treat your (potential) users with some respect and just make the email optional? That's what Game! does and it works well.

      --
      Game! - Where the stick is mightier than the sword!
  2. SNR by Anonymous Coward · · Score: 5, Informative

    The signal to noise ratio on that blog post was so low.. Here's the TLDR:

    When you detect that someone is scraping your site, and you'd prefer that they didn't, start feeding them bad data in a way that they won't notice. The dataset that you've poisoned will then have side-effects that the scrapers wouldn't have expected.

  3. I'm Sorry But That's Ridiculous by darkmeridian · · Score: 4, Insightful

    The scrapers would just remove gmail.com, yahoo.com, hotmail.com, all .edu and .gov domains, and leave in aol.com. Website owners probably know that most of their traffic comes from relatively few domains so as long as those are not banned, they ought to be okay. The people who were incorrectly banned would just complain and then the website owners can judge the domains one by one.

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  4. Translation by Anonymous Coward · · Score: 5, Informative

    Prior knowledge required to know what the summary is talking about:
    -Mailinator is a disposable email address service for people that don't like giving their email address to strangers
    -There are people who have issues with allowing someone to sign up for and use your service with a disposable email account
    -People started banning Mailinator off the bat
    -Mailinator's creator responds by creating alternate domains the email address can use to evade the standard Mailinator ban, displaying them for the public when they visit the Mailinator page at a rate of one domain per visit
    -People create scripts to collect these alternate domains for various purposes (mostly for banning)
    -Mailinator describes how it could mess with these people to remain useful to its users by detecting rapid page requests and serving random domains in response.

    1. Re:Translation by Onymous+Coward · · Score: 4, Insightful

      etc...

      Therein lies the rub.

  5. Worth the read by pavon · · Score: 5, Informative

    Yeah, you have to both know what Mailinator is and how it uses alternate domains for the summary to make any sort of sense. I didn't know either, but I am glad I read the article, because it is pretty funny.

    TL;DR:
    * Mailinator is a throw-away email service, and some sites want users to provide "real" email address and thus try to ban use of mailinator.
    * To combat this Mailinator has a bunch of alternate domain names that all resolve to the same server.
    * It displays them to users at it's website one at a time, chosen randomly.
    * Blockers tried to scrape the Mailinator website to get the full list of domain.
    * If a scraper is detected they could instead be fed other domains like gmail.com, which would cause the scrapper to block email from those domains as well.

  6. Re:He sounds like a douche... by pavon · · Score: 4, Insightful

    shrug.. none of my business I suppose since I haven't heard of him, but I would be furious if I got that kind of response from an "anti-spam" company when asking them to stop spamming me.

    How does Mailinator spam anybody? They don't send any email, just receive it. And they don't facilitate forum spam any more than any other free email service.