That's why I created a startup with no website, it's called guerillaclick@gmail.com, it's a credible domain (you don't say) and it will click on any "verify" links you send it to it.
You can use aliases to get around of duplicate emails in the target system, so like
guerillaclick+eralp@gmail.com guerillaclick+sdfaskdma@gmail.com guerillaclick+111@gmail.com
so choose an alias and start using the service!
I will provide a website to see the inbox of your alias. (maybe for services who send your pw in the email, but then you might be better off using other established servers.)
Gmail API is a bit slow so it might take 30 seconds for email to be received on my end, keep in mind while testing!
Best,
Give some random guys with no website your registration record somewhere, allow them to verify your registration as theirs, and then impersonate you, reset passwords, see any communications, possibly log in as yourself and do anything. All this with no recourse.
Nigerian spammers moan from envy for such a brilliant self-propelled gullibility filter.
It's hilarious.
Once I was told about "my" enlistment in the reserves of some armed service. That one I replied to and got a very polite response from someone with a little bit of rank.
Once I got an advanced copy of remarks the UK Prime Minister was going to make the next day at the 2008 Jeddah global energy summit.
World-class was the lady who sent me pics of herself in lingerie. Not too revealing and I deleted them immediately and replied to warn her. She nearly died of embarrassment.
I'm pretty sure there are spam lists who sign me up to products, probably for some kind of referral. I join all sorts of junk.
Compounded by Google making "first.last@" = "firstlast@"
Next Gmail account is going to be a guid.
Like none of it is spam exactly, just a lot of wrong numbers.
That was fun.
So much misdirected email. Try to sign up for something? Reset password change info to not theirs.
It's amazing what people send rather blindly.
occasionally people (accidentally?) use my (long-in-disrepair) gmail account in this way, and it's amusing to see their little peccadillos. sometimes you get the devilish chance to change subtle details of an online profile =D
You aren't using this service correctly.
The idea is to not give away your email or signup for a website, but get access to that website.
- Is it allowed under GMail's TOS?
- Have you considered the security implications of having what is presumably a server somewhere in your name clicking on any link that's sent to it?
- You say startup - do you have monetization plans? Putting adverts on the associated website perhaps?
They also have a "don't misuse our services" clause and I'm sure this would count as misuse if found.
How come Google can figure out who and where the interested end-user is when emails are actually send by web apps and clicking is done upon email retrieval (I bet some cron with POP3). Moreover emails from "bad" countries are rather filtered out as spam/scam.
Apart of this thread publicly inviting people it may be also hard to distingush the accout from any busy one. But I guess G may have some pattern matching and rate limits for such sinks.
Do you even have to ask? The answer is a clear 'NO'. There is zero chance that Google will allow you to abuse their email service in this way.
I hope OPs personal account isn't in anyway related to this account because when 'guerillclick@gmail' is inevitably banned, his personal account may be collateral damage.
The iOS app might still work but the watchOS app hasn’t been updated for 5.x. :-(
This has value.
Unfortunately, more and more services are rejecting + e-mail addresses. Either ignoring them, or flagging them as an error.
While it's perfectly within the RFC, companies are catching on to the trick.
(3M, I'm looking at you!)
g.uerillaclick@gmail.com
The number of options is of course limited but it's still recognized as a separate address while still coming into the same inbox
It helps users who keep trying bobjones@gmail.com when they signed up with bob.jones@gmail.com. Also is pretty good at preventing mass signups using tricks like this.
https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-mo...
How rich.
I made a +suffix account so I'm not buying stuff on amazon with my AWS account.
My code was tied to a Google Sheet that would hourly pull matching emails, use a regex to extract the link, send an HTTP request to the URL, and record the URL and response in the spreadsheet.
Having a high level description of the code isn't as useful as the code itself. Alas, my code was part of my Google account at a previous employer.
While I'm a fan of Mailinator and their approach, I think the feature OP has about auto-clicking verify is unique. But yes, to do this right, you need the multi-domain approach of Mailinator instead of just aliases. Maybe Mailinator has an API or supports POP/IMAP that would make this possible, I haven't checked.
Receiving email is pretty easy - own domain with MX record and some cheap VPS with Docker. No need to worry SPF, DKIM, DMARC, DSBL - you care about these when you have to send emails from the host.
Why would you blacklist gmail.com when you can blacklist 'GuerillaClick@gmail.com'?
If Google gets angry about you, your life MIGHT be ruined –partially–
[0]: https://amp.reddit.com/r/google/comments/8l231x/google_banne...
if you hit 1 minute over 60 you get blocked 24h
I like the idea, but it probably is against Google's TOS, so there's that ...
I started my startup with a website to do a disposable emails service: mailcare.io It's also available in open source.
(Is email still considered slow? I remember having wait times in the hours back in the 90s, but I'm not sure I've ever waited anywhere near a minute in the past decade.)
> (Is email still considered slow? I remember having wait times in the hours back in the 90s, but I'm not sure I've ever waited anywhere near a minute in the past decade.)
Tumblr does this at the moment. It asks for either email click or a traditional username/password setup.
Sure, there is a "password" - but they won't let you log in without also verifying you have access to your email account - and you can reset that "password" only knowing the username and having access to the email account.
I’ve never used the feature. I have an integrated password manager.
Maybe Mailinator could implement this autoclicking.
If this guy can convince people to send him their registration codes and somehow monetize it he's in business.
you still get a website? ``` I will provide a website to see the inbox of your alias. (maybe for services who send your pw in the email, but then you might be better off using other established servers.)
Gmail API is a bit slow so it might take 30 seconds for email to be received on my end, keep in mind while testing! ```
just wondering does it break gmail's terms?
Thank you for making this though.
some require session authentication, so bot needs to login and THEN verify.
It'd be nice if you could create temporary <insert reputable domain here> accounts on the fly. User provides a captcha solve, your service uses this to create a random account & log in, user can view inbox or click 'open all links'. This wouldn't work with gmail because of SMS verification but would probably work on other domains and circumvents the above problem.
You are well within your rights to prohibit duplicate signups from the normalized address, but please don’t presume to replace what the user entered.
Just ignore it when checking uniqueness, if you really must
Does nobody read RFC’s anymore?
I did, before posting my answer, though I admit I was too lazy to look up the email RFC and instead just used the URI RFC and assumed the allowed characters in the user-name would be the same :P
It is really helpful if you want multiple profiles for a service (ex. Different mode, different recommendation) or in filtering all emails sent to that specific address (can't filter with the "from" as I don't know who is emailing me)
Please don't break standards
Thanks!
