Please use a personal email. My email is ‘mail’ @ ‘my actual name’. It does not get more personal than that

But you can’t use emails starting with mail@, admin@, support@, info@, main@, etc.

Instead they advised me (3 times) to create a personal email on a service like Yahoo, Outlook, Gmail, Orange, etc

  • hemko@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    They do though mention “+” and “-” also banned in the username part, which is kinda annoying

    • eee@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      that’s to stop people from spamming signatures with user+1@gmail, user+2@gmail, user+3@gmail, etc.

      • hemko@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        You can still spam with user1@domain.tld, user2@domain.tld etc and it takes basically no extra effort

        • Localhorst86@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          6 months ago

          it takes basically no extra effort

          I’d assume one needs to verify the email by clicking a link, so to spam user1@domain.tld, user2@domain.tld would mean you need access to those inboxes. That means you need to go through the effort to actually create those emailadresses on whatever freemail service you chose, or you need to host the emailserver yourself and have all mails run into a catchall inbox.
          Hosting your own emailserver is definately not “basically no extra effort”, even for a lot of tech-savvy people, paying for a hosted email service using your own domain is easier, but also seems like not a good investment just to spam a petition website.

          The foo+bar@gmail.com functionality, however, is pretty well known tool - even by non-tech savvy people. Even some people I know that I consider basically tech-illiterate have known this for years, they have told me when they found out about it and asked me if I was aware of this functionality.

          The first one I mentioned requires preparation, setting up email accounts or an email server, the second one is basically already set up for most email users and ready to go, the latter is therefore definately a lot less effort to pull off.

        • alphafalcon@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          IF you already have an email domain you control.

          Calling “acquiring and setting up an email domain and configuring the mail server for wildcards” “basically no extra effort” is a bit disingenuous compared to “solve a captcha for a Gmail account”

    • neatchee@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Yeah I agree that one seems silly on the surface but for their specific situation I understand why: services like Gmail allow using a + to create faux-labels. So for example foo@gmail, foo+bar@gmail, and foo+baz@gmail all get delivered to the same account. For change.org that’s a problem because it allows a single email account to fill out the form many times.

      Ideally, they would simply truncate everything after and including those symbols but it’s possible other services have different rules (maybe yahoo let’s you prepend faux-tags instead of appending them, or something like that) so simply blocking their use altogether could be the more robust solution

      • hemko@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        Eh, honestly I think blocking plus addressing as a workaround to block people from using multiple identities on the site is very weak argument and ignores completely the reason plus addeesses are being used in the first place, tagging.

        And the addition of “-” just tells they don’t really know what they’re doing, considering it’s not only valid but also very common symbol in email addresses

        • neatchee@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          I don’t think the reason they’re being used is relevant to their problem though. “Think like an attacker” wins the day here: as an attacker, I don’t care what it’s meant for, only how I can use it to my advantage. If it’s something they observed as a problem, I understand why they would want to stop it.

          As for “-”, yeah, I don’t have a particularly good explanation for that one except the assumption that it’s something similar to + addressing on a different service.

          • bloor@feddit.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            “-” is the default delimiter in qmail. I administer a system, where both + and - are valid recipient delimiters for historic reasons and we can’t really get rid of it.

            Believe me, it has caused all kinds of problems, where we have to go deep into the finer differences between aliases and virtual aliases and transport maps in postfix to route mails correctly. Especially since we have a lot of Mailinglists with - as a valid character in them.

            So to summarize: the assumption by changeorg is valid, however the execution seems rather flawed.