Email Accounts for Spam and Sign-Ups

🚨 Fake signups using real Gmail addresses? It’s happening, and it’s not easy to detect. I recently took a closer look at Emailnator, a disposable identity provider offering Gmail-based throwaway inboxes at scale. These addresses look completely normal (@gmail.com), but are generated using Gmail’s own aliasing and dot-variation features. 🔍 Why it matters: - They bypass basic filters that block known temp mail domains - Appear legitimate to most defenses - Are being used in the wild to abuse SaaS free tiers, automate fake signups, and scale fraud In the post, I break down: - How Emailnator works under the hood - Why Gmail normalization is a critical but underused defense - Real abuse patterns we observed across platforms Plus, we’re sharing a dataset of 46K Gmail variants we extracted from their API, and how to check if your platform has been hit. 📖 Read the post: https://lnkd.in/e48vhAvE If you’ve seen an unexplained spike in Gmail signups or weird alias patterns like my.email+offer1@gmail.com, this might be worth a closer look.

Email addresses aren’t just a contact. They’re actually potential gateways, too. Your email address opens a door to your digital life. Once you share it, you’re opening up a door - not just to communication, but to unwanted attention, clutter, phishing - or even worse. Your email address is that crucial, so treat it with the security it deserves: ✍ Use a unique email address for each service you sign up for. Add the name of the website or company to it. This way, if leaked, you are aware and can address it. ✍ Make those addresses random, long, unguessable. Every company has a info@ email address. Guess what email address receives a lot of spam? ✍ Rotate them, and invalidate any that get misused.  ✍ Keep a personal email address that you only share with family and friends. Consider using email aliasing services. They’re often free, quick to set up, and allow you to create personalized addresses on the fly. This way, you can track who’s respecting your privacy, and who isn’t. As always, stay secure my friends! #EmailAliasing #Passwords #CyberSecurity

I remember the first time a spambot attacked one of the sign-up pages at BuzzFeed. At first, we didn’t realize what was happening. We were looking at our email lists and saw that a ton of new subscribers were signing up for our newsletters that day — exciting! But then we looked a little closer. Almost all of the subscribers were from the same domain, yahoo.co.uk, which seemed odd. And then we looked even closer: The sign-ups were coming in so quickly — dozens of new yahoo.co.uk emails every minute — there was no way the email addresses were submitted by actual humans. That’s when we realized that something was seriously wrong. But we didn’t realize how much trouble we were in. We were the victims of a spambot, which had been crawling the web looking for a form like ours. These bots are usually looking for forums with a comment section where they can drop in a link to a page where someone can buy something, like pharmaceutical drugs. These bots don’t always realize that they’ve found a newsletter sign-up form — not a comment section. And if lots of bots end up on your list, it can cause serious deliverability issues. So what can you do about them? 1.) You can use a third-party tool to verify email addresses, like Kickbox, before adding them to your list. 2) You can use CAPTCHA, like we eventually did at BuzzFeed, to shut down bot activity on key forms. 3) You can set up a honeypot — a hidden field only a bot can see, and suppress any email address that fills out that field. 4) You can use double opt-in to require an extra confirmation before being added to the list. Your strategy might even involve multiple steps — many teams use CAPTCHA and double opt-in, for instance. Every newsletter should have a game plan for keeping their list clean. I’ve got more ideas here (https://lnkd.in/g89f2553) about how to build out the right strategy for your newsletter. ––– 📷 Below is a screenshot of the BuzzFeed newsletter page. There’s the CAPTCHA logo in the bottom right corner — three overlapping arrows of different colors — that indicates that the form is being secured by CAPTCHA.