Jerry 🦙💝🦙Aug 24, 2024

One of the things I find fascinating about the spammers targeting the fediverse is that they are almost exclusively using gmail.com email addresses, at least the ones signing up on Infosec.exchange. The last time I tried to create a gmail account, it was a PITA, required a cell phone number, etc.

Did Google somehow make it really easy to automatically create gmail accounts?

Edit: before people tell me to “just block gmail accounts”, gmail is far far far and away the number one email domain used by legitimate accounts, so I won’t be doing that.

Show threadKevin Karhan Aug 24, 2024

@jerry personally, I'm close to banning not just #GMail & #Hotmail / #Outllok.com as well as #YahooMail, but all the #Spammers using #NameCheap & #GoDaddy because all of them refuse to process #AbuseReports...

  • But then again that's my decision...
Show threadMichael VilainAug 24, 2024

@kkarhan @jerry before Google Domains was sold to SquareSpace, I transferred most of my domains to Namecheap. I wanted an easy domain registrar and Godaddy had become a PITA. Namecheap seemed to be a good alternative.

You comment had me wondering if SPAM/NOT SPAM decisions ISPs make are based on domain registrar rather than sender. When Google was hosting the domain, email from my domain just worked. Now that Namecheap/Protonmail is being stuffed into SPAM folders to anyone I send to.

I'm considering going back to google Workspace to see if the SPAM/NOT SPAM issue is resolved. But your comment has me reconsidering that.

Show threadstandev
@mvilain @kkarhan @jerry I am using my own domain on ProtonMail, but using Cloudflare for DNS. I don’t *think* my stuff is getting scooped to spam, but I don’t send very much email.
Aug 24, 2024 at 6:16pmWeb
Show threadKevin Karhan Aug 24, 2024

@standev @mvilain @jerry That's propably because of that.

In fact I did that - alongside #Geoblocking - to prevent and deter #carding attempts at a fmr. employer.

  • And like many modern sites, attempts of registering an account would just get #blackholed without any notification and said IPs [the entire block allocation as per WHOIS!] temporarily blocklisted for 24 hours.

Granted this wasn't my decision but basically what the CLO & CFO saw fit as "cybersecurity and risk avoidance strategy" towards regulatory pressure by @bsi & @BaFin ...

Show threadKevin Karhan Aug 24, 2024

@standev @mvilain @jerry granted, modern #CyberCriminals literally go the other direction by explicitly allow-listing only a handful of eMail providers deemed secure aka. refusing to comply with #AbuseReports...

Literally seen screenshots on #BreachForums where this was introduced...

Show threadKevin Karhan Aug 24, 2024

@standev @mvilain @jerry

As for bona-fide #eMail, I'd recommend people to go with like @monocles / #monoclesMail cuz for like €2 p.m. one gets neither #DataHarvesting nor #Spam and so far they never showed up with Spam on my or any other radar despite being very much #privacy-focussed in terms of account creation and payment methods:
https://monocles.eu/more/#payment-section
https://docs.monocles.eu/account/account/

monocles - an ecofriendly and secure way of using the internet

monocles, search, engine, meta-search, cloud, ocean, chat, mail, e-mail, environment

Show threadMichael VilainAug 25, 2024
@kkarhan @standev @jerry @monocles I will check that out even though I spent for the year of Proton Mail unlimited single user. I don't use their calendar or private storage. And their VPN is constantly dropping DNS.
Show threadKevin Karhan Aug 25, 2024
@mvilain @standev @jerry well, @monocles doesn't offer a #VPN cuz setting up such a service comes with a shitload of issues and besides circumventing #Geoblocking there isn't any reason to use #VPNs over @torproject / #Tor...
Show threadstandevAug 25, 2024
@mvilain @kkarhan @jerry @monocles if you’re not happy with Unlimited, they will probably let you downgrade to another plan. I am on Mail Plus, because as you mentioned the other Proton services are kind of mediocre.