536

Please use a personal email. My email is 'mail' @ 'my actual name'. It does not get more personal than that

But you can't use emails starting with mail@, admin@, support@, info@, main@, etc.

Instead they advised me (3 times) to create a personal email on a service like Yahoo, Outlook, Gmail, Orange, etc

you are viewing a single comment's thread
view the rest of the comments
[-] hemko@lemmy.dbzer0.com 105 points 6 months ago

They do though mention "+" and "-" also banned in the username part, which is kinda annoying

[-] neatchee@lemmy.world 87 points 6 months ago* (last edited 6 months ago)

Yeah I agree that one seems silly on the surface but for their specific situation I understand why: services like Gmail allow using a + to create faux-labels. So for example foo@gmail, foo+bar@gmail, and foo+baz@gmail all get delivered to the same account. For change.org that's a problem because it allows a single email account to fill out the form many times.

Ideally, they would simply truncate everything after and including those symbols but it's possible other services have different rules (maybe yahoo let's you prepend faux-tags instead of appending them, or something like that) so simply blocking their use altogether could be the more robust solution

[-] hemko@lemmy.dbzer0.com 40 points 6 months ago

Eh, honestly I think blocking plus addressing as a workaround to block people from using multiple identities on the site is very weak argument and ignores completely the reason plus addeesses are being used in the first place, tagging.

And the addition of "-" just tells they don't really know what they're doing, considering it's not only valid but also very common symbol in email addresses

[-] neatchee@lemmy.world 26 points 6 months ago

I don't think the reason they're being used is relevant to their problem though. "Think like an attacker" wins the day here: as an attacker, I don't care what it's meant for, only how I can use it to my advantage. If it's something they observed as a problem, I understand why they would want to stop it.

As for "-", yeah, I don't have a particularly good explanation for that one except the assumption that it's something similar to + addressing on a different service.

[-] bloor@feddit.de 23 points 6 months ago

"-" is the default delimiter in qmail. I administer a system, where both + and - are valid recipient delimiters for historic reasons and we can't really get rid of it.

Believe me, it has caused all kinds of problems, where we have to go deep into the finer differences between aliases and virtual aliases and transport maps in postfix to route mails correctly. Especially since we have a lot of Mailinglists with - as a valid character in them.

So to summarize: the assumption by changeorg is valid, however the execution seems rather flawed.

[-] neatchee@lemmy.world 10 points 6 months ago

Good info! Sounds like a nightmare :x

Yeah, I can't say their solution is the most elegant but it certainly makes a kind of sense when their criteria for success is "maximize participation while satisfying 'uniqueness' critics"

[-] scrion@lemmy.world 18 points 6 months ago

The local parts of email addresses are standardized, and there is an RFC handling subadressing as well, see RFC 5233 - it's not like Gmail invented this behavior.

Also, RFC 5321 clearly states (2.3.11) that the local part of an email must only be interpreted by the receiving server, so that part should not be parsed, modified or mangled in any form - the assumptions poor web forms or validation libraries make these days are incredibly annoying and simply not compliant.

So no, non of your suggestions are good, let alone ideal. Ideally, people would simply implement the specs and stop making lazy and false assumptions. In the case you cited, it turns out email validation is simply not the proper tool to limit how often the form can be submitted. Similar websites use e. g. text messages.

[-] neatchee@lemmy.world 10 points 6 months ago* (last edited 6 months ago)

Requiring SMS validation is a massive barrier to entry and not a viable option for a service like Change.org that relies on a certain level of participation.

There's literally another comment made at almost the same time as yours complaining blocking the use of + and such is too high a barrier to entry and just the devs being lazy. Meanwhile your suggestion is raise the barrier to entry even higher if you care about uniqueness of submissions

It's a no-win situation for Change.org so they went with something that meets their business needs. Can't really expect much else from them tbh

[-] scrion@lemmy.world 1 points 6 months ago

I'm aware of that, but let's be honest here: social and political changes are not introduced, let alone solved, by technology.

You said it perfectly: this is about business needs. I'd like to argue to make the barrier for entry even higher (tie it to a form of citizen identity) and mandate the petition must be reviewed / acted upon once it has become significant - frameworks like this do exist already in several countries.

Everyone has multiple email addresses today, does that not fundamentally erode the validity of change.org as a platform for direct democracy then? I do believe this is the case, so I'd love if another website would at least stop violating already existing standards and force their erroneous interpretation of how email addresses work down our throats.

[-] neatchee@lemmy.world 1 points 6 months ago* (last edited 6 months ago)

Oh yeah don't get me wrong, I think change.org as a product is hot stinky garbage. I don't take anything they produce seriously lol

I just don't expect them to do anything differently under the current circumstances is all heh. And their business is married to the design at this point, so I don't see them pivoting any time soon. As you suggest, they need a competitor that can do it right to come along and actually produce some kind of meaningful results in the political arena, but that's a whole other can of worms.

I literally have an idea for this, and am kinda just sitting on it until I find the right people. I've been on the lookout about 10 years now for a) someone with a comprehensive understanding of constitutional law and b) someone with a comprehensive understanding of political finance and lobbying, both of whom also need to be progressive and interested in 501(c)(3) work. A bit of a unicorn :p

[-] Racle@sopuli.xyz 5 points 6 months ago

Gmail allow using a + to create faux-labels

I wonder how they handle gmail addresses with dots as you can put dot in anywhere and it still will redirect to your email.

I've setup (for few services which don't allow + sign) emails like foobar@gmail.com, foo.bar@gmail.com, fo.o.bar@gmail.com and they all come to my inbox.

[-] 0x0@programming.dev 3 points 6 months ago

IIRC Gmail interprets foo.bar, f.o.o.b.a.r and foobar as the same account (the latter).

[-] sukhmel@programming.dev 3 points 6 months ago

At some point they didn't, so I heard there are now a couple of accounts that only differ in dot and it's not yet resolved by Google ¯\_(ツ)_/¯

[-] Racle@sopuli.xyz 2 points 6 months ago

Yep, that what I was trying to say 😄 Been using that feature for years.

[-] neatchee@lemmy.world 1 points 6 months ago

I imagine because it can't be used to add additional junk characters to the address, they probably just strip them out before doing their string comparison

[-] Racle@sopuli.xyz 2 points 6 months ago

If they know this case. In other email services dots are usually not a junk characters.

[-] neatchee@lemmy.world 1 points 6 months ago

For the same of checking uniqueness it's probably fine to just ignore them. Yeah, it sucks if johndoe@obscure.domain and john.doe@obscure.domain can't sign the same petition but outside of the big email services I imagine that kind of collision is pretty rare

[-] eee@lemm.ee 4 points 6 months ago

that's to stop people from spamming signatures with user+1@gmail, user+2@gmail, user+3@gmail, etc.

[-] hemko@lemmy.dbzer0.com 4 points 6 months ago

You can still spam with user1@domain.tld, user2@domain.tld etc and it takes basically no extra effort

[-] alphafalcon@feddit.de 9 points 6 months ago

IF you already have an email domain you control.

Calling "acquiring and setting up an email domain and configuring the mail server for wildcards" "basically no extra effort" is a bit disingenuous compared to "solve a captcha for a Gmail account"

[-] eee@lemm.ee 6 points 6 months ago

Spamming user+1@gmail, user+2@gmail takes absolutely no technical knowledge whatsoever - anyone can do it with 1 gmail account.

Spamming user1@domain, user2@domain etc requires 1 of two things:

  1. you can sign up for multiple email accounts using a third party service. You're going to run into trouble with Gmail or other big providers if you start creating accounts en masse.

  2. you create your own email server. this requires someone with selfhosting knowledge and some basic coding (or rather server config) experience.

[-] Localhorst86@feddit.de 0 points 6 months ago* (last edited 6 months ago)

it takes basically no extra effort

I'd assume one needs to verify the email by clicking a link, so to spam user1@domain.tld, user2@domain.tld would mean you need access to those inboxes. That means you need to go through the effort to actually create those emailadresses on whatever freemail service you chose, or you need to host the emailserver yourself and have all mails run into a catchall inbox.
Hosting your own emailserver is definately not "basically no extra effort", even for a lot of tech-savvy people, paying for a hosted email service using your own domain is easier, but also seems like not a good investment just to spam a petition website.

The foo+bar@gmail.com functionality, however, is pretty well known tool - even by non-tech savvy people. Even some people I know that I consider basically tech-illiterate have known this for years, they have told me when they found out about it and asked me if I was aware of this functionality.

The first one I mentioned requires preparation, setting up email accounts or an email server, the second one is basically already set up for most email users and ready to go, the latter is therefore definately a lot less effort to pull off.

this post was submitted on 13 May 2024
536 points (90.5% liked)

Mildly Infuriating

35455 readers
122 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS