Please use a personal email. My email is ‘mail’ @ ‘my actual name’. It does not get more personal than that

But you can’t use emails starting with mail@, admin@, support@, info@, main@, etc.

Instead they advised me (3 times) to create a personal email on a service like Yahoo, Outlook, Gmail, Orange, etc

  • neatchee@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    4 months ago

    Security professional here. This is legit a good call on their part. It’s because those types of addresses won’t bounce emails but aren’t necessarily in your control; it’s very, very easy to spam those petition forms with mail@ for a million real domains without bouncing the emails, making them seem legit.

    You own your domain, obviously, so it’s really as simple as creating a forwarding/alias address of “[email protected]”. If creating a forwarding/alias address is that much of a problem for you I suggest that you likely shouldn’t be hosting your own email in the first place.

    Your laziness isn’t a good reason to be upset with a company taking steps to reduce their security overhead significantly

    • hemko@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      They do though mention “+” and “-” also banned in the username part, which is kinda annoying

      • neatchee@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        4 months ago

        Yeah I agree that one seems silly on the surface but for their specific situation I understand why: services like Gmail allow using a + to create faux-labels. So for example foo@gmail, foo+bar@gmail, and foo+baz@gmail all get delivered to the same account. For change.org that’s a problem because it allows a single email account to fill out the form many times.

        Ideally, they would simply truncate everything after and including those symbols but it’s possible other services have different rules (maybe yahoo let’s you prepend faux-tags instead of appending them, or something like that) so simply blocking their use altogether could be the more robust solution