Show HN: Startup with no website - GuerillaClick@gmail.com
Hey there, there are lot of disposable email services, but as I was thinking I realized 95% of the time, I don't care about my inbox. I just want to "verify my email".
That's why I created a startup with no website, it's called guerillaclick@gmail.com, it's a credible domain (you don't say) and it will click on any "verify" links you send it to it.
You can use aliases to get around of duplicate emails in the target system, so like
guerillaclick+eralp@gmail.com guerillaclick+sdfaskdma@gmail.com guerillaclick+111@gmail.com
so choose an alias and start using the service!
I will provide a website to see the inbox of your alias. (maybe for services who send your pw in the email, but then you might be better off using other established servers.)
Gmail API is a bit slow so it might take 30 seconds for email to be received on my end, keep in mind while testing!
Best,
189 comments
[ 2.3 ms ] story [ 324 ms ] threadEDIT: Assumes Zero or One periods per bit-gap; if you can chain them, the sky’s the limit.
While I'm a fan of Mailinator and their approach, I think the feature OP has about auto-clicking verify is unique. But yes, to do this right, you need the multi-domain approach of Mailinator instead of just aliases. Maybe Mailinator has an API or supports POP/IMAP that would make this possible, I haven't checked.
Don’t have a domain to throw spam at? Pick a sub domain and use that.
Say I want to comment on a news article and need to register. I don't want random-newspaper.com to have anything directly related to my person, including anything @mydomain.com. So I quickly punch in random-email@mailinator.com to register and once I'm done I can either forget the site and email ever existed or keep using it since it's non critical and losing access to it doesn't matter.
Ideally I would have different email addresses for every site so I can keep those identities separated and free of any personal information. Last time I used it like this was probably a decade ago because since then more and more sites starting rejecting @mailinator.com addresses. I found another such solution that I have been using for the past years but this is also going the same way (not a big issue yet).
Receiving email is pretty easy - own domain with MX record and some cheap VPS with Docker. No need to worry SPF, DKIM, DMARC, DSBL - you care about these when you have to send emails from the host.
Why would you blacklist gmail.com when you can blacklist 'GuerillaClick@gmail.com'?
However, when I set up Apple ID for each of them I wanted to create separate Apple IDs for each of them.
Thankfully Apple does not do anything like ignoring the + part you provide.
There are many ways spammers can create any number of email addresses.
Ignoring the + part of email addresses isn’t going to stop spammers, but it is going to cause a lot of pain for regular users because the + part has many applications that you can’t even imagine.
When the user hands you an email address, use that email address as is. Don’t ignore the + part of GMail addresses or anything like that.
Just ignore it when checking uniqueness, if you really must
You are well within your rights to prohibit duplicate signups from the normalized address, but please don’t presume to replace what the user entered.
Does nobody read RFC’s anymore?
I did, before posting my answer, though I admit I was too lazy to look up the email RFC and instead just used the URI RFC and assumed the allowed characters in the user-name would be the same :P
It is really helpful if you want multiple profiles for a service (ex. Different mode, different recommendation) or in filtering all emails sent to that specific address (can't filter with the "from" as I don't know who is emailing me)
Please don't break standards
- Is it allowed under GMail's TOS?
- Have you considered the security implications of having what is presumably a server somewhere in your name clicking on any link that's sent to it?
- You say startup - do you have monetization plans? Putting adverts on the associated website perhaps?
They also have a "don't misuse our services" clause and I'm sure this would count as misuse if found.
How come Google can figure out who and where the interested end-user is when emails are actually send by web apps and clicking is done upon email retrieval (I bet some cron with POP3). Moreover emails from "bad" countries are rather filtered out as spam/scam.
Apart of this thread publicly inviting people it may be also hard to distingush the accout from any busy one. But I guess G may have some pattern matching and rate limits for such sinks.
.. in your country. Saying something is illegal without mentioning jurisdiction is meaningless.
> not allowed by ToS
The service being signed up to, perhaps. But it isn't clear to me that it's banned by gmail's tos especially since he's using the service APIs normally.
Do you even have to ask? The answer is a clear 'NO'. There is zero chance that Google will allow you to abuse their email service in this way.
I hope OPs personal account isn't in anyway related to this account because when 'guerillclick@gmail' is inevitably banned, his personal account may be collateral damage.
if you hit 1 minute over 60 you get blocked 24h
Give some random guys with no website your registration record somewhere, allow them to verify your registration as theirs, and then impersonate you, reset passwords, see any communications, possibly log in as yourself and do anything. All this with no recourse.
Nigerian spammers moan from envy for such a brilliant self-propelled gullibility filter.
Wow they’ve been around for 20 years now, that’s not bad!
You aren't using this service correctly.
The idea is to not give away your email or signup for a website, but get access to that website.
I think this was a nice experiment and still usable for many services.
guerillaemail+myusername-mypassword@gmail.com
As others have clarified, only for complete throwaway accounts obviously. I tested '-' and '!' and those characters appear acceptable as the delimiter. ':' gives a very strange error on send when using gmail.com. Also imagine you'd lose some letter casing along the way.
Really just a fun and terrible idea!
It's hilarious.
It's bizarre. The people using "fake" gmail addresses don't seem to realize it is used by somebody else. They are lucky I'm not malicious.
Edit: mine is a first name and a number
Once I got an advanced copy of remarks the UK Prime Minister was going to make the next day at the 2008 Jeddah global energy summit.
World-class was the lady who sent me pics of herself in lingerie. Not too revealing and I deleted them immediately and replied to warn her. She nearly died of embarrassment.
I'm pretty sure there are spam lists who sign me up to products, probably for some kind of referral. I join all sorts of junk.
Compounded by Google making "first.last@" = "firstlast@"
Next Gmail account is going to be a guid.
That was fun.
Like none of it is spam exactly, just a lot of wrong numbers.
Once I was told about "my" enlistment in the reserves of some armed service. That one I replied to and got a very polite response from someone with a little bit of rank.
The others are more mundane. Mailing lists with dirty jokes from a group of american dentist friends. School notifications from a guy in the UK. Random baby pics.
Im not sure if there are lots of people with the same name who occasionally get their mail wrong. Or a few people with the same name who constantly do. It just seems weird though. Surely if you had a non firstname.lastname@gmail address you would take extra care to add in the extra padding.
I had customers who entered an undeliverable=invalid gmail address because they were confused about who hosts their email. Used foo@hotmail.com, entered foo@gmail.com. A few years back, I wouldn’t have thought this possible.
So much misdirected email. Try to sign up for something? Reset password change info to not theirs.
It's amazing what people send rather blindly.
occasionally people (accidentally?) use my (long-in-disrepair) gmail account in this way, and it's amusing to see their little peccadillos. sometimes you get the devilish chance to change subtle details of an online profile =D
Hey stupid mailing list, I never wanted you. Have more garbage.
https://www.guerrillamail.com/
I like the idea, but it probably is against Google's TOS, so there's that ...
If Google gets angry about you, your life MIGHT be ruined –partially–
[0]: https://amp.reddit.com/r/google/comments/8l231x/google_banne...
My code was tied to a Google Sheet that would hourly pull matching emails, use a regex to extract the link, send an HTTP request to the URL, and record the URL and response in the spreadsheet.
Having a high level description of the code isn't as useful as the code itself. Alas, my code was part of my Google account at a previous employer.
I started my startup with a website to do a disposable emails service: mailcare.io It's also available in open source.
I've worked for companies that made pretty awful products, but they sure knew how to sell 'em.
This has value.
The iOS app might still work but the watchOS app hasn’t been updated for 5.x. :-(
(Is email still considered slow? I remember having wait times in the hours back in the 90s, but I'm not sure I've ever waited anywhere near a minute in the past decade.)
> (Is email still considered slow? I remember having wait times in the hours back in the 90s, but I'm not sure I've ever waited anywhere near a minute in the past decade.)
Tumblr does this at the moment. It asks for either email click or a traditional username/password setup.
I’ve never used the feature. I have an integrated password manager.
Sure, there is a "password" - but they won't let you log in without also verifying you have access to your email account - and you can reset that "password" only knowing the username and having access to the email account.
It'd be nice if you could create temporary <insert reputable domain here> accounts on the fly. User provides a captcha solve, your service uses this to create a random account & log in, user can view inbox or click 'open all links'. This wouldn't work with gmail because of SMS verification but would probably work on other domains and circumvents the above problem.
Unfortunately, more and more services are rejecting + e-mail addresses. Either ignoring them, or flagging them as an error.
While it's perfectly within the RFC, companies are catching on to the trick.
(3M, I'm looking at you!)
https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-mo...
How rich.
g.uerillaclick@gmail.com
The number of options is of course limited but it's still recognized as a separate address while still coming into the same inbox
It helps users who keep trying bobjones@gmail.com when they signed up with bob.jones@gmail.com. Also is pretty good at preventing mass signups using tricks like this.
Also, how do you deal with spam filters that are designed to spam anything without a local part? Or is this only done to "well-known" domains like gmail.com?
This is enough of a threshold probably.
I made a +suffix account so I'm not buying stuff on amazon with my AWS account.
If this guy can convince people to send him their registration codes and somehow monetize it he's in business.
Thanks!
Thank you for making this though.