
Show HN: A really stupid idea that will never work but hey - 19eightyfour
http://pleasespamthis.email/
======
19eightyfour
I'm sorry for posting this but I wanted to do something with the domain. It's
basically a discussion forum, where you contribute via email. Or reply on the
site...and the person you reply to gets an email. Theoretically people could
use it for good, like meeting others ( a personals columns ), or posting
useful news or items which they wish to buy or sell ( like cragslist (TM) ).

Your email is never shown, just a unique id per email. But I'm sorry that the
most likely outcome will be either: 1) not used, or 2) used for bad and spam.
I try to prevent the spam by using Spam Assassin to reject messages. Anyway,
it is sort of an experiment. So let's see how it goes.

No guarantees, no warranties, fingers crossed, hope it is good. Thanks for
reading.

Seriously it's a stupid idea but I just wanted to post it. Please don't hate
it.

~~~
gus_massa
Are emails verified? If I send and email with a forged address, like
someone@exampe.com will "someone" receive all the replies?

~~~
whatnotests
Forcing signup via oAuth with a service that does some sane email verification
might be an easy route.

~~~
mike-cardwell
Easier to just send an email with a verification link to the sender address.

Should at least honour DKIM and SPF.

~~~
19eightyfour
Yes I agree this is a good idea because it's not too burdensome on me or on
the humans. I'll think more about this if their is some easier or "better way"
I'll do that but otherwise this might be what we do. Thanks.

------
helthanatos
>>I created this site because I bought the domain and I felt stupid about
buying it and not using it. The site is kind of stupid but I hope something
can come of it. Really. Join the conversation. If you dare :) This is going to
be the __next Reddit __It 's very interesting that you bought this domain. Too
bad _too spammy_ massages aren't shown.

~~~
19eightyfour
Do you mean this seriously about letting the spammy through? If so please tell
me why. I was cautious about blocking any messages at all, but I just thought,
one problem people complain about on HN with any service that lets anyone post
easily is how it mostly just ends up being spammers... And that seemed like
something that annoys people and world make then not want to come back. It's a
trade-off tho. Because some interesting messages might get blocked, and those
interesting people get a awful experience of just having their efforts
silently ignored.... Which is really terrible.

Actually what I originally intended to do when I decided I must use this
stupid domain for something was to simply encourage everyone to add
pleaseno@pleasespamthis.email to all spam lists they knew, and provide like a
gallery obscura, a "hall of horrors" of all the world's spam ( making it
"universally accessible and useful" of course... With search and letting
people reply. )

But then I assessed this and thought... It's a good gimmick, but I would
probably only go there for 15 seconds, scan, and then, depart. And I thought
probably everyone else would do this too, because who is tolerant of spam?

I know having the spam "in a glass case" lessens its "threat potency", and
that publishing spam in a central place and letting any people reply without
anyone "spammer" being able to reply them back directly, sort of turns the
table on the power dynamic of spam. And maybe that's a good thing.... But also
maybe most spammers are not so "powerful" anyway. I didn't necessarily want to
go attacking that group...

Ought I still do this? Is this a better idea?

------
mike-cardwell
EmailPrivacyTester.com owned this

~~~
mike-cardwell
I don't know what I was thinking by submitting it to be honest. I've just
taken emailprivacytester.com down as it was collecting potentially sensitive
info.

[edit] You need to work on sanitising email before it is displayed. Stripping
out anything that will trigger http requests to external domains.

[edit2] You definitely want to set up Content-Security-Policy

[edit3] I've brought it back up but with the appropriate records removed from
the db and with my mailserver configured to reject mail to your domain.

~~~
19eightyfour
Thanks so much. I was looking for security feedback. I really appreciate this.

~~~
mike-cardwell
I've sent you a Keybase chat about a couple of security issues.

~~~
19eightyfour
That's very generous of you thank you. But when I checked by chat I didn't see
it. It's my first time using Keybase desktop app, which I downloaded to read
your chat. When I opened the app, there's nothing there. Unsure what went
wrong.

~~~
mike-cardwell
Weird. Not sure why it isn't working. I've encrypted the messages that I sent
with the public key from your keybase profile and pasted below. If you copy
and paste it into gpg --decrypt, you'll need to remove the spaces from the
start of the line first. They're just there to deal with HN's formatting:

    
    
      -----BEGIN PGP MESSAGE-----
    
      hQEMA3iAzHu9zJZ8AQf9HBqpgmPOIKN/Ptfb4t0gR6D8cll+bZvdnJLtTPC+s0vK
      xSwGrlJOCQdzN+FJ0L5S31ypTN0To1qlkpiW3geaiwnZJj0q1uCa078u5sT16y5u
      NRw+NojRw5Es8VahFOKEu7JhZnwovwpyI3gBdx1KEDEFLUYZlIezjSzOC4CxFE7U
      al6bQxNsP5/zjzISkSg7lgTQgWwYVF8psyX3Oy7Bcyon/70pqpYmVfFL6oLy6k8T
      Aj8R/qpKWme+sH3f09+6gSa/Uz5sPTSsDEwnwL6adxp1R9FebWnehMMa4Zdbyjfe
      1VydSgi7XVLViSwBTI/F9DSarB4l2Hz0v/gXxjcgjtLpAdBtaR2Nrnw8LukKSBKn
      FL0GugyPpUjye94L0ptjhCUFUIkhYYbVIbkMK54nUbqdELocHWgbGiOcWhG6EJBc
      HSmdKuu8wKf2MOnANNoXQV0pL+U/e+Y8SM6JZK5jgzBQsjAcafRYR6go7bGGO9hX
      JPboCtQbcDaDkqKJrdxrl+V6zQ7uGGUGgQ73E1mLpF799NtW/QF4eqS9jIVUbDG/
      ZMBjhpzs+KKnzjgDZZK1IJ/ZI+Fd9VscrOQUbK3gYiUjAMUJtZuYBqLCkuDBIncS
      B0ANDpczENYMItw06gvuvfFvnn/eKjJr4hlo9JEjNiNFJHr4iNPOf2VTPh99XWMF
      DTt+mBfAW9+9jJoo5yrTz6m2JSQob9wIrAFtF/S4fiCQ7ihs9NNp2YcBxXL39iLU
      96+OUUykpbULMlYjw/AovUrzPHYpwL2HTtaRPNPl3JgdJN9q91B4mX7mFjSysey3
      5MIPeHqcKV0DEmC02YQp7+Xp1ZyDJqfBa3yYUgrJAHnaWW2xMdgUuvm0o67tDyyu
      pfzSOdh0g6w1bs2V8KXX7PqJFzVOWDjVe3nygIluL8vvakrlJ49jQy8vZT5eW/0d
      UR2J9zofNzz1R+0N5leeBffqQ5LRHAVvAwD2+HUZUMdUmXFhNhhTv7flv8fDawvf
      ovX7p+bT8lZ/23ye6iIduBXAMhTL7dYBuJzhvQP/gOLVV9qFwq0V7JqiFZLvNDuT
      Hh3jsZdiKlFhFT5qnUaw3E5dUXD5OGLCGV8oIf+39NzD4HS88ZqE14kdMfG9Lc5m
      8j0CaQqNL5KidQaxoqV4riqyKqWjXtH+251p7y1LaafgeGrJQdCOIXSLE9Be+hRF
      mBQ9RpM9GAyXxxx/C39gKYE5JHHQ+oWzOcmZacKUIHcD0GTJOAxjVDkW6edeEa8c
      8LYqp2dCbDldvG6WrE2QJiKJGjpap11L9zflzcErOVAjoRTqFd0EfNT9yOMsI2E3
      NODeSLOJidDUflpVNveQYABzZUYI
      =6Gfj
      -----END PGP MESSAGE-----
    

This may seem like overkill, but I don't want anyone reading it before you and
then using the info inside to break your service.

~~~
19eightyfour
Thanks. I appreciate your serious attitude to security.

------
coreyp_1
I actually like this idea, and see it as a variation of an idea that i was
fleshing out the details of. I would love to learn a few more of the details
of how you set it up!

~~~
19eightyfour
Okay. Leave a message on the page and I'll reply you with some more details,
ok?

------
19eightyfour
Incident report: Service has reached its limit as of 10:15 pm EST. I'm working
to resolve.

[edit]: 10:33 PM eastern. Service is back.

~~~
19eightyfour
Another incident. Replies to messages in the common inbox have been 404ing for
a few hours. Damn that really stings me that I didn't notice until now. Fixed
at 7am EST.

