
Ask HN: Please review mailop.com, an instant disposable email you don't even need to check - ntoshev
http://mailop.com/
======
modoc
Congrats for the launch and the interesting approach!

I run 10MinuteMail.com, which is in the same space, although with a few
differentiators, so take my comments with a grain of salt:)

I worry about the lack of security (i.e. someone can easily issue a forgot
password event, and grab that e-mail, and take over your account). Obviously
you shouldn't use disposable accounts for things like your bank's site, but in
general I think people use them for forum or site accounts that they want to
use, but aren't sure won't sell their address list. The only people I can
picture who 100% don't care if their account can be easily stolen are forum
spammers, who unfortunately use disposable e-mail services pretty often.

I like the auto-clicking action, although many sites require you to set a new
password after you click the link or login with the One Time Use initial
password. Since those links are only usable once, and the site will keep auto-
clicking them when the mail comes in, I think you could find yourself unable
to authenticate with a large number of sites.

~~~
ntoshev
Thanks, I don't really intend to run it as a business. Without being a forum
spammer, I personally used Mailinator a lot and saw the chance to make it
easier. I warned about the danger of stealing the account in the FAQ, on the
front page; I hope this will be enough.

I will write some code to avoid the auto-clicking trap you mentioned, thanks!
:)

~~~
chris11
If you wanted to make something out of it, you could do something like
bugmenot.com.

It might be possible to right scripts to automatically create accounts at
places like the new york times. So you could get people to go to your site,
and they could automatically access sites. The problem with bugmenot is that
people change the password on the throwaway accounts, so it is sometimes hard
to find valid accounts. This way you could control the password and make sure
it wasn't changed. That will get you page views, and let you put up
advertising.

I like the site though, it's always nice to have another throw away email
account. Especially since this one actually activates the registration for
you.

------
nikblack
it is loading really slowly for me

you should auto-gen an email address for every new visitor, makes it easier
than having to check. people don't care what the username is for a throw-away
email address anyway.

after auto-gen, set a cookie so if I do have to come back for something, I
don't need to remember the username and I can click a link to see the inbox
(or just put the inbox on the frontpage as well)

otherwise, pretty cool! a neat hack would be a bookmarklet that auto fills-in
a reg form with the email address (say some javascript that searches for an
'email' text field and inserts a new unique email).

edit: come to think of it, I would probably pay money if you did this as a
service for my own domain. eg. I could point a catch-all for all my email to
you, which you can use to generate throw-away emails from my domain name (in
that case the emails are less likely to be blocked by services).

~~~
ntoshev
Thanks for the suggestions, I like them and will probably implement some
variation.

I hope to be able to run it off a minimal VPS account as I am doing now. The
architecture is very slim (no disk access, no interprocess communication) but
uses unproven libs. Still loads fast for me, though.

~~~
jonknee
CPU may not be your bottleneck... Mailinator is handling up to 2 million
emails an hour off a single server. Bandwidth though is an issue, 3TB a month.
You pay for all those connections that spammers open.

[http://mailinator.blogspot.com/2008/11/so-our-core-duo-
serve...](http://mailinator.blogspot.com/2008/11/so-our-core-duo-server-now-
gets-3.html)

~~~
ntoshev
Yes, I expect bandwidth to be the bottleneck. But it can be pretty cheap:
serveraxis for example has unlimited bandwidth at 10mbps starting from $40 a
month.

------
natch
Cool!

However, I would be concerned about the other links that might appear in the
email. For instance, click here to link your site cookies with the MSN ad
network, or click here to agree that everything you submit will belong to
Bigcorp.

Some (admittedly poorly designed) sites might even have "click here to cancel
your registration" links. Can your link follower tell what each link means? I
don't think so. But yeah, for most cases, it will work beautifully.

------
kwamenum86
This is incredibly dangerous. They say do not use this for "accounts you care
about" but many people use the same or similar passwords and usernames across
several sites. If you register for a site and they send you your password in
plain text via email (many sites still do this) you may have just opened the
door wide open for any number of hackers using brute force attacks (except
they can assume the set of permutations will be MUCH smaller.)

It is a cool service but if you use this you need to create a substantially
different username and password to really be safe. Even if your login
credentials are different someone can go through the password recovery process
via email, reset it, and do whatever they want. Why would I want this to
happen on ANY of my accounts? Even the ones I care least about need to be more
secure than that.

[EDIT] ...but maybe the people who use these services are more intelligent
than the average web user, are aware of the risks, and only associate these
"throw-away" email addresses with throwaway accounts.

~~~
jonknee
You are aware there are lots of sites that do throwaway no-reg email right?
Mailinator has been around for years and is incredibly popular.

~~~
modoc
That doesn't mean it's safe. There are disposable e-mail sites that do not
allow others access to your mail (mine: 10MinuteMail.com is one of them, but
there are others). Just because you want to dodge spam from sold lists,
doesn't mean you should give up all your security.

------
seren6ipity
Isn't it possible that at a given time different users may access the same
mailbox for some common usernames?

~~~
chris11
Definitely, that's how throw away accounts work. You don't get a personal
account. The email just gets sent to a place that any one can access. Just
check some common words at mailinator. A lot of those have more spam than can
come from one person using it. Especially since I believe email gets deleted
about every half hour to an hour.

------
artelmd
Awesome idea! I like it a lot.

My concern is that if (when) your service gets popular, sites that require
registration won't allow email addresses with the mailop.com domain (if they
want _real_ email addresses).

Other than that... great for you!

-Artel

~~~
modoc
Many sites to block disposable e-mail addresses. Then again, many do not. In
my opinion it's no different than a gmail/ymail address.

~~~
chris11
Then most sites just add more domains. Mailinator.com has at least six domains
that all go to Mailinator.com

~~~
modoc
Yeah. 10MinuteMail.com rotates out domains every month or two.

The problem is that people who actually care about blocking temporary e-mail
tend to stay on top of the big sites domain lists. There are even 3rd party
lists you can integrate your site/forum with that block all disposable
addresses.

------
Yoric
Service looks good but the main page needs work: explanations are impossible
to understand if you don't already know what the service is all about.

Good luck with the rest!

------
lssndrdn
I wouldn't use bold for the entire page. It makes it harder to read.

------
ask_a_ninja
Nice service you got, IMHO a good idea is to support a non-url-click email
addresses, smthng like myname.nc@..., where ".nc" means "I will handle the
urls by myself"

WELL DONE!

~~~
silentOpen
Perhaps using sub-addressing and the '+' or '-' character like GMail or qmail.

~~~
txt
I was going to say the same thing. Alias accounts would be awesome...
blah+mymail@mailops.com blah2+mymail@mailops.com etc.. would all point to
mymail@mailops.com This would be really useful if you could implement that.

edit: Also, having the mails (subject and body) display as a xml feed would be
++, some of these temp email sites offer this, but only show the subject and a
link to the message which isn't part of the feed.

~~~
hollerith
Actually the way existing mail servers work foo+bar@domain.com and
foo+bar2@domain.com get delivered to foo@domain.com (if the server was
configured for "+ addressing")

------
quizbiz
I would have used a simple interface that generates an email for you (random
and non repeating). You copy paste the email and next you get the link back.

------
minalecs
i like it a lot. I actually work at a web company where we have to test new
registrations, and have been using mailinator for quite some time. The problem
with mailinator is that if I use the email address for example
jfosidj@mailinator.com I have to copy and paste it somewhere so I can check
it, but your services seems like it will be easier. thanks

------
charltones
check you mailbox recieves confirmaion importatnly

looks like a good idea, just needs running through a spell checker

------
noodle
will it open up any link sent to it automatically? or is it intelligent about
what it opens up?

~~~
ntoshev
It has some intelligence intended not to DOS legitimate sites: if a site sends
a support link along with the confirmation link, for example, the support link
won't be opened over and over again. Like Mailinator, the site has also other
forms of protecting itself against spam.

