Show HN: A really stupid idea that will never work but hey (pleasespamthis.email)
65 points by 19eightyfour 145 days ago | hide | past | web | 23 comments | favorite



I'm sorry for posting this but I wanted to do something with the domain. It's basically a discussion forum, where you contribute via email. Or reply on the site...and the person you reply to gets an email. Theoretically people could use it for good, like meeting others ( a personals columns ), or posting useful news or items which they wish to buy or sell ( like cragslist (TM) ).

Your email is never shown, just a unique id per email. But I'm sorry that the most likely outcome will be either: 1) not used, or 2) used for bad and spam. I try to prevent the spam by using Spam Assassin to reject messages. Anyway, it is sort of an experiment. So let's see how it goes.

No guarantees, no warranties, fingers crossed, hope it is good. Thanks for reading.

Seriously it's a stupid idea but I just wanted to post it. Please don't hate it.


Are emails verified? If I send and email with a forged address, like someone@exampe.com will "someone" receive all the replies?


No they are not. This is a good idea. It's important because otherwise people could be targeted by forging their address and then the replies go to them. I wonder how to do this without making it burdensome? I'll think about it. Thanks.


Forcing signup via oAuth with a service that does some sane email verification might be an easy route.


That's not bad, thanks. My caution is that this would exclude people who use one of the long tail email addresses. Their own domain, or some obscure provider. And I think specifically I would like to include those people. Certainly not let them feel their emails are "secondary citizens" - even tho when it comes to integrations like oauth they are secondary. Because I think the fringe has a story to tell and I want to encourage people from "interesting domains" to come.

At least that's what I in my unspoiled internet innocence want. Maybe it's not a good idea, but ... See what happens. Most probable thing is no one uses it, so maybe this is a "problem I'd love to have" at this stage. Thanks.


Easier to just send an email with a verification link to the sender address.

Should at least honour DKIM and SPF.


Yes I agree this is a good idea because it's not too burdensome on me or on the humans. I'll think more about this if their is some easier or "better way" I'll do that but otherwise this might be what we do. Thanks.


This is actually a very cool idea! I'm collecting some fun projects to teach in my web development classes, and this is a great one since it's quite easy to set up Mailgun to hit an HTTP endpoint with email contents. I think the students will have such a blast seeing their emails show up on a live website.


Thanks for saying that. I really enjoyed seeing emails come through the first time I wrote a client for it as well.

This show hn no 1 spot has cursed me tho. Because I spent the day working on "improving" this "stupid idea"...it just felt tiring. I guess because I realize I don't really care about it and also because I don't think it can make money, and even if it does...not much.

I'm reflecting that it is really only worth it putting time into the ideas that matter. I have a bunch of ideas that I've spent so much more time thinking about than this. I think it really works for me to put the time into those, even tho they take longer than this "quick idea".

All the love has been encouraging tho. It's pretty cool to see "real people" using your stuff. But if it's not the idea you care about, I find that coolness quickly fades! Thanks


Announcement: Sorry I closed this site because it was becoming too expensive to run. The code was not that efficient and all the activity from HN was costing. I have another idea like a forum based on email which I may post a bit later...once I've made the code cheaper to run. Thanks for the feel good encouragement.


>>I created this site because I bought the domain and I felt stupid about buying it and not using it. The site is kind of stupid but I hope something can come of it. Really. Join the conversation. If you dare :) This is going to be the next Reddit It's very interesting that you bought this domain. Too bad too spammy massages aren't shown.


Do you mean this seriously about letting the spammy through? If so please tell me why. I was cautious about blocking any messages at all, but I just thought, one problem people complain about on HN with any service that lets anyone post easily is how it mostly just ends up being spammers... And that seemed like something that annoys people and world make then not want to come back. It's a trade-off tho. Because some interesting messages might get blocked, and those interesting people get a awful experience of just having their efforts silently ignored.... Which is really terrible.

Actually what I originally intended to do when I decided I must use this stupid domain for something was to simply encourage everyone to add pleaseno@pleasespamthis.email to all spam lists they knew, and provide like a gallery obscura, a "hall of horrors" of all the world's spam ( making it "universally accessible and useful" of course... With search and letting people reply. )

But then I assessed this and thought... It's a good gimmick, but I would probably only go there for 15 seconds, scan, and then, depart. And I thought probably everyone else would do this too, because who is tolerant of spam?

I know having the spam "in a glass case" lessens its "threat potency", and that publishing spam in a central place and letting any people reply without anyone "spammer" being able to reply them back directly, sort of turns the table on the power dynamic of spam. And maybe that's a good thing.... But also maybe most spammers are not so "powerful" anyway. I didn't necessarily want to go attacking that group...

Ought I still do this? Is this a better idea?


EmailPrivacyTester.com owned this


I don't know what I was thinking by submitting it to be honest. I've just taken emailprivacytester.com down as it was collecting potentially sensitive info.

[edit] You need to work on sanitising email before it is displayed. Stripping out anything that will trigger http requests to external domains.

[edit2] You definitely want to set up Content-Security-Policy

[edit3] I've brought it back up but with the appropriate records removed from the db and with my mailserver configured to reject mail to your domain.


Thanks so much. I was looking for security feedback. I really appreciate this.


I've sent you a Keybase chat about a couple of security issues.


That's very generous of you thank you. But when I checked by chat I didn't see it. It's my first time using Keybase desktop app, which I downloaded to read your chat. When I opened the app, there's nothing there. Unsure what went wrong.


Weird. Not sure why it isn't working. I've encrypted the messages that I sent with the public key from your keybase profile and pasted below. If you copy and paste it into gpg --decrypt, you'll need to remove the spaces from the start of the line first. They're just there to deal with HN's formatting:

  -----BEGIN PGP MESSAGE-----

  hQEMA3iAzHu9zJZ8AQf9HBqpgmPOIKN/Ptfb4t0gR6D8cll+bZvdnJLtTPC+s0vK
  xSwGrlJOCQdzN+FJ0L5S31ypTN0To1qlkpiW3geaiwnZJj0q1uCa078u5sT16y5u
  NRw+NojRw5Es8VahFOKEu7JhZnwovwpyI3gBdx1KEDEFLUYZlIezjSzOC4CxFE7U
  al6bQxNsP5/zjzISkSg7lgTQgWwYVF8psyX3Oy7Bcyon/70pqpYmVfFL6oLy6k8T
  Aj8R/qpKWme+sH3f09+6gSa/Uz5sPTSsDEwnwL6adxp1R9FebWnehMMa4Zdbyjfe
  1VydSgi7XVLViSwBTI/F9DSarB4l2Hz0v/gXxjcgjtLpAdBtaR2Nrnw8LukKSBKn
  FL0GugyPpUjye94L0ptjhCUFUIkhYYbVIbkMK54nUbqdELocHWgbGiOcWhG6EJBc
  HSmdKuu8wKf2MOnANNoXQV0pL+U/e+Y8SM6JZK5jgzBQsjAcafRYR6go7bGGO9hX
  JPboCtQbcDaDkqKJrdxrl+V6zQ7uGGUGgQ73E1mLpF799NtW/QF4eqS9jIVUbDG/
  ZMBjhpzs+KKnzjgDZZK1IJ/ZI+Fd9VscrOQUbK3gYiUjAMUJtZuYBqLCkuDBIncS
  B0ANDpczENYMItw06gvuvfFvnn/eKjJr4hlo9JEjNiNFJHr4iNPOf2VTPh99XWMF
  DTt+mBfAW9+9jJoo5yrTz6m2JSQob9wIrAFtF/S4fiCQ7ihs9NNp2YcBxXL39iLU
  96+OUUykpbULMlYjw/AovUrzPHYpwL2HTtaRPNPl3JgdJN9q91B4mX7mFjSysey3
  5MIPeHqcKV0DEmC02YQp7+Xp1ZyDJqfBa3yYUgrJAHnaWW2xMdgUuvm0o67tDyyu
  pfzSOdh0g6w1bs2V8KXX7PqJFzVOWDjVe3nygIluL8vvakrlJ49jQy8vZT5eW/0d
  UR2J9zofNzz1R+0N5leeBffqQ5LRHAVvAwD2+HUZUMdUmXFhNhhTv7flv8fDawvf
  ovX7p+bT8lZ/23ye6iIduBXAMhTL7dYBuJzhvQP/gOLVV9qFwq0V7JqiFZLvNDuT
  Hh3jsZdiKlFhFT5qnUaw3E5dUXD5OGLCGV8oIf+39NzD4HS88ZqE14kdMfG9Lc5m
  8j0CaQqNL5KidQaxoqV4riqyKqWjXtH+251p7y1LaafgeGrJQdCOIXSLE9Be+hRF
  mBQ9RpM9GAyXxxx/C39gKYE5JHHQ+oWzOcmZacKUIHcD0GTJOAxjVDkW6edeEa8c
  8LYqp2dCbDldvG6WrE2QJiKJGjpap11L9zflzcErOVAjoRTqFd0EfNT9yOMsI2E3
  NODeSLOJidDUflpVNveQYABzZUYI
  =6Gfj
  -----END PGP MESSAGE-----
This may seem like overkill, but I don't want anyone reading it before you and then using the info inside to break your service.


Thanks. I appreciate your serious attitude to security.


I actually like this idea, and see it as a variation of an idea that i was fleshing out the details of. I would love to learn a few more of the details of how you set it up!


Okay. Leave a message on the page and I'll reply you with some more details, ok?


Incident report: Service has reached its limit as of 10:15 pm EST. I'm working to resolve.

[edit]: 10:33 PM eastern. Service is back.


Another incident. Replies to messages in the common inbox have been 404ing for a few hours. Damn that really stings me that I didn't notice until now. Fixed at 7am EST.




