Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Communications It's funny. Laugh. The Internet

How To Get Websites To Ban Sign-ups From Gmail.com Accounts 175

Posted by Soulskill from the battle-of-the-scripts dept.
An anonymous reader writes "Paul Tyma describes a simple, elegant, and hilarious method that Mailinator (hypothetically, of course) used to mess around with people who scraped its webpages in order to block its alternate domains. Quoting: 'Remember all that script-detecting code from the anti-abuse system? Well, what if I put that in here too, I thought. Let's "detect" when a script is hitting our weensy alternate-domain page. ... And what if after about 30 page hits from the same script (or so), stop displaying actual alternate domains and start sprinkling in some other things. Hmm... but what other things? I know — how about "gmail.com". Or, um, "hotmail.com". Or maybe, "yahoo.com."'"
This discussion has been archived. No new comments can be posted.

How To Get Websites To Ban Sign-ups From Gmail.com Accounts More

How To Get Websites To Ban Sign-ups From Gmail.com Accounts

Comments Filter:

  • SNR (Score:5, Informative)

    by Anonymous Coward on Friday July 01, 2011 @04:34PM (#36637276)

    The signal to noise ratio on that blog post was so low.. Here's the TLDR:

    When you detect that someone is scraping your site, and you'd prefer that they didn't, start feeding them bad data in a way that they won't notice. The dataset that you've poisoned will then have side-effects that the scrapers wouldn't have expected.

  • Re:Summary (Score:4, Informative)

    by tenchikaibyaku ( 1847212 ) on Friday July 01, 2011 @04:42PM (#36637358)
    I'm glad I'm not the only one who was left wondering what the hell this was all about.

    The short story: "Mailinator is a free, disposable email service". Some site operators wants to block people with this service from registering. There's a way of listing all the domains used by Mailinator (by generating a bunch of new throwaway addresses?). Mailinator in turn has a way to detect when a script is trying to go through this list.

    The amazing idea is to detect when a script is scraping this list, and feed it bogus data like "gmail.com".

  • Re:Summary (Score:5, Informative)

    by Anonymous Coward on Friday July 01, 2011 @04:49PM (#36637424)

    The Bitcoin post just looks dumb; phony Bitcoins? doesn't exist; they're cryptographically signed, the whole post is ridiculous. The article, on the other hand, is very simple, if you know what Mailinator is.

    Basically, it's a free webmail with no registration, no password, no security whatsoever: just send an e-mail to testaddress@mailinator.com, go to mailinator.com, and tell it you want to see the e-mails for "testaddress".

    So if you go to some website and it wants your e-mail address so that it can spam you, you put in a mailinator address instead. But then the website gets wise to this and tells you that you're not allowed to put mailinator addresses in the e-mail field when you register. So Mailinator constantly creates new domains that work identically, and gives you a handful of them when you visit the site. Websites got wise to that too, and had scripts that automatically checked Mailinator and automatically blacklisted all the domains it listed.

    Well, hypothetically speaking, if Mailinator's server detected that it was being accessed by a script, it could list whatever domains it wanted (google? yahoo? hotmail?) and the script would dumbly blacklist them. Result: now you can't sign up for $shitty_web_registration_account using your $real_Gmail_address, what the fuck?

  • Translation (Score:5, Informative)

    by Anonymous Coward on Friday July 01, 2011 @04:50PM (#36637444)

    Prior knowledge required to know what the summary is talking about:
    -Mailinator is a disposable email address service for people that don't like giving their email address to strangers
    -There are people who have issues with allowing someone to sign up for and use your service with a disposable email account
    -People started banning Mailinator off the bat
    -Mailinator's creator responds by creating alternate domains the email address can use to evade the standard Mailinator ban, displaying them for the public when they visit the Mailinator page at a rate of one domain per visit
    -People create scripts to collect these alternate domains for various purposes (mostly for banning)
    -Mailinator describes how it could mess with these people to remain useful to its users by detecting rapid page requests and serving random domains in response.

  • Worth the read (Score:5, Informative)

    by pavon ( 30274 ) on Friday July 01, 2011 @04:56PM (#36637484)

    Yeah, you have to both know what Mailinator is and how it uses alternate domains for the summary to make any sort of sense. I didn't know either, but I am glad I read the article, because it is pretty funny.

    TL;DR:
    * Mailinator is a throw-away email service, and some sites want users to provide "real" email address and thus try to ban use of mailinator.
    * To combat this Mailinator has a bunch of alternate domain names that all resolve to the same server.
    * It displays them to users at it's website one at a time, chosen randomly.
    * Blockers tried to scrape the Mailinator website to get the full list of domain.
    * If a scraper is detected they could instead be fed other domains like gmail.com, which would cause the scrapper to block email from those domains as well.

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close