FakeFilter blocklist project considering blocking private aliasing services (incl. Skiff, SimpleLogin, Addy)

amilich · December 5, 2023, 2:46am

Hi all. I’m the CEO of Skiff and have posted here before, but this is an issue that affects every privacy-focused mail provider:

github.com/7c/fakefilter

Please add simplelogin.io, rambler.ru, emailnator.com, noip.com, seznam.cz, wp.pl, skiff.com, tempmaili.com, proton.me, courvix.com, tutanota.com, 5ymails.com, internxt.com, tempmail.email, emailondeck.com, tempor.email, fakesmail.com, tempimail.org, temp-mailbox.com, temp-mail.us, 10minemail.com, hour.email, cloudtempmail.com, tmail.ai, zemail.me, tempumail.com, emailfake.com, o2.pl, and addy.io

opened 08:35AM - 06 Oct 23 UTC

closed 11:17AM - 04 Dec 23 UTC

GalacticHypernova

## simplelogin.io: The current domains according to what I can see are: slmail…s.com simplelogin.com aleeas.com slmail.me silomails.com 8shield.net 8alias.com dralias.com simplelogin.fr Their entire project is also open source so there may be more domains hidden within the source (maybe even the domain generation process) https://github.com/simple-login/ EDIT: I dug around their API, and here's a resource to obtain all possible domain (without custom domains that require valid MX records) (you must be logged in to the app or else it says wrong api key): https://app.simplelogin.io/api/v2/setting/domains ![image](https://github.com/7c/fakefilter/assets/92037085/a4ead6fa-1006-44d6-8807-143e5231d295) ## addy.io: [possible subdomain].anonaddy.me [possible subdomain].anonaddy.com Also open source: https://github.com/anonaddy/anonaddy EDIT: Dug around their API as well, it seems as though they need a user to be logged in: https://app.addy.io/api/v1/domains but would require a bit of digging becausse they need authentication which I don't really know how to integrate with fakefilter considering I don't know what technology you use, so I'll leave that to you. There is however another endpoint that displays the domain options, which is as follows: https://app.addy.io/api/v1/domain-options Returns: ![image](https://github.com/7c/fakefilter/assets/92037085/0fdb72c0-cc8c-4833-a099-b06f35cb412d) The data is the array of the possible domains a logged in user can use. The domains is used for custom, additional domains that like simplelogin require valid records. ## noip.com: noip.com ddns.net ddnsking.com 3utilities.com bounceme.net freedynamicdns.net freedynamicdns.org gotdns.ch hopto.org myddns.me myftp.biz myftp.org myvnc.com onthewifi.com redirectme.net servebeer.com serveblog.net servecounterstrike.com serveftp.com servegame.com servehalflife.com servehttp.com serveirc.com serveminecraft.net servemp3.com servepics.com servequake.com sytes.net viewdns.net webhop.me zapto.org access.ly blogsyte.com brasilia.me cable-modem.org ciscofreak.com collegefan.org couchpotatofries.org damnserver.com ddns.me ditchyourip.com dnsfor.me dnsiskinky.com dvrcam.info dynns.com eating-organic.net fantasyleague.cc geekgalaxy.com golffan.us health-carereform.com homesecuritymac.com homesecuritypc.com hosthampster.com hopto.me ilovecollege.info loginto.me mlbfan.org mmafan.biz myactivedirectory.com mydissent.net myeffect.net mymediapc.net mypsx.net mysecuritycamera.com mysecuritycamera.net mysecuritycamera.org net-freaks.com nflfan.org nhlfan.net pgafan.net point2this.com pointto.us privatizehealthinsurance.net quicksytes.com read-books.org securitytactics.com serveexchange.com servehumour.com servep2p.com servesarcasm.com stufftoread.com ufcfan.org unusualperson.com workisboring.com Appears to have a paid API access, will try to dig deeper to find the endpoint. EDIT: Dug around their API, the domain list is retrievable through the following code (it's an inline script that exists at https://my.noip.com only, from my research): ```ts const element=document.getElementById("app_config") const json=JSON.parse(element.textContent) const domains=json.domains ``` ![image](https://github.com/7c/fakefilter/assets/92037085/12d87d19-bed6-460c-bad9-19a87af8e547) Or in text form: ```json { "free": [ "ddns.net", "ddnsking.com", "3utilities.com", "bounceme.net", "freedynamicdns.net", "freedynamicdns.org", "gotdns.ch", "hopto.org", "myddns.me", "myftp.biz", "myftp.org", "myvnc.com", "onthewifi.com", "redirectme.net", "servebeer.com", "serveblog.net", "servecounterstrike.com", "serveftp.com", "servegame.com", "servehalflife.com", "servehttp.com", "serveirc.com", "serveminecraft.net", "servemp3.com", "servepics.com", "servequake.com", "sytes.net", "viewdns.net", "webhop.me", "zapto.org" ], "enhanced": [ "access.ly", "blogsyte.com", "brasilia.me", "cable-modem.org", "ciscofreak.com", "collegefan.org", "couchpotatofries.org", "damnserver.com", "ddns.me", "ditchyourip.com", "dnsfor.me", "dnsiskinky.com", "dvrcam.info", "dynns.com", "eating-organic.net", "fantasyleague.cc", "geekgalaxy.com", "golffan.us", "health-carereform.com", "homesecuritymac.com", "homesecuritypc.com", "hosthampster.com", "hopto.me", "ilovecollege.info", "loginto.me", "mlbfan.org", "mmafan.biz", "myactivedirectory.com", "mydissent.net", "myeffect.net", "mymediapc.net", "mypsx.net", "mysecuritycamera.com", "mysecuritycamera.net", "mysecuritycamera.org", "net-freaks.com", "nflfan.org", "nhlfan.net", "pgafan.net", "point2this.com", "pointto.us", "privatizehealthinsurance.net", "quicksytes.com", "read-books.org", "securitytactics.com", "serveexchange.com", "servehumour.com", "servep2p.com", "servesarcasm.com", "stufftoread.com", "ufcfan.org", "unusualperson.com", "workisboring.com" ], "affiliate": [] } ``` ## emailnator.com: smartnator.com femailtor.com Randomly generated Gmail accounts googlemail.com mydefipet.live tmpmailtor.com psnator.com Has a freemium API for bulk domains: ```ts const axios = require('axios'); const options = { method: 'POST', url: 'https://gmailnator.p.rapidapi.com/bulk-emails', headers: { 'content-type': 'application/json', 'X-RapidAPI-Key': 'b0d5becc39msh5d66ccd02a4f40dp16f7a9jsn4315d6fbc1dc', 'X-RapidAPI-Host': 'gmailnator.p.rapidapi.com' }, data: { limit: 20, options: [1, 2, 3] } }; try { const response = await axios.request(options); console.log(response.data); } catch (error) { console.error(error); } ``` Something interesting I learnt about the generated gmail accounts is that they either contain + or an excessive amount of dots, 2 very odd patterns in real, legitimate email accounts. I was able to reliably detect at least 3 or 4 dots in the email itself when it's using the dotted variation. ## rambler.ru: rambler.ru myrambler.ru autorambler.ru rambler.ua ro.ru This site is a semi legit news site, but the mail service is used for temp emails. Their API endpoint: https://id.rambler.ru/api/v3/legacy/Rambler::Id::get_available_domains It appears to have very odd authentication type middleware, it can only be used from a **[certain part](https://id.rambler.ru/login-20/mail-registration?rname=mail&theme=&session=false&back=https%3A%2F%2Fmail.rambler.ru%2F&param=embed&iframeOrigin=https%3A%2F%2Fmail.rambler.ru)** of their website with the following fetch: ```ts await fetch("https://id.rambler.ru/api/v3/legacy/Rambler::Id::get_available_domains", { "headers": { "accept": "*/*", "accept-language": "he,en;q=0.9,en-GB;q=0.8,en-US;q=0.7", "cache-control": "no-cache", "content-type": "application/json", "pragma": "no-cache", "sec-ch-ua": "\"Microsoft Edge\";v=\"117\", \"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"117\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"Windows\"", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-client-request-id": "ridduMw2OekRXLeVWwTD" }, "referrer": "https://id.rambler.ru/login-20/mail-registration?rname=mail&theme=&session=false&back=https%3A%2F%2Fmail.rambler.ru%2F&param=embed&iframeOrigin=https%3A%2F%2Fmail.rambler.ru", "referrerPolicy": "strict-origin-when-cross-origin", "body": "{\"id\":\"ridduMw2OekRXLeVWwTD\",\"params\":{}}", "method": "POST", "mode": "cors", "credentials": "include" }) ``` And returns the following: ![image](https://github.com/7c/fakefilter/assets/92037085/7a20d8b8-42fc-4f1d-8b84-6c128687641e) ## seznam.cz seznam.cz ## wp.pl wp.pl ## tempmaili.com hopeon.xyz munik.edu.pl (Looking for the API for that) ## skiff.com skiff.com [possible subdomain].maskmy.id This should be a wildcard as there are infinite amount of subdomains all under maskmy.id ## proton.me proton.me protonmail.com ## courvix.com API endpoint: https://courvix.com/api/emails Returns all of the possible domains (below is a screenshot of the partial response): ![image](https://github.com/7c/fakefilter/assets/92037085/cb5e36ec-ebaf-4e07-a053-9bc3f4c10511) ## tutanota.com tutanota.com tutanota.de tutamail.com tuta.io keemail.me tuta.com A way to automate this process would be to go to https://app.tuta.com/common-min-b91bbf95.js and take the `e("bW",["tutanota.com","tutanota.de","tutamail.com","tuta.io","keemail.me","tuta.com"])` part (whether it be through regex or a different method). The [**source map**](https://app.tuta.com/common-min-b91bbf95.js.map) for this has it as an export: `export const TUTANOTA_MAIL_ADDRESS_DOMAINS = [\"tutanota.com\", \"tutanota.de\", \"tutamail.com\", \"tuta.io\", \"keemail.me\", \"tuta.com\"]` ## 5ymail.com 5ymails.com 5ymail.com 5ymail.net 5ymail.de e9mail.com e9hosting.com 5ymail.me ## internxt.com theeyeoftruth.com beaconmessenger.com lamasticots.com They are open source so I'm still looking into where their API is ## tempmail.email The endpoint: https://tempmail.email/api/domains.alternative.config.json Returns all available domains: ![image](https://github.com/7c/fakefilter/assets/92037085/d39fea87-5a5d-4c3f-985b-f5026b620d05) They have another endpoints: https://tempmail.email/api/domains.config.json Which returns more domains: ![image](https://github.com/7c/fakefilter/assets/92037085/44ad19c8-0c81-4348-a923-9df400be3f7c) ## emailondeck.com sloveniakm.com appears to be the only domain, has a PRO api endpoint to list all available domains that requires a token: https://api.emailondeck.com/api.php?token=[TOKEN_HERE]&act=list_email_domains&order=date_desc ## tempor.email scandicdeals25.com nurumassager.com varaunited.in whitworthknifecompany.com hatberkshire.com moreview.xyz nmemail.xyz aconnectioninc.com bendnsend.com waleskfb.com lamedicalbilling.com fabtours.live klearlogistics.com stragedycd.com igeekmagz.pw 91sedh.xyz besttimenews.xyz secure-mail.cc dromancehu.com wremail.xyz ohioflyfishinguides.com affordableroofcare.com redfaunstudio.com aeshopshop.xyz uqkemail.xyz elmcreekcoop.com linseyalexander.com otratransportation.com z1p.biz wremail.top stivendigital.club gssfire.com asifboot.com pliqya.xyz tmailcloud.net andersonelectricnw.com 3mail.rocks pwruttz.com customequipmentstore.com partmed.net csderf.xyz mylandjet.com wuupr.com ivyplayers.com bacinj.com volunteerindustries.com liquidlogisticsmanagement.com tlcemail.xyz colourmedigital.com childrenofthesyrianwar.com jgwinindia.com mailrock.biz unicomti.com buzztrucking.com wellnessconnecthc.com amazinggift.life meibokele.com mailpoly.xyz bukutututul.xyz syonacosmetics.com abunasser.site efundpro.com 360wellnessuk.com ambientiusa.com btcmod.com twichzhuce.com straightflightgolf.com strategysuperb.com leafrelief.org uniaotrafego.com garoofinginc.com nmemail.top acampadaparis.com gofsrhr.com skxemail.com pekanrabu.biz thelubot.site tesqwiklabsss.shop eellee.org jwpemail.eu apexhearthealth.com yandexmailserv.com They have an API which I'm trying to explore right now, but for the time being I had to write this all down ## fakesmail.com stacktix.one votexrise.com otelekom.live xtoox.com profunivers.site enoiv.pro fugmi.xyz ## tempimail.org iemail.fun wemail.pics loveblog.help ## temp-mailbox.com codjobs.com jocdk.com mvpve.com page.edu.pl sdkjob.com codvip.net ## temp-mail.us fosil.pro rootfest.net polyfaust.com cartelera.org hostcalls.com ## 10minemail.com jucatyo.com eazenity.com mkurg.com othao.com newnime.com mainmile.com I know this website is already monitored, however I couldn't find these specific domains in the list It has a freemium API just like emailnator: ```ts const axios = require('axios'); const options = { method: 'GET', url: 'https://privatix-temp-mail-v1.p.rapidapi.com/request/domains/', headers: { 'X-RapidAPI-Key': 'b0d5becc39msh5d66ccd02a4f40dp16f7a9jsn4315d6fbc1dc', 'X-RapidAPI-Host': 'privatix-temp-mail-v1.p.rapidapi.com' } }; try { const response = await axios.request(options); console.log(response.data); } catch (error) { console.error(error); } ``` ## hour.email mynamejewel.com ## cloudtempmail.com bigddns.net 4save.net taxibmt.com videotoptop.com ipxwan.com email84.com soc123.net nhmvn.com nickmxh.com cloudtempmail.net choigi.com coffeejadore.com bigddns.org acc1s.com dulich84.com pingddns.org emailtik.com huongdanfb.com tatadidi.com tubeemail.com 5semail.com nextsuns.com tinpho.com embekhoe.com mp3oxi.com n-h-m.com mikfarm.com nuoifb.com voxinh.net vinakop.com storebanme.com email-68.com emailcoffeehouse.com camera47.net mikrotikvn.com kenhbanme.com muadaingan.com pingddns.com xehop.org connho.net vinaemail.com fastddns.net vncctv.net nick-ao.com bigddns.com emailracc.com chamconnho.com coffeeazzan.com datadudi.com mikrotikvietnam.com libinit.com taxibmt.net cloneemail.com giodaingan.com vobau.net diemhenvn.com mikrotikx.com vinakoop.com 123clone.com ## tmail.ai happy9toy.com leechchannel.com likemovie.net pertera.com Couldn't get more because their firewall is broken but I would assume some shared domains would be in cloudtempmail.com ## zemail.me solariss.me blocki.tech thimble.email codda.me astern.live (this one will be hard to distinguish) gmail.com ## tempumail.com umail.edu.pl tempumail.online ezblog.co ## emailfake.com proceedwky.com jdefiningqt.com legal-research-investigation.com kocheme.com varaunited.in avobitekc.com epppl.com jnckteam.eu wantwp.com guesthousenation.com cabovertrans.com nyfinestbarbershop.com bromeil.com strategysuperb.com sikatan.co 7814445.com eligibilitysolutions.com discardmail.ninja haqoci.com shiningblogpro.com easy-mail.top rumahcloudindonesia.online salonkarma.club mentornkc.com gspousea.com uenglandrn.com senduvu.com affliatemagz.com mywayzs.com And any other domain with valid records This one is a bit harder to collect all domains from, I have noticed their script however I am still trying to figure out a way to use it to obtain all possible domains. They're using jQuery and typeahead so that may be useful information. ## o2.pl o2.pl

At stake is being able to sign up for hundreds/thousands (possibly more) sites around the internet. Due to this thread, tons of popular email suffixes are being blocked, despite open and constant communication from multiple anti-abuse teams.

We at Skiff have absolutely no idea why this was initiated, and no recourse to even help mitigate potential issues. If you believe in a freer internet or use these services… please comment. I’m open to any ideas on how to revert this!

jonah · December 5, 2023, 3:30am

Well, have any of these changes actually been made? I’m not seeing an indication that they have been. While the GitHub Issue’s OP is an obvious troll, the repo maintainer seems to be going through at the moment and doing a one by one evaluation, and doesn’t seem to be considering adding the legitimate services. He’s clearly rejecting legitimate email providers like Proton, and I’d assume Skiff Mail. No official word on aliasing services like SimpleLogin, but I don’t see it included on their list yet, and I suspect it won’t meet their criteria for inclusion.

I like @dngray’s comments from yesterday in that GitHub thread

xe3 · December 5, 2023, 3:31am

Jesus I don’t know whether the person that opened that issue is just extremely technically uninformed or has ulterior motives, maybe both, (seems plausible considering how they keep trying to transition the conversation to private / non-transparent channels).

I thought that now that iCloud, Firefox, and Duckduckgo offer email aliasing, some of this anti-email-privacy crap from people would subside but I guess not.

I see the ticket is now closed, but it doesn’t say whether it was rejected, or not. I’m not super familiar with Github, do you know what this means for this proposal?

xe3 · December 5, 2023, 3:33am

haha, yeah @dngray was not pulling any punches in that thread.

dngray · December 5, 2023, 5:56am

I doubt anything will come of that issue. fakefilter is a fairly small project and not very widely used to my knowledge.

The issue was opened by someone who doesn’t even run any services (they pretended they did until I questioned them on that exact issue), ie where were they getting their data.

Then the story changed to “I read some reports on the internet” and did some “tests”. This person didn’t even do the basic research of even reading service policies of the various providers they wanted added to the list.

If you look at their GitHub activity it’s mostly to do with roblox so I doubt they have any real expertise.

anon89321548 · December 5, 2023, 12:31pm

Perhaps not for that project specifically, but there are other lists adding these domains.

Email Hippo

Both Skiff, Tuta, etc:

amilich · December 5, 2023, 4:38pm

Yes, and also this one - https://github.com/disposable/disposable/blob/05c21aa5b98cef142273623a93b0665404850729/greylist.txt @jonah
@dngray I hope the impact is low

dngray · December 5, 2023, 5:16pm

@amilich I don’t think a lot of people use these lists because they’re a pretty crappy way of doing it and doesn’t really prevent spam or nuisance users.

davidcollini · December 5, 2023, 7:18pm

After reading the entire Github conversation, I’m most surprised that the repo maintainer waited two days to settle this, then only made a statement about keeping Protonmail and Gmail. He failed to comment on email services such as Skiff, Tuta and Seznam aswell as email aliasing services such as SimpleLogin, Addy.io and Skiff’s service. After seeing this failure to calm the situation, I feel that the maintainer has started a project focused on blocking email addresses while not understanding the full extent of how email is used online.

jonah · December 5, 2023, 7:19pm

To be fair, the OP asked the maintainer to look at like a million different services at once for no reason. But yes I still agree

Topic		Replies	Views
Services blocking aliases Privacy	13	741	October 24, 2023
New email aliasing tool - Quick Aliases on Skiff Project Showcase	22	1860	November 29, 2023
ProtonMail and SimpleLogin usually mistaken as disposable mail :( Privacy	16	1025	April 25, 2024
DuckDuckGo Email Protection (aliasing service) Tool Suggestions	59	5453	April 17, 2024
Posteo (email provider) Tool Suggestions rejected	2	1628	December 3, 2023

FakeFilter blocklist project considering blocking private aliasing services (incl. Skiff, SimpleLogin, Addy)

Related Topics