bbs.spamgourmet.com

[LCR]

This morning I was unable to login to my Facebook account, which uses a spamgourmet.net address. After doing the password reset thing, it finally gave me a message that said: "This email domain has been reported as abusive by Facebook users."

When I registered they didn't allow spamgourmet.com to be entered as an email, but they did allow spamgourmet.net... until now, I suppose.

Does anybody else know anything about this? I really doubt this was an issue reported by FB users. More likely they're just blocking disposable addresses. Grr. No warning, no recourse, just a FB account still "live" but unable to be accessed because they don't like people protecting themselves from spam?

[cgkath]

I am having the same problem with you.
Moreover if you try to report through a form in the site
http://www.facebook.com/help/login.php?submit
I get :
Your request could not be completed for the following reasons:
The email address you provided is not valid

This is blatant abuse from facebook part. I have even sent email to info@facebook.com yesterday and today without any answer till now.
I propose to raise the issue to blogs and privacy organisations

[cgkath]

So no news on this?
It is a doubly frustrating not to be able to use facebook
1. Because of the reason not being able is protecting our privacy
2. Because I realise how addicted I have become to the stupid thing!

[cgkath]

http://a2sm.com/facebooks-nefarious-plo ... e-process/

This article kind of explains the situation:
FB decided to give developers access to fb users email info and thus doesn't want users having disposable addresses as primary emails.

[josh]

wow - I'm going to think about it, but I'm seriously considering deleting the spamgourmet facebook page, and probably my personal facebook page as well - spooky!

BTW, I'm using xoxy for my personal page, and can still log in, so at least they're moving slowly...

[cgkath]

Josh, as admin maybe you can contact them?

Not that I expect facebook of all corporations to show any sensitivity on privacy issues , but in the least to complain about doing this without any warning.
I for myself have contacted both EFF and privacy international about the issue (not my personal so much but the broader implications) as well as fb notoriously slow and unfriendly customer care.
The upside is that day by day I miss it less and less and this incident might even turn out to be a cure for social network addiction!!

[cgkath]

I got unblocked by facebook abuse service by providing an alternate address (I gave one with antichef.net) Their official reply was that they consider domains spamgourmet.com,spamgourmet.net a security concern

[lwc]

I for myself have contacted both EFF and privacy international

What from address did you use?

BTW, you have to realize how lucky you are to get a denial message. There's nothing - nothing - worse than getting nothing at all, not knowing your Spamgourmet messages got automatically blocked. Then after some days, you finally give up and phone them so some non tech will tell you "sorry, we never got anything from you."

[josh]

can you forward me the reply about sg being a security problem? I'll ask them about it.

[gourmet]

Lol, this using "email address for personality authentication / verification" discussion is really getting stupid. Blocking tons of domains and whitelisting some etc... It's endless swamp. Nobody really wins.

How about using some smarter method at sites. Like SMS confirmation, of course that is also very bad idea, unless you block all prepaid numbers etc...

Hopeless, just hopeless. How about using credit card for "personality authentication". Then then stolen cards are just being used.

In our country we have official "authentication system", which is also legally accepted as signature. Maybe sites should use something like it?

Alternate method is to sending letter which is only given to recipient with ID. And then fake ID's can be used. Because people at post office doesn't do proper personality authentication and check carefully enough if ID is fake.

[lwc]

Consider the point that any non newbie can get a free address, while only truly devoted professionals pay to get anonymous cell phones, while only professional criminals get fake credit cards, signatures or IDs.

Anything other than the former isn't worth Facebook's time.

[gourmet]

while only truly devoted professionals pay to get anonymous cell phones.

I can just tell you that one of my Google AppEngine accounts is confirmed using SMS confirmation. And yep, they did accept anonymous cell phone. They didn't either block account registeration from known Tor node. Which also could be blocked, because tor-node list is public.

From options that I listed, only that official authentication system is hard to beat. Because people take good care of their accounts and it uses OTP. So you need sopisticated spyware to get accounts. And even after that you should abuse that authentication in real time and tell user properly that they should use "next" authentication code. And if it's careful user they'll notice that something is now very wrong. Which of course would happen in only 1-2% of cases, most of people are stupid enough not to get the point that if OTP password is "used" even if it didn't grant access to somewhere there is something very wrong. And most probably if you call authenticator, they don't even get immediately that something is wrong. They just think that it's stupid user that forgot to mark that OTP password has already been used.

Anyway, getting access to these accounts would be worth of more than misusing Facebook. Because those are usable for "legal agreements". Like getting online loans and accessing back accounts, stock market etc.

Edit... One of local online auction shops use that official authentication system. It's very useful in case of fraud, because people can be identified with great trust. Unless... Accounts are hacked. And in this case it's more probable that auction site accounts are hacked due bad passwords, than the actual authentication system for assigning persons identity to account.

Back listing domains or IP addresses is totally pointless, because domain registration is way too easy and you can use many methods for getting "alternate IP".

[lwc]

I used Neverbox without any troubles. But I made sure not to use anything weird like a "+" to avoid any problems.

[Tarkus]

I've always used an xoxy.net address at Facebook with no problems, so apparently they only have a problem with the spamgourmet domains.

[SkiToDie]

If you go to your Account Settings and create a Username, you can use that to log in instead of your email address. That way you don't have to worry about them blacklisting any additional domains.