josh wrote:I'll look at the code -- I take it you've seen such a message with a bunch of CC's, and the addresses are not redirection addresses?
Hi Josh. Thanks for your time and the great service you provide. In my work as a professor I'm regularly involved in email conversations with multiple participants via cc'ing. I've tested this myself using other email accounts I have - I've mailed one of my spamgourmet disposables and cc'ed to some of my other email addresses. If I reply from my protected email via spamgourmet's address masking then only the originating address gets the disposable as the reply-to/from and the cc'd recipients get to see my protected address.
josh wrote:We do pickup the "reply-to" address as well as the "from" address, so there's nothing wrong in principle with handling multiple addresses. We probably need to consider CPU usage and things before we introduce code that goes wild on an arbitrarily long list of addresses, of course.
Fair enough
josh wrote:To send mail to a bunch of different people requires a redirection address for each one of them (these could be prepared using the website). We make this difficult on purpose, to prevent a spammer from using our system to send out a bunch of unsolicited email -- we tried to draw the line in the right place, but it does pose a burden for legitimate purposes - hope you can understand why.
Hmm I see the problem but is it not possible (with the current system as it is) to write a script to access the web form and create, say, a million single-recipeint redirection addresses and then send spam through them? If it isn't, then I think time-based expiration (one week max) mailing list redirection addresses limited to 5 or 10 recipients would be a reasonable compromise - just my 2c worth.
Cheers,
Mark.