Add hide my email provider
Closed this issue · 4 comments
Please add icloud.com as a listed domain.
This domain provides users the ability to generate unique, random email addresses with Hide My Email. The service advertises: "you don’t have to share your real email address when filling out a form on the web or signing up for a newsletter."
This purpose is incompatible with the goal of the project which states: "We want that site owners use this repo as reliable source to find out all fake/temp provider registration attempts."
"Mail sent to your random addresses is forwarded to your personal email account: your iCloud Mail address or any email address associated with your [Apple ID]. When you reply to an email, your personal email address remains private. The email appears as if it were sent from the Hide My Email address."
Read more here: https://support.apple.com/guide/icloud/what-you-can-do-with-icloud-and-hide-my-email-mme38e1602db/icloud
There are several problems with this request:
@icloud.comdomain is not used just for Hide My Email addresses. It is the main domain that Apple provides for Apple IDs. Adding this domain will inconvenience millions of legitimate Apple users.- Allowing Sign in with Apple is an explicit requirement for developers who build apps in the Apple ecosystem. Allowing Sign in with Apple automatically brings with it Hide My Email. If a website/service backing an app rejects a Hide My Email address, that app can be rejected by Apple during the App Store review process. By putting this domain on the list, you will risk many app developers having their apps rejected by Apple.
- Hide My Email is a paid service from Apple, so the likelihood of abuse remains low. It's neither a fake service nor a temporary email service.
Requests like these that muddy the line between a fake service and a legitimate service that provides some privacy are problematic. @7c I request you to reject this issue.
@nullbadger
I recommend to make an if statement if email ends with \@icloud\.com$ make a page that ask for email address or display a message error "an error occur please used an other email address." before passing the email to fakefilter.
@SecurityFighter, from both your links. It appears Apple is using the icloud domain to provide a service facilitating fake/temp registrations as well as static addresses. Since the service provides temporary email addresses, the domain should be included for that reason as this is the stated purpose of the project. Those wishing to whitelist the temporary email provider could always choose to do so.
I imagine icloud.com could also be removed in the future provided the service is closed or is moved to a new domain where only the hide-my-email domain would be included.
Guys, we wont list google etc similar services in this list. Sorry. We are not trying to rescue the world but trying to sweep the backstreets. Those services can be blocked individually by added the domain statically. Thanks