top | item 34438680

(no title)

leoxiong | 3 years ago

> If an email address hasn't been seen in a data breach before, it may be a newly created one especially for the purpose of gaming your system.

I’ve started using iCloud Hide My Email which generates a random email that forwards to my account email. This assumption is going to cause issues.

discuss

thih9|3 years ago

Next sentence addresses that:

> (…) or even using a masked email address service such as the one 1Password provides through Fastmail. Absence of an email address in HIBP is not evidence of possible fraud, that's merely one possible explanation.

yuliyp|3 years ago

It can, but that's kind of the nature of anti-spam systems these days. Come in on a Tor IP with a randomly-generated burner e-mail with a Curl user-agent and you're gonna get blocked from almost anything that spammers have an interest in. Come in on the e-mail address, aged cookies, and a geolocation associated with your credit card for years and you're gonna be fine. Do things in the middle and expect some amount of false positives.