Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
legitster 2 hours ago

I just did a signup on a brand new email address and was not able to recreate. No random spam emails reported. Just a normal verification email.

It's likely that the email the author received is pure coincidence. Especially if they are using a client that downloads emails in batches.

FWIW it looks like their validation email is sent by Customer.IO via Mailgun. Both have squeaky clean service agreements so it's unlikely they are shooting off the data to spammers.

Edit: No way! I did end up getting a random empty email. From a "Adventure-Meter Department" at bugbusterbrigade.com. The topic of the email was "Scents and Memory".

This is a really weird email. It's not a spam email, it's some sort of attempt at inbox testing. Perhaps it's an attempt to sniff out AI agents signing up for their service?

JdeBP an hour ago | parent | next [-]

Mailgun's validation API, presumably the underpinnings of Pangram's, returns more than a simple yes/no validity. My educated guess is that this is part of figuring out all of those extra fields.

* https://mailgun.com/products/validate/

* https://documentation.mailgun.com/docs/validate/oas/openapi-...

legitster an hour ago | parent [-]

This is a good bet, particularly this:

> Catch email addresses that have turned into honey pots

> Make smart decisions on who you should and shouldn’t send to using our risk score

Identifying honeypots is tricky business. Sending something that looks like obvious spam from random burner domains and seeing if it still gets delivered is not a bad way to do it.

mcv 33 minutes ago | parent [-]

Yeah, but any site that uses signup email addresses to send spam should be immediately blacklisted. Sending spam to potentially legitimate email addresses is a really bad idea and should destroy any credibility you may have had.

sandeepkd 28 minutes ago | parent | prev | next [-]

This seems like crossing a fine line of legal vs the right thing. More than likely Panagram Labs is just on one of the customers using a third party API to get validation on the email. This third party API is the one who is abusing this technique most likely using pixel tracking for email addresses they havent seen before.

Partly fun part is what Panagram here has done is to expose an endpoint for anyone to transitively use the email validation API in their product

garaetjjte 2 hours ago | parent | prev | next [-]

Maybe they don't do that for larger destination providers. But definitely no coincidences here. (in the post I replaced address with example.com because I'm curious if I will ever get other spam onto it, but here's another one unmodified)

  curl --request POST --data '{"email": "pangramdemo@milek7.pl"}' https://www.pangram.com/api/validate-email
https://milek7.pl/mailverifyspam/another.txt
EvanAnderson 2 hours ago | parent | prev | next [-]

I just tried with a new email at my domain. I'm excited to see what I get.

2 hours ago | parent | prev [-]
[deleted]