Guerrilla Mail’s Sending feature – 1 year in retrospect
The email sending feature has been live for over a year now. Here is a blog post with some reflections thus far.
First, why was this feature introduced? The biggest motivation was because this was the most requested feature. Sometimes our users want to forward an email they have received. Sometimes they need to reply to an email that they received. Sometimes, they need to send a single email to someone, but they do not want to use their real email address.
Providing an email sending feature can be difficult. It opens up a can of worms, especially because of the potential for abuse.
How do we minimize abuse, including eliminate spammers from taking advantage?
1. CAPTCHA test. Users are required to type in the text they see in an image. This almost guarantees that the user is a real human, or at least spent some resources on the problem. (It’s a trade-off with usability, although Google’s reCaptcha usability has improved significantly the last few months)
2. Take the email through a spam filter before it is sent.
3. Aggregate the spam scores and also calculate the averages for each originating IP address. We have an automated banned IP list. This catches a lot of spammers. For the biggest spammers, we do not let them know that email was caught. This means spammers waste resources by filling out the form and solving CAPTCHAs.
4. Add the originating IP address to the email headers, to help the receiving back-end judge whenever the sent email is to be flagged as spam.
5. Do not allow to set a name for the “From” header to eliminate the possibility of impersonation or fake emails
6. Clearly mark the emails that they came from Guerrilla Mail in the signature.
7. Ability for receivers to report abuse and block all future email to their address.
Another issue that we have to deal with is the added anonymity that Guerrilla Mail provides. Guerrilla Mail does not require login or registration, and email is kept for only one hour. Although we still attach the sender’s IP address to each outgoing email, users could easily use Tor, VPN, or someone else’s Wi-Fi to mask their actual IP address.
Anonymity is not the goal of this service, rather an unintended feature. The goal of Guerrilla Mail is so that the user’s email address will not get collected by the receiver and avoid being added to some spam database. Anonymity can be an advantage. So why is anonymity an issue?
When we launched this service, we were worried that the added anonymity would attract abuse. Sure, anonymity on the internet can do a lot of good, such as whistle-blowing or provide a screen from persecution. Sometimes, anonymity can also bring out the undesirable traits of human nature, and that is what we were worried about. After a year of operating, we are glad to report that it has not been much of a problem, except for a very small minority who abuse the service.
Unfortunately abuse such as bullying or harassment is the dark side of human nature, and the written, non-verbal nature of internet communication can amplify or distort the interpretations of such messages. Bullying is not spam, it is sent by real people, and there’s no such thing as a ‘bully filter’, which makes these messages more difficult to filter.
We recommend that you:
1. Do not take these messages seriously.
2. Do not reply or show any response to such emails.
3. Use the blocking feature and block all email Guerrilla Mail. (This will report the email to us too)
Rule 2 is the most important. DO NOT REPLY. DO NOT REACT. If you do reply to the message, or make such a message public, then you will be giving the sender exactly what they want – a reaction.
As for the people who use our sending service, we ask them to be mindful of their actions, be forgiving and treat others in a respectful way.
I can’t read all that! Basically guerrillamail “COMPOSE” is crap! My emails are never sent: they never reach destination no matter how many times I try. (self-addressed) and no matter how many email providers I use. So why trick us like that, Bobo?
The system is still not yet perfect and sometimes catches genuine email as spam. It’s probable that your email was caught as spam by our filter. Sorry about that. When testing, try sending a real email with a few more sentences, so it doesn’t trigger the spam filter. We are looking at ways to eliminate the need for CAPTCHA and the spam filter in the future.