Disposable email addresses

18 views
Skip to first unread message

Ben Fairless

unread,
Sep 30, 2025, 7:43:18 PM9/30/25
to alavete...@googlegroups.com, alavet...@googlegroups.com
Hi everyone,

I’m wondering If anyone else is seeing an increase in the number of people making accounts using disposable email addresses?

In our case, every so often we will see a spike in the number of accounts made from a specific domain. Usually each Account will make a request or add an annotation. It feels like it’s the same person, however we can’t be 100% sure.

Would be great to understand how others are dealing with this issue (if at all).

Thanks,
Ben

Dylan Mordaunt

unread,
Jul 9, 2026, 4:43:40 AM (9 days ago) Jul 9
to Alaveteli Community
We see people using disposable addresses and pseudonyms in environments where people don't feel confident putting their name to the request. Sometimes it's about the individual or agency. I've not seen it as much in Australia, but I have in NZ where there are far less integrity protections (than most Aus jurisdictions).

Gareth Rees

unread,
Jul 9, 2026, 6:50:42 AM (9 days ago) Jul 9
to Alaveteli Community
Hey Ben,

Yes, so much so that we prohibited it in our house rules [1] and build a custom user check integration to detect and block them [2] due to various abuse (working around rate limits, masking single source of vexatious requests, inauthentic behaviour, etc).

It's worth noting that we consider there to be a difference between disposable email addresses (i.e. stops working after a period of time) and a relay address (e.g. Apple's hide my email). At least in its current form, Alaveteli requires a working email address in order to receive updates on your requests. For disposable addresses these updates won't get received, so there's a fairly strong case to make that the requester isn't interested in the response, therefore is submitting requests vexatiously (appreciate you could manually check the site every day, but this feels like an edge case). We're a bit more undecided on relay addresses as we understand the privacy benefits, but they essentially cause us similar problems.

We understand there are legitimate reasons for wanting to use them, but it's not something we can support given our current capacity.

At some point I'd like to look at making a policy distinction between signing up to make requests vs other site activities (tracking, submitting body updates, etc), requiring a higher level of trust for the former (real email address, stronger account security – that kind of thing), but we don't have any actual plans/funding so there's no timeline on that; just some ideas.


Best,

Gareth

Reply all
Reply to author
Forward
0 new messages