If you’re not aware Apple has a feature called hide my email, this allows you to make a fake email which you can send and receive from, but then easily create and delete.
Personally, I have used this for a ton of sites to prevent spam, but I just realised this is a major tool for spammers, in seconds they can make emails to sign up to services and easily create many alternate accounts to abuse with.
In addition to this it’s almost impossible to distinguish a legitimate Apple account to a hide my email account.
At the moment we’re considering blocking the iCloud domain, but this would be very unfortunate for those with genuine iCloud accounts, what do you think we should do?
Although the hidden email feature on iCloud can be used for good intentions, scammers can easily abuse it as it’s technically available to anybody who has payed for the subscription.
However, the same case goes for other hidden email tools, such as Firefox Relay (I made a post on it before), and several other sites.
Personally, I don’t think it’s worth blocking the iCloud domain, as it’s unlikely scammers will chose to use it in the first place because it’s a payed feature, compared to free email hiding tools on the internet. Apple has also invested a lot into the security of iCloud, which makes it even less likely for scammers to consider iClould email address hiding as their first choices.
I agree with this. There’s no real point to blocking iCloud as most spammers wouldn’t really want to go as far as to pay for iCloud+ to attack a small(ish) site.
I see. If that’s the case I would say blocking the iCloud domain would be a good move, maybe you can create a poll to get opinions from the community too.
