Great read. I also recently moved everything over from DO to Hetzner for https://tempmaildetector.com across different regions*, and greatly simplified the server infra in the process. The other added benefit is that the resources available on each server are so great in comparison to DO that there’s plenty of room to grow vertically before even taking into account the additional horizontal scaling we can use thanks to the load balancing in place.
So a big win win all round. So good to see European providers are finally having their moment.
* I wish there were even more available and not sold out regions across Europe.
+1 to running services on physical servers, OVH in my case. I'm really enjoying CI pushing to servers and having managed database provided by a 3rd party like Mongo Atlas.
Working away at https://TempMailDetector.com, a privacy focused disposable email detection API which only requires the domain part and not the user part of the email. The service is able to determine if a domain is likely a disposable email, a forwarding service, and actively crawls for new domains.
I used to use Google fonts a fair amount, but why do I need to download a font when my browser/os already have a reasonable amount of good ones? Engineer aesthetic/logic maybe?
I had to go digging for it again and I've now bookmarked it, but this website/repo has some nice examples: https://modernfontstacks.com/
> "We changed the name after World War II from the Department of War to the Department of Defense and … we haven't won a major war since," Hegseth said.
I appreciate your sentiment, and agree to a point. There’s a time and a place for both disposable email addresses as well as blocking apis.
Assume you offer a free trial with LLM capabilities. There’s a very real cost associated with multiple signup abuse. You can card capture or KYC, but now there’s more friction and greater loss of privacy.
I think it’s fairly clear from everyone’s comments that this is a card testing scheme. Now it’s how you respond to it that matters.
You’re essentially playing a game of cat and mouse. There’s 12 new domains added today for one provider for example [0].
Use a 3rd party api to block these (disclaimer, this is what I do) and keep layering your security. Note that I’ve seen an increase in gmail temporary email providers, so while many here will disagree, blocking plus emails and . emails is absolutely a valid tactic during this attack period.
I did expose some interesting stats which you can find here: https://tempmaildetector.com/temp-mail-market-share