Argh! noticed that all my links and bookmarklets 404! so that is what it was.
I had a bookmarklet that would generate an email, insert it into the current form and then open a window to mailinator so I can retrieve the confirmation email.
I also had other bookmarkets and links that I used for other things (I am much better at writing software for my own tasks than I am at publishing it)
If you used it in the same way I did, the old URL:
/maildir.jsp?email={{ email }}
is now
/inbox.jsp?to={{ email }}
there is no excuse to break URL's, you never know how people are using your product. Not everybody goes to the homepage, fills out a form and presses submit. The entire web can be used as an informal API.
Edit: I can confirm what Amadou says in reply, you can't directly access the mail page anymore. Even after updating URL's it still won't load, it is relying on a token. The way I used the app is now useless.
I don't think the answer to controlling abuse is killing your app for a lot of users
edit: but thanks for that post, I had missed it. It dramatically changes what Mailinator does and what it means. It is a complete shift in its mission. The in-memory and no logs email service is what originally attracted most users. Dealing with abuse is just part of what happens when you have such a service, ditto with running a Tor exit node.
Yes! Yet another person complaining about Bootstrap being uninspired.
With sites like Mailinator, I'm looking to get a task done and doing it quickly. If it lets me achieve my goal efficiently, I don't care if the aesthetics weren't designed from scratch with 100% hand written CSS or if someone is using stock glyphicons instead of hand drawn artwork by Mr.Ultra-Famous Designer.
> Yet another person complaining about Bootstrap being uninspired.
Quite the contrary. Not Bootstrap is "uninspired" but its users.
The old Mailinator had a characteristic, easily identifiable look and feel. Sites like the new Mailinator are a dime a dozen. A typical case of "disimprovement".
It isn't just a new URL, there is some javascript and cross-site scripting or something. The old mailinator was dead simple - no javascript, no cross-site includes, it just worked with all my security add-on settings like NoScript and RequestPolicy on maximum. Now it doesn't. The inbox just appears to be empty it says "Inbox for:" without a username even though the inbox.jsp?to=foo parameter is set in the URL.
This is a real kick in the gut for me, I've been a happy user for longer than I can remember and now I can't be a user.
When I read the blog entry about an update a month or two ago I figured the guy was smart enough not to fall into this trap of form over function. I've been reading his blog for years and he always struck me as imminently practical. But it looks like my faith was misplaced, he's gone and web2.0ified it when it really did not need it. I think this is the beginning of the end for mailinator.
That's weird. I had bookmarked a Mailinator inbox, and apart from doing the change from nikcub's comment, it's working perfectly. It says 'Inbox for: <whatever>' and it seems to work. Maybe it was a temporary bug? Remember Hanlon's razor :)
Edit: oh wow, I totally take that back. I have been banned for abuse for a whole day! I didn't do anything special but access that inbox from my bookmark a couple of times. Here is everything I can see on Mailinator now:
---
Rate Limiter Engaged !
Hi Friendly User!
Unfortunately, your request cannot be processed. Mailinator is committed to providing a valuable service to its users and at the same time, limit abuse of the system.
An automated rate-detection system triggered based on your usage. Please note - programmatic access to Mailinator is prohibited by our Terms of Service (for users that require high-speed programmatic access, please check-out Mailinator Pro which provides proper APIs for such access).
This is a temporary ban and should clear by tomorrow. Continued access attempts today could result in a more permanent ban (please don't do that).
I like fakemailgenerator. They have multiple domains, and incoming emails are shown almost immediately (very fast email servers and push notifications). http://www.fakemailgenerator.com/
Trashmail has an API, so good for various scripts.
If I remember correctly you don't have an inbox, you just forward X messages to another email address, where X by default is 2. After that the email is deleted.
I never understand why most sites that demand sign-up verification emails don't block Mailinator even though Mailinator is obviously well-known among web developers.
It's almost as if there's an unspoken agreement among the cognoscenti that if you're smart enough to use Mailinator, you get a free pass -- we won't force you to hand over a valid email address.
We thought about this for raygun.io. In the end, despite being a an error notication service at our core, we thought it was a bit of a dick move to try and hold off people who used mailinator.
Treat others how you want to be treated: If I wanted to use mailinator to sign up for a service I'd be miffed if they actively blocked it.
A lot of sites forbid the use of mailinator.com email addresses.
Which is completely useless since there are numerous aliases, and you can also point your own domain/subdomain to it and have your own mailinator inbox running on you@spam.mydomain.com
Disinformation, doesn't actually help, if you blacklist based on destination IP and MX entries. Using alternate domain won't help, unless you also run TCP proxy or forwarding SMTP server. Even using different IP and name with light TCP relay proxy, gets revealed during handshake.
Of course you can add alias to your own mailserver and domain(s) alias to your own mailbox or set forwarding to mailinator. Then it's quite hard to find out if messages are really sent to mailinator or your own real mailbox.
The only time I remember being blocked from using a mailinator email it was a client side regex form validation - using one of Mailinator’s "alternate domains" got around that.
I would suspect that a lot of companies are willing to add a JS regex to their form validator, but are not willing to add SMTP headers sniffing to their validator. That barrier means that much of the time a simple domain name change will work.
The GPs comment is not unhelpful, and certainly not "Disinformation". It just isn’t completely reliable. Sometimes it will work, sometimes it won’t depending on how motivated the author of the validation is.
1. Some users may provide a real email address instead of a throwaway Mailinator one. The owner of the site can then send email to that address (which might get read and result in money being spent) or sell the email address to some third party.
Now, someone who would prefer to give you a Mailinator email address probably isn't likely to buy whatever you're spamming them with, so the benefit is probably pretty small. But it might be nonzero. (And if you're selling your mailing list to advertisers, of course they won't know how many of the addresses are for people who will ignore their spam.)
2. Requiring a real email address (that takes some effort to acquire) makes the cost of abuse slightly higher. So if you're offering a service people might want to abuse, you may reduce the frequency of abuse a bit by forbidding throwaway email addresses.
I did understand point 1: but this type of block would illustrate that a primary concern is the ability to abuse my personal e-mail address.
Assuming a company doesn't have that intent, I don't think they should send that signal.
Point 2 regarding abuse in the other direction is more interesting, and a fair point, thanks.
In my experience, Mailinator addresses have only been used as a way to abuse our service or try to keep getting new trial accounts. Of course we have mechanisms to protect against that, but it's still a large amount of cruft we have to deal with and clean up after. The number of paying customers that use Mailinator or started with Mailinator and changed their address afterwards is zero.
Looks like it's based on Angular. Notice how the template code ({{email.from}} and {{email.subject}})flashes before the data models load on the inbox page.
Nice looking but the code is shit. They're using Angular but they're not doing angular stuff. They are basically using the controllers and doing jQuery shit in it. Unbelievable.
My point too, the text is very unreadable. On the homepage they have the green background and white text with some effects, you barely can read it before your eyes start to hurt.
It's a nice redesign, starting out. I especially like the cloud design up top. I'd just like to throw forward a few comments on it. Please take this as constructive, not as mean criticism.
* Design:
Unfortunately, it reeks of hip design gone too far - green text on a green background, grey text on a grey background, and amateurish construction. Removing the text-shadow alone from the alert boxes makes a big difference in readability.
* Structure:
The angularJS parts have already been addressed in another comment, but the most bizarre part is that there is minimal minification (.min.js versions of jquery & bootstrap, that's it - comments are still intact), no concatenation, and no gzip compression whatsoever.
I think it's easy to forget that jQuery alone is 90KB, bootstrap JS is 30KB, and bootstrap's CSS is ~125KB alone. The site is pretty simple; it could easily be trimmed down into something much faster. The use of jQuery is questionable, the use of bootstrap even more so considering how simple the layout is.
The pubsub module that pushes new inbox data is pretty great though.
* Content:
The content pages look great. The little transitions are nice. I like the new copy as well; it helps cement the point that this is not a serious security product and it should not be considered as such.
Overall, while it's a nice change, it may be a bit more flash than users are actually looking for. The massive assets package makes the actual email page huge - jQuery, Bootstrap, and Angular, just for such a simple page? Combined with web fonts, the total payload is well north of a half meg. Intro transition animations serve to make the perceived time to displayed content even longer.
A second pass with a proficient JS developer and a keen eye for readability would do a lot for this site.
The mini scroll down on pages like this http://mailinator.com/faq.html are like the 2013 version of blink.
Overall a nice clean design. The footer is unreadable though.
Great redesign! I've used mailinator for years but honestly the quality of the old site made it seem almost like a shady operation, like they might mine incoming emails for personal data or passwords. This looks much more professional.
That might be amusing, but having my IP address shared with third parties or knowing which jurisdiction the service operates under are serious matters for a lot of users.
Especially the type of users a service like Mailinator attracts.
Oh yeah, definitely don't trust them for anything sensitive at all. From their old FAQ:
> Q: So if the government issued a subpeona to Mailinator to divulge emails or logs, you'd rat me out?
> A: Holy crap, yes. I'm not going to jail for you, I have a boyish face and very (very) supple skin.
> At this point, Mailinator cooperates with law enforcement when reasonable to do so and at this point has received friendly subpeonas, emails, or calls from the FBI, IRS, Justice department, LAPD, and Scotland Yard.
Better to use a service that explicitly says this, rather than burying it on p47 in obscure legalese. If you want more privacy, use a different service.
I had a bookmarklet that would generate an email, insert it into the current form and then open a window to mailinator so I can retrieve the confirmation email.
I also had other bookmarkets and links that I used for other things (I am much better at writing software for my own tasks than I am at publishing it)
If you used it in the same way I did, the old URL:
is now there is no excuse to break URL's, you never know how people are using your product. Not everybody goes to the homepage, fills out a form and presses submit. The entire web can be used as an informal API.Edit: I can confirm what Amadou says in reply, you can't directly access the mail page anymore. Even after updating URL's it still won't load, it is relying on a token. The way I used the app is now useless.
I don't think the answer to controlling abuse is killing your app for a lot of users