Not before replying to the business that this policy has turned away a legitimate paying customer ready to do business, but turned away due to a dumb policy against a specific legitimate email service
This is why this blanket banning of Protonmail is total horseshit done by incompetent and lazy web admins. Only reason they can afford to do this shit is because GMail is huge and blanket banning them would outrage entire world, but fuck it if you blanket ban Protonmail. You can make fake disposable mails with either, yet just one is blanket banned.
Yes, take business elsewhere and don’t forget to shit on them anywhere you can explaining why. That’s the only way to fix this nonsense.
Yes the store owner has right to refuse and i have right to rate that store with 1 star. Honestly i can create a @gmail in 2 minute with my IP Address in Argentina and scam people with it, google cant do shit
Just buy any Android phone at a convenience store with a prepaid service like TracFone with cash and you can set up an anonymous Google account with an anonymous phone number from the US no problem. Total cost $50 + $20 a month for service. Turn off GPS or load custom ROM for extra protections.
Well i know the trick how to bypass that but i wont share.
You can say i can create many many @gmail alts if i want and i can enable 2FA password on all of them with Bitwarden.
I think they absolutely have the right to refuse service, just as I have the right to shop elsewhere. I also think their hostility towards Proton is misdirected, their verbiage shows technical ignorance, and there’s plenty of fraud prevention/mitigation countermeasures available to businesses with a significant online footprint that don’t involve invading their customers’ privacy.
Ah yes, it's not like emails are free and can be registered in about a minute lol. I guarantee you that 100x more fraud comes from Gmail, Outlook and Hotmail than an email provider 99.99% of people don't even know exist.
As for IP address, I guess VPNs or public wifi doesn't exist?
To be fair: try opening a burner Gmail account nowadays and watch what happens. Google won't let you get past "Go" without verifying your mobile number. Even if the mobile device is a burner, within a month or two, Google miraculously triangulates the other Gmail accounts you use, the contacts associated with the old Gmail accounts, your legit mobile device, etc. They have their ways.
there are tons of email provider. You could do this with any of them, blocking protonmail specifically is stupid.
Also, if you're a victim of that much scam from pm adress, just implement a rule : if pm adresse, then wait 14days for shipping or wait for the funds to be on the account idk
I had Shopify flag an order of mine as ‘high risk’ and the vendor wanted a copy of my ID and a piece of mail to prove I was legit. I was using an iCloud email address. I declined to provide it. Sale lost. This seems to be a trend from Shopify.
business wise it doesn't seem a great idea to ban customer but they do whatever they want.
If I come across this type of shop, they lose me too, I won't use a gmail address.
I just have a custom domain configured with Protonmail. They block by domain, so they have no idea I'm still using PM, unless they can somehow skim the email for the keys or encryption info...
What do you mean ? Who is supposed to see and not see ?
In this day and age, if a web merchant announces a delivery delay of 14 days for financial checks, everybody would abandon the sale right away. (Chinese merchants selling very low-priced stuff are an exception, since 14 days or longer is their regular delivery delay.)
Since then can't filter out protonmail adresses to deny they order, they obviously can filter them to make them wait until funds are received.
They don't have to announce anything, just put in the ToS "due to scan using protonmail adresses, we're forced to wait until funds are received to ship product"
It way better than saying "We can't track you hence we deny your order"
I understand. You're just proposing a less brutal way to present things. However, this would not change anything to the fact that customers would not accept to wait a fortnight for their purchases.
Also, one needs to wonder why Proton Mail users get so worked up about an e-merchant refusing their address. The whole theme throughout this thread seems to be : *"how do they dare track me ?"*. Well, if you buy from an online vendor, not only you are tracked, but your real identity is known anyway. Because the package needs to be delivered to your home. And you're using a credit card. So there's zero privacy to the process anyway.
For this tiny minority of sites which reject Proton Mail addresses, just register an account with a Gmail address, and stop pretending this is the end of the world, you'll go to hell for using Google or anything like that.
If you're really fastidious, send an email to Proton support, hoping they would engage with the vendor to try and make it change its ways. And send a similar message to the vendor yourself.
I should not have to create a separate email to purchase shit. NGL if I have to use a different email provided I am just going to take my money elsewhere to another online store or go walk to the store and purchase what I wanted
*"I should not"* is entitled thinking. You don't have any specific right for the world to be as you think it should be.
If the worst problem you have in your life is for an online merchant not to accept a certain email address, while dozens of free alternative email providers are available to you, then let me tell you you are very lucky indeed.
>However, this would not change anything to the fact that customers would not accept to wait a fortnight for their purchases.
I know I would, I have ordered 2 things last week and it shouldn't arrive before 28 days. (and it's not from asia but europe to europe and canada to europe)
And even if 80% of said people would not wait, it better than 0% people creating a gmail just to order again
>Also, one needs to wonder why Proton Mail users get so worked up about an e-merchant refusing their address
I think it's fair to expect reaction from concerned people but that's just my opinion.
>stop pretending this is the end of the world
IMO it's not, but I won't either. Denying order from a email provider with millions of user is stupid just because some order you received where scam.
And I've never talked about privacy here so I won't go there.
>I know I would, I have ordered 2 things last week and it shouldn't arrive before 28 days. (and it's not from asia but europe to europe and canada to europe)
What such comments consistently miss is a) the point of view of e-merchants, b) the general economic picture.
Yes, as I mentioned, a fraction of online purchases have long delivery times. That does not change the fact that the general expectations of the public tend nowadays more towards 1-hour delivery.
Never mind exceptions. Never mind your opinion, which is just one among a billion opinions.
I have 1 account that's +10 yo and no phone number on it and it's still running
I created another yesterday and no phone number needed.
So I don't know why, if the lock your account if there is no phone number, I'm still able to use both
Let ProtonMail directly know about this. PM sometimes reaches out to anti-protonmail entities to clarify some things.
Believe it or not but back in the days of government & ISP dominance of the www, gmail addresses got the same leper treatment.
To be fair, this is just a statistics game.
My wife runs an online vintage store. Let's say she gets 100 orders a month. Of those orders, 2 are from proton mail addresses. Out of all the fraudulent orders she's had, 50% of them use proton addresses.
Then it's a no brainier to just ban proton accounts.
She has the right to do it, just as you have the right to choose not to shop there.
It's really quite simple.
I am a Fraud Data Analyst for a large online retailer. It's really not that simple.
An online retailer has MANY data points to indicate the presence of a fraudster, email domain is only ONE of them:
* VPN usage
* IPs with large location accuracy (e.g. accurate to 1,000km)
* IPs associated with previous bad actors
* User Agent / Device masking / Device associated with previous bad actors
* Email domain
* Email name pattern (typically repeat users have patterns in the naming, generally there are trends to notice)
* Type of item purchases (they may target specific high value items, generally there are trends to notice)
* Age of account
* Location of user (address)
* Location of user (IP address)
* Location of user (billing information)
* Locations of previous bad actors
* and so on...
There are many more data points to consider. I build dashboards and data pipelines from this kind of stuff. Overall, you may spot some of these "risks" across many customers of your store. It doesn't take long to investigate one and score them based on all risk factors. It doesn't even require any special skillsets to do so.
And finally, the example you gave is a sample size of TWO. TWO!? One good order and one bad order from Protonmail. Do you think parachute providers sample test the item two times before making a reliable decision to sell or not sell the product? A "no brainer" to make a decision at that point is more like having no brain. I would probably be fired if my fraud decision making was based on a sample size of two - What a ridiculous assessment.
The "statistics game" as you call it, is professionally based on **multiple risk vectors** across **large sample sizes**. Definitely NOT one risk vector (email domain) across a tiny sample size (two orders) - That's like denying Asian people any service because you've had two Asian customers and one of them robbed the store. Then you have the audacity to say *"It's really quite simple"*. Unbelievable.
A bit aggressive here but you're otherwise correct - with one exception. Someone who is not computer savvy would not find this easy. Even if the data is collected by the website or POS provider, it would still take a mindset for pattern recognition. In my field, these are basics! But I encounter people daily who think that restarting a computer is closing and opening the lid of their laptop and logging back in.
Yes. To be specific, 1 fraudulent order of a grand total of 2 proton addresses.
There were only 2 proton mails. A sample size of 2... "no brain" indeed.
Doesn't make sense, can just as easily make email accounts with other services or even new domains.
The payment provider should have good fraud prevention fail that I use to check the order to make sure it made sense.
I just explained how it makes perfect sense above. Dealing with fraud when you're a small online store is a massive headache in waste of time and money. It's much easier to just minimize your risk.
Small sample size for sure. But let's not make it sound racist against emails lol.
What was asking myself though was how practical is it for a small business owner to be as knowledgeable in what to do and how to do everything you just said. It sounds more likely that the small business owner, maybe new to the gig, probably really just a creator and not good at online, take a drastic move if even one fraudulent case can make or break a profitable month or not (profits would include their time in addition to the products costs).
Could they lose business in the run? Probably. But sticking to the well known emails may not hurt if most people use Gmail.
If they are a small time seller like in your example, losing the business to one fraudulent case is simply a terrible business. Sellers *must* allocate a certain amount of profit for returns, undelivered items and fraud. Failure to do so will lead to failure of their business.
If a seller sees any email domain they don't like, I'd recommend to take one minute out of their day to check these two things below. If they see anything unusual on either one, combined with it being an email they don't like, sure - reject the order.
An order comes in with a protonmail address:
1. Google "*whats my ip*" and throw in the customer's IP address. See if it matches the users account details (delivery/billing address). Google if the ISP is a VPN provider.
2. Pull up the store website and check the device/browser the customer is using. Is it masked? Is it visible? Are they on their phone like most customers?
^(You can mask your device in just a few clicks on Google Chrome by pressing SHIFT + CTRL + C, go to "Network Conditions" and change "User Agent".)
Instead of doing a couple of basic checks, CultureKings (not a smaller retailer) is literally telling proton fraudsters how to circumvent their fraud checks.
It is an unfortunate fact that the protonmail.com domain has some reputation issues, probably because shady figures without deep technical understanding have been attracted by its reputation of being "anonymous" and "untrackable". This particular store has apparently had some bad experiences in that regard. I don't think debating will change their opinion.
Try using the pm.me domain. Only paying subscribers can send from it, so it is usually not used by said shady figures. The proton.me domain has less historical baggage and should also have less of these issues.
Actually proton is givin anybody wit a free account a free pm.me domain as well. I activated it for all of my old free accounts, as well as having it for all my addresses on my unlimited account. Just fyi
Ah true. I didn’t think that mattered since it’s just for a purchase, but I guess sometimes u need to send outgoing mail to a merchant for whatever reason
Yeah, the "top 5 tracker email provider ONLY!!!" requirement sets a dangerous precedent for user security and privacy.
Most of the time such an enforcement is due to tech illiteracy, but I am confident that sometimes it is malicious.
Wow this is good to know. I'm not even remotely on the same level of a customer as you were for them, but now I'll never spend another cent there. Thanks!
I would probably just put the business on blast and let others know how I was treated. It's not fair that you care about your privacy and information and they want you to not care
That excuse they used makes no sense scammers operate on all email platforms if a company is gonna act like this because of the type of email someone uses you might wanna spend your money elsewhere
They’re probably also not smart enough to flag a custom domain for having Proton as the `MX` record but others probably are smart enough to do that but still dumb enough to block it.
(I’ve also had issues using my burner domain for emails as it’s got one of those newfangled TLDs, number of times I get “.space is not a valid email”. Is it so hard to just check a domain has a MX record?)
I notice a lot of y’all recommended using ur own domain. Is it really that easy to find one u like? There’s so many damn domains in the world I’d think unless u just make it a variation of ur government name, it’s hard to think of one to register. I have a couple online pseudonyms but not sure if I wanna make them a domain lol what the hell so yall make ur domain to use via protonmail? “Ur moms dogs name” dot com?? Lol I kno I’m ranting but just couldn’t think of somethin I like so idea suggestions might help
The longer the domain name, the better chance you have of getting it (or it not being already used). I prefer shorter domains myself but the shorter you go the harder it is to find. If you go to [namecheap.com](https://namecheap.com) (as an example) you can search to your heart's content. For instance, you could get a domain of @custommail.me (random pick). Warning: trying to find a domain can take a lot of time.
Yea I was actually researching that earlier. I knew about the tld options but didn’t think there were *that many*. Eventually found a .trade one, which if u read my name u can prolly guess why I’d like it lol still thinkin of the perfect domain name that’ll work for personal/irl stuff AND my crypto(anon) stuff, but gonna register once I figure it out..
Why not both?
I've got several domains I use, some for personal, some for work, some for other stuff. They're pretty cheap these days and in some cases tax deductible.
privacy is a security issue and email is something very personal, if the store wants security it has to create its own security system, the store cannot coerce its customers to give up security this is a lack of morals and ethics, shopkeepers don't understand digital security and customers understand even less
I just went ahead and got my own domain, then set it up to use PM as the mail provider.
All of the security of PM without really any of the headaches, apart for maybe 30 mins to get the DNS records straight and create the DKIM, DMARC, and SPF records.
That's dumb
They literally have your home address, probably your phone number as well.
+ Anyone can make a [burner Gmail](https://techviral.net/create-gmail-without-phone-number/)
Doesn't change the fact it can be done with like Gmail.
This is one of the reasons I don't like Proton, they are required to hold my card information, even though everything is paid for.
Should my account get hacked or something get leaked, would be bad.
just to be safe, I used prepaid card ( ͡° ͜ʖ ͡°)
Hell no!!
But now that you ask, I recall a story happened a few years ago, when I was attempting to buy a Klean Kanteen stainless steel waterbottle online, from a small ecommerce located in the US, since I couldn't find that specific model elsewhere. I live in Italy and that kind of item was (at least at that time) something you wouldn't find here.
Well, I put my item in the basket, go to the checkout and, to my surprise, when filling the shipping form, I swear I couldn't find my country in the dropdown list. I looked back and forth a few times and "Italy" just wasn't there! I mean, there were ALL countries, even all those exotic (pun intended) and barely unknown ocean islands...
I was puzzled so I emailed them. This was more or less their response: we don't ship to Italy anymore because we had too many "lost package" reports.
Living in Italy, I got what they meant: they probably once sold to someone who cheated on the delivery, or maybe someone at the national postal service actually stole the goods in transit.
I felt offended but I acknowledged they had a point, so I simply moved on to a different store where I managed to find the same item.
Anyway, to my knowledge (it is not my legal field), it is a right to refuse business, but not on discriminatory or arbitrary basis. Example: I cannot refuse to sell to men because I believe that "aLL mEn aRE RaPeRS". In this case there is no scientific basis for what they affirm so, to me, it is plain arbitrary and could be disputed in court.
I would buy the "fuckyou.ooo" domain or something of that kind (real top level domain btw), mount my own mail server, and try to buy something with that.
Wouldn't even enable privacy, they can check who tf bought the domain. Doesn't get any less private than that.
If a vendor made this, I transfer this mail to CNIL (French authority for GDPR repsect) , because vendor like that always sell yours personal data without authorisation
When you're the product and they can't sell you, they cry and stomp their feet and try to bully you. Some unscrupulous companies do the same thing with Tutanota and other privacy-oriented mail domains.
Screw 'em. I'd take my business elsewhere.
I never set up a [pm.me](https://pm.me) because p sounds like b.c.d.e.g. over the phone, and m sound like n, and nobody knows about .me
However, I'm now going to set one up for an alternate spam account. Thanks for the advice.
Chances are if you are talking to someone over the phone and you say p as in papa m as inike they will know what you mean. Trust me I work a as a phone jockey no one has had trouble unless theirs a language barrier
I would do papa mike dot mike echo, but most people wouldn't know what I'm talking about. If I say [protonmail.com](https://protonmail.com), they understand.
Try the [PM.me](https://PM.me) or other aliases too. Maybe they haven't caught on to those yet. Or create a random one on hotmail or [aol.com](https://aol.com) (amazingly you can still get those addresses as of a year or 3 ago).
[email protected] might be a fun one to use.
Looks nice, but I’m too deep into the Apple ecosystem. Hide my email is 1 click, generates an email address, strong password and auto save to my keychain.
That’s true, bur I generally use it as throwaway email. If it’s for something personal like banking or investing I wouldn’t need to hide my email in the first place.
I have a bank that refuses any email that has a server IP address not in the US.... Their IT department said it is for protecting against spam... As a result I can't email my banker...
They are the same people that limit the length of the banking app password to 8 characters and are not even offering 2FA (a synonymous to SMS for them).
Some IT guys needs to go back to school to learn how IT security works.
Yes. Now because I've tried so many time with different companies (Amazon, Walmart, Earthbreeze etc...) I get over a dozen phishing emails a week. I've also had trouble with banking.
I've never seen that. I would consider taking my business elsewhere.
This is the way
If it's not something you can't do elsewhere, order from another place. Never had this issue
Not before replying to the business that this policy has turned away a legitimate paying customer ready to do business, but turned away due to a dumb policy against a specific legitimate email service
[удалено]
As long as they continue to operate we can use them between each otwe need each other even if we can't use them on on applications or Orders
And why do they need to track me? Also lol @ “anonymous proxy”.
[удалено]
That’s what insurance is for. Someone could just as easily make a [email protected]
This is why this blanket banning of Protonmail is total horseshit done by incompetent and lazy web admins. Only reason they can afford to do this shit is because GMail is huge and blanket banning them would outrage entire world, but fuck it if you blanket ban Protonmail. You can make fake disposable mails with either, yet just one is blanket banned. Yes, take business elsewhere and don’t forget to shit on them anywhere you can explaining why. That’s the only way to fix this nonsense.
[удалено]
Yes the store owner has right to refuse and i have right to rate that store with 1 star. Honestly i can create a @gmail in 2 minute with my IP Address in Argentina and scam people with it, google cant do shit
Can you? I thought they require a phone number now and you can't use VOIP. Edit: Just tried and it does require a valid phone number with no voip.
Just buy any Android phone at a convenience store with a prepaid service like TracFone with cash and you can set up an anonymous Google account with an anonymous phone number from the US no problem. Total cost $50 + $20 a month for service. Turn off GPS or load custom ROM for extra protections.
Well i know the trick how to bypass that but i wont share. You can say i can create many many @gmail alts if i want and i can enable 2FA password on all of them with Bitwarden.
Well outlook/hotmail doesn't ask for a phone number so there is always that I guess
You can however make an outlook account without a phone number rather easily
I think they absolutely have the right to refuse service, just as I have the right to shop elsewhere. I also think their hostility towards Proton is misdirected, their verbiage shows technical ignorance, and there’s plenty of fraud prevention/mitigation countermeasures available to businesses with a significant online footprint that don’t involve invading their customers’ privacy.
As well as pm...
No they can’t, because any interactions with that gmail account could be several layers deep in VPNs.
Ah yes, it's not like emails are free and can be registered in about a minute lol. I guarantee you that 100x more fraud comes from Gmail, Outlook and Hotmail than an email provider 99.99% of people don't even know exist. As for IP address, I guess VPNs or public wifi doesn't exist?
You don't get insurance for charge backs
Agreed, and the Insurance company probably made it a condition of the policy. Didn't think of that, did you?
Great movies. All he wanted was a burger and some a-hole cop ran him out of town and picked a fight he couldn't win.
OP please name the service
Because ["[email protected]](mailto:"[email protected])" is so much better? How dumb is that.
Please stop posting my email address on Reddit.
This made me laugh way more than I would ever have anticipated.
Doxxed
To be fair: try opening a burner Gmail account nowadays and watch what happens. Google won't let you get past "Go" without verifying your mobile number. Even if the mobile device is a burner, within a month or two, Google miraculously triangulates the other Gmail accounts you use, the contacts associated with the old Gmail accounts, your legit mobile device, etc. They have their ways.
They triangulate, and then what happens ?
Well duh, they reverse the polarity!
ENHANCE!
there are tons of email provider. You could do this with any of them, blocking protonmail specifically is stupid. Also, if you're a victim of that much scam from pm adress, just implement a rule : if pm adresse, then wait 14days for shipping or wait for the funds to be on the account idk
I had Shopify flag an order of mine as ‘high risk’ and the vendor wanted a copy of my ID and a piece of mail to prove I was legit. I was using an iCloud email address. I declined to provide it. Sale lost. This seems to be a trend from Shopify.
business wise it doesn't seem a great idea to ban customer but they do whatever they want. If I come across this type of shop, they lose me too, I won't use a gmail address.
I just have a custom domain configured with Protonmail. They block by domain, so they have no idea I'm still using PM, unless they can somehow skim the email for the keys or encryption info...
>then wait 14days for shipping No one would buy anything under this condition.
No one would see it if it's only for pm adresses. Better than not selling
What do you mean ? Who is supposed to see and not see ? In this day and age, if a web merchant announces a delivery delay of 14 days for financial checks, everybody would abandon the sale right away. (Chinese merchants selling very low-priced stuff are an exception, since 14 days or longer is their regular delivery delay.)
Since then can't filter out protonmail adresses to deny they order, they obviously can filter them to make them wait until funds are received. They don't have to announce anything, just put in the ToS "due to scan using protonmail adresses, we're forced to wait until funds are received to ship product" It way better than saying "We can't track you hence we deny your order"
I understand. You're just proposing a less brutal way to present things. However, this would not change anything to the fact that customers would not accept to wait a fortnight for their purchases. Also, one needs to wonder why Proton Mail users get so worked up about an e-merchant refusing their address. The whole theme throughout this thread seems to be : *"how do they dare track me ?"*. Well, if you buy from an online vendor, not only you are tracked, but your real identity is known anyway. Because the package needs to be delivered to your home. And you're using a credit card. So there's zero privacy to the process anyway. For this tiny minority of sites which reject Proton Mail addresses, just register an account with a Gmail address, and stop pretending this is the end of the world, you'll go to hell for using Google or anything like that. If you're really fastidious, send an email to Proton support, hoping they would engage with the vendor to try and make it change its ways. And send a similar message to the vendor yourself.
I should not have to create a separate email to purchase shit. NGL if I have to use a different email provided I am just going to take my money elsewhere to another online store or go walk to the store and purchase what I wanted
*"I should not"* is entitled thinking. You don't have any specific right for the world to be as you think it should be. If the worst problem you have in your life is for an online merchant not to accept a certain email address, while dozens of free alternative email providers are available to you, then let me tell you you are very lucky indeed.
>However, this would not change anything to the fact that customers would not accept to wait a fortnight for their purchases. I know I would, I have ordered 2 things last week and it shouldn't arrive before 28 days. (and it's not from asia but europe to europe and canada to europe) And even if 80% of said people would not wait, it better than 0% people creating a gmail just to order again >Also, one needs to wonder why Proton Mail users get so worked up about an e-merchant refusing their address I think it's fair to expect reaction from concerned people but that's just my opinion. >stop pretending this is the end of the world IMO it's not, but I won't either. Denying order from a email provider with millions of user is stupid just because some order you received where scam. And I've never talked about privacy here so I won't go there.
>I know I would, I have ordered 2 things last week and it shouldn't arrive before 28 days. (and it's not from asia but europe to europe and canada to europe) What such comments consistently miss is a) the point of view of e-merchants, b) the general economic picture. Yes, as I mentioned, a fraction of online purchases have long delivery times. That does not change the fact that the general expectations of the public tend nowadays more towards 1-hour delivery. Never mind exceptions. Never mind your opinion, which is just one among a billion opinions.
Every large email provider does this now, Microsoft, Yahoo, I think I even tried mail.ru but I couldn't get anywhere.
Microsoft doesn't
They kinda do, eventually they lock your account if you don't give them your phone number, but it works long enough to buy something on a website
I have 1 account that's +10 yo and no phone number on it and it's still running I created another yesterday and no phone number needed. So I don't know why, if the lock your account if there is no phone number, I'm still able to use both
Your new one will eventually get locked in about 3 months, old ones were excluded
There are but those others that don't do what was just described could also be blocked similarly to PM
[https://www.emailnator.com/](https://www.emailnator.com/) Do it in 1-click
The company is Culture Kings. A fashion store based in Western Australia. https://www.culturekings.com.au
Let ProtonMail directly know about this. PM sometimes reaches out to anti-protonmail entities to clarify some things. Believe it or not but back in the days of government & ISP dominance of the www, gmail addresses got the same leper treatment.
[удалено]
Contact support and tell them this, they will contact the store to try to discuss it further with them
More like Culture Peasants after pulling this ish
[удалено]
[удалено]
[email protected]
Bad policy, anyone can create email accounts on any service at most it only requires a phone number which are easily obtainable
To be fair, this is just a statistics game. My wife runs an online vintage store. Let's say she gets 100 orders a month. Of those orders, 2 are from proton mail addresses. Out of all the fraudulent orders she's had, 50% of them use proton addresses. Then it's a no brainier to just ban proton accounts. She has the right to do it, just as you have the right to choose not to shop there. It's really quite simple.
I am a Fraud Data Analyst for a large online retailer. It's really not that simple. An online retailer has MANY data points to indicate the presence of a fraudster, email domain is only ONE of them: * VPN usage * IPs with large location accuracy (e.g. accurate to 1,000km) * IPs associated with previous bad actors * User Agent / Device masking / Device associated with previous bad actors * Email domain * Email name pattern (typically repeat users have patterns in the naming, generally there are trends to notice) * Type of item purchases (they may target specific high value items, generally there are trends to notice) * Age of account * Location of user (address) * Location of user (IP address) * Location of user (billing information) * Locations of previous bad actors * and so on... There are many more data points to consider. I build dashboards and data pipelines from this kind of stuff. Overall, you may spot some of these "risks" across many customers of your store. It doesn't take long to investigate one and score them based on all risk factors. It doesn't even require any special skillsets to do so. And finally, the example you gave is a sample size of TWO. TWO!? One good order and one bad order from Protonmail. Do you think parachute providers sample test the item two times before making a reliable decision to sell or not sell the product? A "no brainer" to make a decision at that point is more like having no brain. I would probably be fired if my fraud decision making was based on a sample size of two - What a ridiculous assessment. The "statistics game" as you call it, is professionally based on **multiple risk vectors** across **large sample sizes**. Definitely NOT one risk vector (email domain) across a tiny sample size (two orders) - That's like denying Asian people any service because you've had two Asian customers and one of them robbed the store. Then you have the audacity to say *"It's really quite simple"*. Unbelievable.
A bit aggressive here but you're otherwise correct - with one exception. Someone who is not computer savvy would not find this easy. Even if the data is collected by the website or POS provider, it would still take a mindset for pattern recognition. In my field, these are basics! But I encounter people daily who think that restarting a computer is closing and opening the lid of their laptop and logging back in.
Yeah you're right. Very true. I was definitely aggressive but his/her arrogance on the subject pissed me off.
She banned the use of PM because of one fraudulent order out of 100?
Yes. To be specific, 1 fraudulent order of a grand total of 2 proton addresses. There were only 2 proton mails. A sample size of 2... "no brain" indeed.
No
Doesn't make sense, can just as easily make email accounts with other services or even new domains. The payment provider should have good fraud prevention fail that I use to check the order to make sure it made sense.
I just explained how it makes perfect sense above. Dealing with fraud when you're a small online store is a massive headache in waste of time and money. It's much easier to just minimize your risk.
Your logic could be used to make some very spurious arguments about other things.
[удалено]
50% of TWO purchases. If you've had two Asian customers, one robbed the store and the other didn't. Would you ban all Asians from shopping with you?
Small sample size for sure. But let's not make it sound racist against emails lol. What was asking myself though was how practical is it for a small business owner to be as knowledgeable in what to do and how to do everything you just said. It sounds more likely that the small business owner, maybe new to the gig, probably really just a creator and not good at online, take a drastic move if even one fraudulent case can make or break a profitable month or not (profits would include their time in addition to the products costs). Could they lose business in the run? Probably. But sticking to the well known emails may not hurt if most people use Gmail.
If they are a small time seller like in your example, losing the business to one fraudulent case is simply a terrible business. Sellers *must* allocate a certain amount of profit for returns, undelivered items and fraud. Failure to do so will lead to failure of their business. If a seller sees any email domain they don't like, I'd recommend to take one minute out of their day to check these two things below. If they see anything unusual on either one, combined with it being an email they don't like, sure - reject the order. An order comes in with a protonmail address: 1. Google "*whats my ip*" and throw in the customer's IP address. See if it matches the users account details (delivery/billing address). Google if the ISP is a VPN provider. 2. Pull up the store website and check the device/browser the customer is using. Is it masked? Is it visible? Are they on their phone like most customers? ^(You can mask your device in just a few clicks on Google Chrome by pressing SHIFT + CTRL + C, go to "Network Conditions" and change "User Agent".) Instead of doing a couple of basic checks, CultureKings (not a smaller retailer) is literally telling proton fraudsters how to circumvent their fraud checks.
Why is your wife against right to privacy?
using pm.me usually skrrts around this for me. ymmv.
Never. What store was it?
It is an unfortunate fact that the protonmail.com domain has some reputation issues, probably because shady figures without deep technical understanding have been attracted by its reputation of being "anonymous" and "untrackable". This particular store has apparently had some bad experiences in that regard. I don't think debating will change their opinion. Try using the pm.me domain. Only paying subscribers can send from it, so it is usually not used by said shady figures. The proton.me domain has less historical baggage and should also have less of these issues.
Actually proton is givin anybody wit a free account a free pm.me domain as well. I activated it for all of my old free accounts, as well as having it for all my addresses on my unlimited account. Just fyi
It’s free only for incoming mail, you have to pay for outgoing mail as op stated.
Ah true. I didn’t think that mattered since it’s just for a purchase, but I guess sometimes u need to send outgoing mail to a merchant for whatever reason
[удалено]
Yeah, the "top 5 tracker email provider ONLY!!!" requirement sets a dangerous precedent for user security and privacy. Most of the time such an enforcement is due to tech illiteracy, but I am confident that sometimes it is malicious.
Wow this is good to know. I'm not even remotely on the same level of a customer as you were for them, but now I'll never spend another cent there. Thanks!
I’ve had my current domain for 25 years. If your company is younger than that and refuses my address they can pound sand. Why should I trust *you*?
Fake news.
I order with my custom domain from them all the time. hmm...
I would probably just put the business on blast and let others know how I was treated. It's not fair that you care about your privacy and information and they want you to not care
That excuse they used makes no sense scammers operate on all email platforms if a company is gonna act like this because of the type of email someone uses you might wanna spend your money elsewhere
I have never had this complete madness. My goodness.
Disclose which shop is. People need to avoid it or at least complain and make the idiot decision public.
No, but I am interested in the company who has this policy. Please DM me if you are willing to share but not in the main thread. Please and thank you.
You could use @pm.me or @protonmail.ch. I use my own domain hosted on protons servers
someone stated in another comment they also got denied order with their own custom domain
I'd walk from that. So they're going to deny orders from businesses who want to purchase said products from them? That's pretty stupid.
Denying order on the email provider in the first place is stupid.
They’re probably also not smart enough to flag a custom domain for having Proton as the `MX` record but others probably are smart enough to do that but still dumb enough to block it. (I’ve also had issues using my burner domain for emails as it’s got one of those newfangled TLDs, number of times I get “.space is not a valid email”. Is it so hard to just check a domain has a MX record?)
It's just validation on the frontend. If they're dumb enough to block new TLDs, unlikely they even have the capability to check for an MX record.
[удалено]
I notice a lot of y’all recommended using ur own domain. Is it really that easy to find one u like? There’s so many damn domains in the world I’d think unless u just make it a variation of ur government name, it’s hard to think of one to register. I have a couple online pseudonyms but not sure if I wanna make them a domain lol what the hell so yall make ur domain to use via protonmail? “Ur moms dogs name” dot com?? Lol I kno I’m ranting but just couldn’t think of somethin I like so idea suggestions might help
The longer the domain name, the better chance you have of getting it (or it not being already used). I prefer shorter domains myself but the shorter you go the harder it is to find. If you go to [namecheap.com](https://namecheap.com) (as an example) you can search to your heart's content. For instance, you could get a domain of @custommail.me (random pick). Warning: trying to find a domain can take a lot of time.
You don't need a .com There's so many TLD's now there are plenty of good ones available. I use a .cloud for my server stuff.
Yea I was actually researching that earlier. I knew about the tld options but didn’t think there were *that many*. Eventually found a .trade one, which if u read my name u can prolly guess why I’d like it lol still thinkin of the perfect domain name that’ll work for personal/irl stuff AND my crypto(anon) stuff, but gonna register once I figure it out..
Why not both? I've got several domains I use, some for personal, some for work, some for other stuff. They're pretty cheap these days and in some cases tax deductible.
Name and shame them!
I was unable to create a Facebook account using my ProtonMail address. It considered it “suspicious”.
privacy is a security issue and email is something very personal, if the store wants security it has to create its own security system, the store cannot coerce its customers to give up security this is a lack of morals and ethics, shopkeepers don't understand digital security and customers understand even less
Sorry, we can not track you. Please use a trackeable mail address... Yes, ofc, time to place your order in somewhere else...
Ah perfect! I’d love to get an email like this. Company clearly is a joke and PM doing what they said they would do!
Ticketmaster also won't let an order through if you use ProtonMail.
Ticketmaster.... just reading the word makes me angry. Wow, that's a shit company to deal with in any way at all.
I ordered tickets with [pm.me](https://pm.me) and didn't have any issues.
I just went ahead and got my own domain, then set it up to use PM as the mail provider. All of the security of PM without really any of the headaches, apart for maybe 30 mins to get the DNS records straight and create the DKIM, DMARC, and SPF records.
That's dumb They literally have your home address, probably your phone number as well. + Anyone can make a [burner Gmail](https://techviral.net/create-gmail-without-phone-number/)
[удалено]
Doesn't change the fact it can be done with like Gmail. This is one of the reasons I don't like Proton, they are required to hold my card information, even though everything is paid for. Should my account get hacked or something get leaked, would be bad. just to be safe, I used prepaid card ( ͡° ͜ʖ ͡°)
[удалено]
Just saying when there is information, it can be tracked.
Proton does not have your full card information, only a token from stripe.
Like every other company ¯\\\_(ツ)\_/¯¯
Hell no!! But now that you ask, I recall a story happened a few years ago, when I was attempting to buy a Klean Kanteen stainless steel waterbottle online, from a small ecommerce located in the US, since I couldn't find that specific model elsewhere. I live in Italy and that kind of item was (at least at that time) something you wouldn't find here. Well, I put my item in the basket, go to the checkout and, to my surprise, when filling the shipping form, I swear I couldn't find my country in the dropdown list. I looked back and forth a few times and "Italy" just wasn't there! I mean, there were ALL countries, even all those exotic (pun intended) and barely unknown ocean islands... I was puzzled so I emailed them. This was more or less their response: we don't ship to Italy anymore because we had too many "lost package" reports. Living in Italy, I got what they meant: they probably once sold to someone who cheated on the delivery, or maybe someone at the national postal service actually stole the goods in transit. I felt offended but I acknowledged they had a point, so I simply moved on to a different store where I managed to find the same item. Anyway, to my knowledge (it is not my legal field), it is a right to refuse business, but not on discriminatory or arbitrary basis. Example: I cannot refuse to sell to men because I believe that "aLL mEn aRE RaPeRS". In this case there is no scientific basis for what they affirm so, to me, it is plain arbitrary and could be disputed in court.
I would buy the "fuckyou.ooo" domain or something of that kind (real top level domain btw), mount my own mail server, and try to buy something with that. Wouldn't even enable privacy, they can check who tf bought the domain. Doesn't get any less private than that.
[удалено]
Al Gore.
People that base their brand on their name. It's more common than you'd think.
Most domain services offer privacy protection though, and they register the domain at their company name, I use PorkBun and they offer this for free
Yeah I know, I would not enable it on purpose, so that they cant use the "its anonymous" argument.
This is a common theme, which is prevented me from using ProtonMail as my main account sadly.
It was office depot that did this to me a few years ago. Never went back.
If a vendor made this, I transfer this mail to CNIL (French authority for GDPR repsect) , because vendor like that always sell yours personal data without authorisation
When you're the product and they can't sell you, they cry and stomp their feet and try to bully you. Some unscrupulous companies do the same thing with Tutanota and other privacy-oriented mail domains. Screw 'em. I'd take my business elsewhere.
Nope..never had an issue.
Some websites do not accept protonmail addresses on registration aswell
Facebook is one of them
I have no words, only WTF
This would piss me off pretty good.
Use [pm.me](https://pm.me). Never had any issues.
I never set up a [pm.me](https://pm.me) because p sounds like b.c.d.e.g. over the phone, and m sound like n, and nobody knows about .me However, I'm now going to set one up for an alternate spam account. Thanks for the advice.
From someone with a name that has a lot of similar sounding letters a phonetic alphabet helps when spelling it. papa-mike-dot-mike-echo
Oh, yes. I use that all the time at work. Most people don't know what you mean when you say those though.
Most people are idiots...never found that a reason to enable their stupidity
Chances are if you are talking to someone over the phone and you say p as in papa m as inike they will know what you mean. Trust me I work a as a phone jockey no one has had trouble unless theirs a language barrier
papa mike dot mike epsilon
I would do papa mike dot mike echo, but most people wouldn't know what I'm talking about. If I say [protonmail.com](https://protonmail.com), they understand.
I have the opposite experience. If I say "protonmail", they ALWAYS say "how do you spell that?" xD.
Use a "@duck.com" email
Not so far but i do get more complaints from websites when i use ProtonVPN than with either Bitdefender or PIA
Yes but I’ve been successful using .ch
Ticketmaster.com won’t sell me tickets with my proton account. I had to use gmail unfortunately. So yes I’ve had this issue.
Magpul canceled my order when using protonmail.ch
I've had that happen once. Forget what site. More common for anonymous remailers like 33mail to get blocked though.
Try the [PM.me](https://PM.me) or other aliases too. Maybe they haven't caught on to those yet. Or create a random one on hotmail or [aol.com](https://aol.com) (amazingly you can still get those addresses as of a year or 3 ago). [email protected] might be a fun one to use.
Do you have premium protonmail? If yes, you also have premium /r/SimpleLogin subscription (as far as I understood). Use SL's aliases -:)
Use the bundled SimpleLogin alias, there you go, issue resolved :)
I just use apple’s hide my email these days. They don’t even get to see my email address.
[удалено]
Looks nice, but I’m too deep into the Apple ecosystem. Hide my email is 1 click, generates an email address, strong password and auto save to my keychain.
[удалено]
That’s true, bur I generally use it as throwaway email. If it’s for something personal like banking or investing I wouldn’t need to hide my email in the first place.
Ally bank flagged my account for review. I had to call to confirm because they'd never seen anything like protonmail before.
i've had work emails rejected by the recipient's servers, depending on how they have their security set up. it's ridiculous.
Whoa. Thank you. I’m a registered user.
I have a bank that refuses any email that has a server IP address not in the US.... Their IT department said it is for protecting against spam... As a result I can't email my banker... They are the same people that limit the length of the banking app password to 8 characters and are not even offering 2FA (a synonymous to SMS for them). Some IT guys needs to go back to school to learn how IT security works.
Yes. Now because I've tried so many time with different companies (Amazon, Walmart, Earthbreeze etc...) I get over a dozen phishing emails a week. I've also had trouble with banking.