Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you deliver email to a customer and you notice that it bounces, any account security flows requiring access to that email should be disabled. Additionally, you should never show the full email address or phone number that is being used for an auth challenge. Nonetheless, those defenses will eventually be compromised.

Beyond that, it is not a company problem IMO. One of the most common uses for custom domains is custom email addresses. If a website prevented me from using it, as you propose, I would be flabbergasted.



I think you underestimate how often there are intermittent mail delivery failures, especially for custom domains.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: