Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just as a heads up, Zillow will ban your account if you use zillow@domain for violating their terms. Happened to me in March 2021.


Yikes, I use service@domain quite often. I didn't give thought to this possibility.

I'm quite sure the reason will be that this service emails others on "your behalf" and probably does something like placing your email address in the "From" field or in the body of correspondence. I assume they are concerned about phishing or catfishing emails purporting to be from the service.

This doesn't appear to be an adequate solution to the problem.


Something like $(hex(hmac(secret_key, service)))@domain could solve that. It would also mean service can't pretend to be another-service@domain when spamming you.

Though who knows, maybe hex addresses will look fake / malicious and trigger a ban anyway.


Zomato refused to change my email to zomato@ (you need to create a support ticket). However, they agreed on otamoz@ (strrev(zomato)).


It's an email, not a "secret", something like 3 or 4 hex (or even better, base58) digits should be more than enough


Related but nowhere near as severe, Samsung prevents you from creating an account with the email address samsung@domain. It showed a generic error message so I couldn't figure out why I couldn't create an account until I tried using a different email address.


let isAdmin = email.local_part === "zillow"

We will fix this in our TOS


I may not be getting the joke, but is that code actually real?


Me thinks its a joke. But one has to wonder what why they block addresses with a specific name, did a lazy developer take a shortcut and use it to indicate admin rights? Testing/QA mode? Triggering extra logging?


Did this happen instantly? I just now created an account. So far nothing happened. Maybe this is a ploy to get people to sign up.


Not OP, but the terms state this under sec. 5: "BY USING THE SERVICES, YOU AGREE NOT TO: [...] use any of the Zillow Companies’ trademarks as part of your screen name or email address on the Services;"


Yeah, that's what they quoted me when I contacted customer service to figure out what happened.


That's just silly. Thank you for taking the time to read it.


No, I had the account for ages, then was randomly banned.


Interesting. Time to get back to l33tspeak?

It is much more readable to have z1ll0w@mydomain than hashes (that was suggested above).


I use it and haven’t been banned.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: