I’m failing to understand why ProtonMail email addresses are not supported for user account sign-up. Why is this this way? What’s your business justification? And do you support other secure email providers such as Hushmail or Tutanota?
hi there, we’re happy to speak to this. Unfortunately, we had to restrict access to our service for protonmail (and a few other email providers) some time ago (more than two years - it is not a recent change)
We found that, when we allow protonmail email addresses on our system, we experience an extreme uptick in accounts with spam, fraudulent activity, phishing, illegal (by US law) pornography, dmca violations, and things of that nature. The extent was so severe that our paying customers, search engine results, and legitimate business side of things were being negatively impacted. We understand that blocking an entire email provider is quite drastic, but it was the only way to mitigate the impact on our service.
I don’t have information on hand at this second as to which email providers are on our list of frequently abused services, so you might find that one of those providers you listed does work, but unfortunately protonmail does not and likely will not be unbanned as the security risk is simply too great.
I wish I had better news for you! If you have follow up q’s, I’d be happy to try and answer them.
The SSO issue still boils down to: “
Email domain @protonmail.com is not supported”.
We use an email address as a primary identifier for a user. When you use SSO for sign-on this still connects to a specific user and that user is still identified by an email address.
For Git host SSO (Bitbucket, GitLab, GitHub), if the email address which is primary at the Git hosting provider used is a ProtonMail email address, then you run into the same issue.
The solution for this is to use an email address which isn’t hosted there. If you make ProtonMail email address secondary at GitHub and make some other email address primary, the error above will not occur.
I am also highly dissapointed by this. We live in a fucked up world privacy wise, and think every decent company should do their best to protect the last privacy we have.
Protonmail is an awesome service, and it shouldn’t be blocked.
Hey @riekus - sorry to hear you don’t think we are a decent company, that’s a bummer to hear. That said, we just don’t have a way of separating the good from the bad when it comes to protonmail and other disposable email addresses I’m afraid - we were simply drowning under the deluge of porn, including illegal, objectionable, exploitative porn, warez, spam, phishing and other content we don’t want to host (which started absolutely wrecking our reputation as a reliable and, yes, decent provider of deployment services).
This isn’t something we can reverse, I’m afraid, and while I agree with you that privacy is important, we have to draw a line here. I’m sorry we don’t have better news!
I’m sorry, but this is a ludicrous response. “Uptick in spam and pornography”?
First, the biggest domain used for those is gmail.com, which you allow.
Second, the user’s email domain has nothing to do with how your site is used. if someone registers with a yahoo domain, there’s nothing stopping them from misusing your services.
Third, I just signed up to this forum using a protonmail.com address, and you allowed that. If you’re seriously worried about “spam” and “pornography”, you’d apply the same restrictions to your forum as well, which you’re not. That means you’re either very sloppy, or lying about your rationale. This leaves me to think you’re playing some weird game, because you have some axe to grind against Protonmail. Either way, I won’t be evaluating or recommending your service to anyone. Proton is an excellent mail host, better than any I’ve used so far.
Please, re-evaluate your rules, because you’re losing business. Your policies are nonsensical.
I believe @perry’s given all the official justification from Netlify’s (official) stance on the policy, but as a non-Netlify employee that’s not beholden to the ‘official policy’ — I get it. Netlify not supporting @protonmail.com email addresses does feel like a wide action. Banning an entire domain of public emails is not a small thing. But Netlify is a business and has every right to make its own business decisions around whatever it chooses. I very much doubt there’s any kind of ulterior motive (seriously? what ulterior motive would a website hosting company have in cutting off a segment of their potential clients?) and that the action resulted from legitimate pain and issues the company was feeling. Sure, maybe a lot of garbage emails come from gmail too. I don’t doubt it. But Netlify’s experience was Netlify’s experience and global email usage numbers don’t matter. They had a lot of bad sites open up when allowing Protonmail registrants. So they made the decision for their business to cut off a segment of their potential clients to protect their business based on what they saw. Netlify’s business choices are up to Netlify.
This forum runs on Discourse and almost certainly does have different logic running behind the registration process. Syncing the business-logic behind auth across two systems that run on entirely different platforms isn’t a walk in the park, and we haven’t seen (at least I haven’t) a correlation between Protonmail email addresses and spam / garbage in the forums. If we start seeing that, you bet that question will be raised.
If you really love Protonmail and want to support it (and avoid issues across the web; Netlify’s not the only one with a keen eye on that mail service…) use it behind a custom domain.
Thanks for sharing your thoughts with us. We appreciate folks taking time to share their opinions and feedback. Our team will have a conversation about this in the coming weeks. Should anything change on our end, we will follow up in this thread!
I wanted to let you both know that, largely due your comments in this topic, this policy has been changed and both sign-up and login from ProtonMail email addresses are allowed now.