Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Names to disallow #43
There are a lot of names we should probably disallow either because they have reserved meanings or because they pose an unusual phishing risk.
"admin"-ish usernames (phishing risk):
rfc2142 reserved email addresses (in case we ever support receiving e-mail as email@example.com):
Addresses that some SSL CAs will use to verify ownership (bold = non-repeat, italic = repeat listed earlier) (I swear I am not making these up):
other commonly-used email addresses:
things specific to us (phishing risk):
For hostnames -- these are great ideas for things to block. Thanks; I was planning to get to this, just wasn't sure what to specifically block.
For email addresses -- we'll be letting individual hosts (e.g.
Probably also worth blocking
The CAs are locking down what they let people use for domain validation; there's currently a thread on mozilla.dev.security.policy on the subject. Compliant CAs aren't allowed to use anything other than