Prohibiting inbox.ru email domain registrations
A recent spam campaign against PyPI has prompted an administrative action, preventing using the inbox.ru email domain. This includes new registrations as well as adding as additional addresses.
The campaign created over 250 new user accounts, publishing over 1,500 new projects on PyPI, leading to end-user confusion, abuse of resources, and potential security issues.
All relevant projects have been removed from PyPI, and accounts have been disabled.
Background
Users are welcome to use any valid email address to register a new account, however this delegates some of the responsibility of account security to the email provider.
PyPI uses the disposable-email-domains list to prevent new registrations using disposable email addresses, and PyPI maintains its own internal block list, updated by PyPI Admins in response to discovering abuse.
See a previous post for a previous case of prohibiting a popular email domain provider.
Timeline
Here's a timeline of the events I was able to put together
... continue reading