yfrog 'secret' email addresses are easy to figure out

ElCapitanAmerica6/02/2011 7:33:39 am PDT

OK, a little update.

Several people have reacted to this post with the following argument:

Guessing the yfrog email wouldn’t work because yfrog would lock down and disable the post by MMS/email feature as soon as it detected 3 failed emails for your twitter name.

Well, they could have done this and I didn’t try to flood my test accounts with dozens of invalid email addresses. However before this test, I did try to send *exactly* 3 invalid emails to my main twitter account. Then the 4th message (with the correct email address) worked.

I think it’s unfortunate that people are claiming this when they really didn’t try it. I’m pretty sure they wouldn’t do this for 3 failed attempts. Could they have been doing it for 4, 10, 50? Don’t know.

If they did do this however, then it could prove very annoying to legitimate users though. It would mean all I’d have to do to disable MMS posting is to flood an account with random words (with a few emails) and voila, I just locked you out.

I was also “challenged” by somebody on twitter to post an image to their account. First, I’d rather not, I would rather test on one of my own accounts. But more importantly, you can’t try this as of last night because the feature has been disabled.

These are the facts. If you have technical arguments to refute them, and can be backed up by evidence, please let me know but if you want to guess what yfrog does I can’t really help you much there.