hi guys so i am here begging ccp to remove the esi endpoint to send mail. while it does have some practical use (for example…sending mail to a client automatically when a contract is delivered) it is more than often not used for that.

so. what is it used for?

well, the most obvious is spam. make a new toon and tell me u don’t get like 5 automated messages inviting you to crap corps.

now sure…that isn’t much more than an inconvenience but let’s dig a little deeper. when an average user auths into an endpoint allowing someone to send mail they often forget of a very certain something.

by authing a program to send mail…you let them spend money on your behalf

that is done through CSPA charges. if I didn’t like someone in my alliance, for example, I could just empty their wallet.

so sure, we could just wait for that to happen and remedy the situation OR we could be proactive and do one of two things:

a) remove ability to send mail to CSPA protected characters AND require some sort of user interaction with the character before sending mail over esi (perhaps like accepting a contract); or
b) remove esi endpoint to send mail altogether because it’s useless

now yeah this is probably a controversial opinion but like let’s be honest. who here knew someone could empty your wallet just by granting the send mail esi thing on an auth.

p.s. my wallet was not emptied by means of this but I tested it out and it seems likely that someone could do it lol

anyway thanks for listening to my rant ima go take a dump

ily ccp (especially ccp Swift)

That does sound worrisome, but since IIRC CSPA is just sent to NPCs it should be relatively easy to revert and the joker who thought he was clever permabanned for violating the license agreement for third-party developers.

id rather not wait for ccp to figure that all out. they should be proactive about it and just remove the functionality to send cspa mail over esi. there is no legitimate need for it tbh.

at the very least they should put a warning at that scope saying that isk can be removed from your wallet with it.

if I was a noob and logged into see my wallet drained to “cspa” id be so confused.

I have never been spammed when creating a new account unless I chat in the starter corp chat or i fly through a trash system during the Chinese TZ

Idk, every time I make a market alt I get one even without chatting.

Try it lol.

Regardless, like I could just imagine CCP trying to revert everone’s accounts after a spai in test or goons or som just empties everyone’s wallets with this.

Don’t give api access to parties you don’t trust?

There is a reason you get to pick and choose what your willing to give a third party access to.

I’m regularly making alts. Never had this issue.

And if it’s do to automation why do you get a varied number?

You wouldn’t say “I get at least one” it would be I always get X amount of the same automated mail

You could submit a ticket and quickly let ccp figure it out

So, uh, here is the thing…you came here just to be argumentative. How do I know that? Well, you totally skimmed over the larger picture just to nit-pick my thread for issues you have with it. In the future, if you aren’t being constructive…don’t post.

To answer your concerns though:

  1. You can’t trust anyone in EVE. Directors have disbanded alliances, CEOs have robbed members, etc. Everything has happened. Who is to say that one of your alliance’s IT people doesn’t just get bored of the game and empty everyone’s wallets? At the least…the scope should come with some sort of warning.
  2. They are varied amounts because CCP does admittedly do ban waves. Those waves do make the amount fluctuate but the 6 or so toons I’ve created have all gotten at least two of the same mail within an hour of their creation. Same character, etc. Hell, one of the characters is named like ESIMAILER or something LOL. It is an issue with that kinda spam. Sending mail in mass like that should not be possible. I urge you to find one use case when someone will need to send like 50 mails consecutively over the ESI.

I mean, the whole point of this is automation right. A bad actor can just automate emptying the wallets of everyone in a coalition. The ramifications of that could be horrible even if CCP does eventually intervene (which would take ages as it could be thousands of toons).

For example, lets say a bad actor empties the wallets of everyone in a coalliton…then begins to reinforce a keepstar. How is that coalition supposed to buy ships, etc. while the keepstar is being reffed? It creates a huge issue.

Similar to my response to Geo…try to name one reason why the scope shouldn’t have some sort of warning on it at the very least OR why being able to send CSPA charges over the ESI are even needed.

Yet if you want to do anything significant you have to.

Welcome to what makes eve great

Again SUBMIT A TICKET. Ccp won’t do anything without tickets being sent

When was the last time they did anything without a mass wave of tickets?

I hate spam myself, but I’m reluctant to get rid of it without knowing whether or not it is bad for the game. On one hand, joining a corp is correlated with much higher player retention. On the other hand, I suspect some of these guys of being scam corps (i.e. they skim tax revenue while offering little to no value in return).

Oh, and btw, there are players (who send out no spam) who check and send evemails outside of game. So, I’m sure they wouldn’t be happy if the ESI endpoint was straight up removed.

Hey, aren’t you a member of SiCo? Do you have any thoughts on the recruitment spam?
No P2W

It’s not sico
Plus the ones sending spam end up in doomheim

The new player invite messages for LinkNet (the current name for the coalition that includes the Silent Company alliance) have certainly been helpful in getting new players to be aware of player corporations as a thing and get them engaged in the wider EVE community. Of course, these mass mails are only issued by specific recruiters and then players are listed as mailed so they don’t get a second message. That’s the right way to do it.

With regard to the original issue raised by the thread: most ESI perms don’t give any warnings. If players don’t know what a perm can do, they shouldn’t grant it. If a corp is demanding mail send access for their line members, that should be a red flag anyway - what corp really needs to send mail on behalf of their members? If it’s about contract completion have a central character that handles ALL of those on behalf of the corp, no individual accesses required.

1 Like

nobody agrees with me :pensive:

when someone exploits this and a whole coalition comes crying on this forum…mark my words…there will be salt.

Granting any ESI access is at-your-own-risk. Players shouldn’t do things they do not understand. If folks get fleeced because they handed over account powers without knowing what they could be used for, they deserve the lesson.

This is a harsh game full of scams and backstabbing. That’s EVE.

I mean seeing a default back to the mailing charges would probably solve any spam going out.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.