Isn it easy to bypass Kiwi by not including an encrypted cookie?
One commonly asked question is if it is possible to bypass Kiwi by simply striping out the cookie from a email address generated by Kiwi. Bypassing Kiwi is not this simple. Kiwi rejects emails without a valid cookie. The one exception is a “password” email address that one can give to their friends. This can be illustrated with an example. Supposing that one’s email address is in the form: name+cookie@domain.com mail sent to name@domain.com will be discarded. One who wishes to send you mail without knowing a valid cookie will have to know your password. If they know your password, they will send mail to an email address in the form: name+password@domain.com Why does Kiwi use strong encryption? The reason to use strong encryption is because security through a system with known security is always stronger than security through obscurity. By using strong encryption, we make it more difficult for a spammer to bypass Kiwi, making them perform more work to send us unwanted email. Is there a
