Quick question - are you concerned about trademarks (Amazon and such) being included as the phishing templates? Reason I ask is that I'm working on a hosted project [1] similar to this and have considered including default templates. I've held off for this exact reason.
Edit - another question, your screenshot in the intro page shows an email (in the Gmail client) coming from "support@github.com". Github has spf records setup so I would be interested to know how you manage to spoof the actual email address itself without getting flagged as spam.
> Quick question - are you concerned about trademarks (Amazon and such) being included as the phishing templates?
I'm honestly not 100% sure, but I think in the context of a phishing site using trademarks like that falls under fair use. But IANAL.
> Github has spf records setup so I would be interested to know how you manage to spoof the actual email address itself without getting flagged as spam.
I don't know much about spf records, honestly--for every site I had to try multiple "From" and "Reply-To" addresses to get the emails past gmail's spam filter. Some of them didn't even arrive in my spam folder, (apparently they just got killed on some intermediate hop). support@github.com definitely works, at least for me--you should try it yourself and see how it goes.
The root of trademark law is preventing consumers from being confused or deceived about brand affiliations. I believe using a trademark to refer to the product/service symbolized by the mark is a protected case, so long as you are clear that no endorsement exists. Looking at your language, this is abundantly (and amusingly) clear.
You might have something to worry about with your insinuations about Dropbox though. I'm quite sure they are strongly pro-cephalopod.
Might be worth reaching out to the relevant companies once you reach a certain size, as they presumably will patch any holes in their spf records that you bring to their attention.
Quick question - are you concerned about trademarks (Amazon and such) being included as the phishing templates? Reason I ask is that I'm working on a hosted project [1] similar to this and have considered including default templates. I've held off for this exact reason.
Edit - another question, your screenshot in the intro page shows an email (in the Gmail client) coming from "support@github.com". Github has spf records setup so I would be interested to know how you manage to spoof the actual email address itself without getting flagged as spam.
[1] http://github.com/jordan-wright/gophish