How stop unity3d asset store hackers!!

Sure, sending from a fake address is easy - but you won't receive the replies..

 

It doesn't have to be a fake address. You can supply a legitimate address and most people won't be able to identify whether or not the email is a fake. All you need is telnet and the step-by-step instructions on that site.

Obtaining a legitimate customer address is the real catch though not necessarily the approach to take. You would be better off spoofing the customers themselves one by one for their legitimate invoice. A developer may be less likely to question the email address if it has an invoice attached.

 

I get what you mean - my point was that they'll never be able to receive the replies, unless they can somehow hack the DNS/mail server to direct the reply to their own mail server. Or gain access to the account itself.

For example, I could send from bill@microsoft.com - but I'll never receive the response. Bill will wake up with some strange spam in his inbox.

We could set a Reply-To address (so the From and Reply addresses are different), but this will be visible to the company you're emailing.

 

Thanks for the clarification. That does explain why they ask you to click links.

 

I think this is a great example of how to handle the situation... Dustin makes a good product and wants to provide the best support possible to "valid" customers.

I just have to wonder, how cases like this could be attended to by Unity to raise the efforts of developers to a level of greater "direct" customer support versus wasting time dealing with take down notices and other crap.

It would be nice to see Unity create a solution (perhaps a Pro feature), that asset developers could easily integrate into their products to provide customer validation... maybe even a support portal other than these forums (... perhaps even a bug tracking system).

I too don't want to waste my time like the piracy community do to server their purposes... I just wonder how much better all of our tools and software could be if they choose to use their skills to improve peoples lives then to literally steal and consume others time and efforts.

regardless, like Dustin.. I think I would choose to focus on how to give better direct customer support, something that a pirated version of the product could never do.

 

Thanks! It really depends on how bogged I am. Right now I ask a fair bit because I have a lot of requests (a current outstanding bug and some custom converter requests and lots of IL2CPP questions) so I want to make sure those get priority. If it's a slow time, then I don't bother asking. It is nice when people buy through FastSpring because I have an API that FastSpring integrates with and it auto-creates a parentElement.com account for them so they can always download the newest version. Lots of times if I think they need it, I manually create accounts for my asset store customers as well (and always will by request) as it's much easier for me to verify.

And you nailed it... it's not about denying support to the pirates... it's about making sure those who invested in the product get the support they deserve.