Prevent disposable emails to register

If you have a small social network site (or any other site for that matter), you usually want to keep the spammers and fakers outside.

There are hundreds of temporary email services out there which provide you with a garbage email account in less than 5 seconds.
This is helpful if you don’t want to get spammed yourself, but what about sites that do not misuse the users’ emails? Like your own probably.

The problem with those "10-minute-mail-accounts" is, that they compromise your security (what if other users find those registration emails a few days later?). The are also quite attractive to spammers and fakers who only want to get access in order to spam and harm other people.
It will at least slow them down if they cannot obtain hundreds of email accounts in a few seconds.

So in case you want to make sure that those people are locked out, you can add an additional validation rule "validateUndisposable" and match the email against a list of known providers – a so called "blacklist".

/**
 * @return boolean $success
 */
function validateUndisposable($data, $proceed = false) {
    $email = array_shift($data);
    if (empty($email)) {
        return true;
    }
    // your logic goes here
}

With the second param you can ease it up a little bit. Just log the event and continue with the registration process.

In case someone is interested I could publish the complete functionality. But most programmers can easily program it themselves.

This is the current blacklist (collected by me – 2011/01) – feel free to mail me missing domains:

emailgo.de
mbx.cc
spamgourmet.com
deadaddress.com
keepmymail.com
12minutemail.com
10x9.com
trashinbox.com
hmamail.com
spamkill.info
yxzx.net
yopmail.com
dontsendmespam.de
spamavert.com
mailinator.com
no-spam.ws
nobugmail.com
losemymail.com
nabuma.com
nobuma.com
bugmenever.com
ignoremail.com
10minutemail.com
pookmail.com
humaility.com
incognitomail.org
mail4trash.com
spaml.de
dodgit.com
filzmail.com
spaml.com
eyepaste.com
pjjkp.com
odnorazovoe.ru
wwwnew.eu
example.com
bofthew.com
lhsdv.com
prtnx.com
despam.it
lawlita.com
oneoffmail.com
spamgourmet.com
mytrashmail.com
2prong.com
temporaryinbox.com
jetable.org
tempinbox.com
guerrillamail.com
dontreg.com
bugmenot.com
wh4f.org
spamhole.com
tempomail.fr
spammotel.com
spambox.us
tempemail.net
mailscrap.com
maileater.com
spam.la
fakedemail.com
spam.su
antireg.ru
mailforspam.com
asdasd.ru
slopsbox.com
tilien.com
trashmail.net
otherinbox.com
antireg.com
mailinator2.com
sogetthis.com
mailin8r.com
mailinator.net
spamherelots.com
baxomale.ht.cx
thisisnotmyrealemail.com
spambog.com
bsnow.net
trash-mail.com
jetable.org
jetable.net
mailexpire.com
garrifulio.mailexpire.com
sofort-mail.de
uggsrock.com
nurfuerspam.de
binkmail.com
mailcatch.com
guerrillamailblock.com
cust.in
meltmail.com
wegwerfemail.de
giantmail.de
zippymail.info

Mainly German and English…

Last words

I used to check against a webservice called undisposable.net. For some reason the service
went offline, though. That was the reason i started the offline blacklist. Even if static it already provides a basic protection mechanism.

In those list are also some forwarding services that only cloak your real email. As of right now they are not allowed either because they can forward to another spam email.

5.00 avg. rating (93% score) - 1 vote

9 Comments

  1. Frankly it’s not a problem for most sites that don’t misuse the email. Security is not significantly strengthened, spamming is still a problem.

  2. Interesting.
    I used to connect to a similar webservice, until it went down.
    hopefully yours is available for a little bit longer 🙂

    one question:
    is it possible to connect to the API to retrieve the current list of "undisposable addresses"?
    that would be nice in order to save traffic and reduce the amount of webservice queries necessary if I could store them locally.

  3. Hi Mark,

    I do not plan to publish a list of domains. Please find here the reason: http://www.block-disposable-email.com/about.php

    Another reason is that nearly every week there are new domains for DEA’s. My service normally recognises new domains immediately as there are several checks. And this will only work if the service is used to query …

    If my service results in very high traffic I’ll try to find mirrors. Let’s promote it!

    Gerold

    PS: If you have the possibility to link to the website, please do so. Thanks.

  4. I think your API still needs some improvements.
    check out other web APIs.
    they usually return a distinct return code and not a "full text string". way easier to work with inside another web application.
    if you dont want to use integer values like 1,2,3 you could at least use slugs like "no_email", "invalid_email" etc

    i would also like to see basic email validation build in prior to returning a result.

    a) not Empty
    b) validEmail
    c) the rest of your return values

    cheers
    mark

  5. Now it looks like a really good and promising webservice 🙂
    I am wondering if you already build a CakePHP Lib for it.
    I would test it right away!

  6. Hi,

    i have published a free service to check for disposable mail.
    You can find it here: http://fakeinator.info

    fakeinator checks either a valid email or just the domain part – so you don’t need to expose complete client emails to another server.

    It is really simple, so that you can easily integrate it in addition to the basic validation routines of your website/app/software.

    Regards,
    Patrick

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.