12. Jan. 2011

Prevent disposable emails to register

12 Jan

If you have a small social network site (or any other site for that matter), you usually want to keep the spammers and fakers outside.

There are hundreds of temporary email services out there which provide you with a garbage email account in less than 5 seconds.
This is helpful if you don’t want to get spammed yourself, but what about sites that do not misuse the users’ emails? Like your own probably.

The problem with those "10-minute-mail-accounts" is, that they compromise your security (what if other users find those registration emails a few days later?). The are also quite attractive to spammers and fakers who only want to get access in order to spam and harm other people.
It will at least slow them down if they cannot obtain hundreds of email accounts in a few seconds.

So in case you want to make sure that those people are locked out, you can add an additional validation rule "validateUndisposable" and match the email against a list of known providers – a so called "blacklist".

 * @return boolean $success
function validateUndisposable($data, $proceed = false) {
	$email = array_shift($data);
	if (empty($email)) {
		return true;
	// your logic goes here

With the second param you can ease it up a little bit. Just log the event and continue with the registration process.

In case someone is interested I could publish the complete functionality. But most programmers can easily program it themselves.

This is the current blacklist (collected by me – 2011/01) – feel free to mail me missing domains:

Mainly German and English…

Last words

I used to check against a webservice called For some reason the service
went offline, though. That was the reason i started the offline blacklist. Even if static it already provides a basic protection mechanism.

In those list are also some forwarding services that only cloak your real email. As of right now they are not allowed either because they can forward to another spam email.

5.00 avg. rating (93% score) - 1 vote

Posted by Mark in PHP, WebDevelopment


Tags: ,

Leave a Reply

If you need to post a piece of code use {code type=php}...{/code}.
Allowed types are "php", "mysql", "html", "js", "css".

Please do not escape your post (leave all ", <, > and & as they are!). If you have encoded characters and need to reverse ("decode") it, you can do that here!

  1. Michael Clark

    January 26, 2011 at 18:30

    Frankly it’s not a problem for most sites that don’t misuse the email. Security is not significantly strengthened, spamming is still a problem.

  2. Gerold Setz

    March 9, 2011 at 16:38


    I recently started a free service to prevent subscribers to use one-time email addresses (also known as disposable mail).

    Have a look at

    Maybe you can integrate it for your needs.

    Best regards,

  3. Mark

    March 9, 2011 at 17:14

    I used to connect to a similar webservice, until it went down.
    hopefully yours is available for a little bit longer 🙂

    one question:
    is it possible to connect to the API to retrieve the current list of "undisposable addresses"?
    that would be nice in order to save traffic and reduce the amount of webservice queries necessary if I could store them locally.

  4. Gerold Setz

    March 9, 2011 at 17:53

    Hi Mark,

    I do not plan to publish a list of domains. Please find here the reason:

    Another reason is that nearly every week there are new domains for DEA’s. My service normally recognises new domains immediately as there are several checks. And this will only work if the service is used to query …

    If my service results in very high traffic I’ll try to find mirrors. Let’s promote it!


    PS: If you have the possibility to link to the website, please do so. Thanks.

  5. Mark

    March 11, 2011 at 16:08

    I think your API still needs some improvements.
    check out other web APIs.
    they usually return a distinct return code and not a "full text string". way easier to work with inside another web application.
    if you dont want to use integer values like 1,2,3 you could at least use slugs like "no_email", "invalid_email" etc

    i would also like to see basic email validation build in prior to returning a result.

    a) not Empty
    b) validEmail
    c) the rest of your return values


  6. Gerold Setz

    April 15, 2011 at 08:05

    Hi Mark

    Thanks for your suggestion – and the additional workload 😉

    There is now a JSON based webservice. Have a look at

    You will find distinct return codes now.


  7. Mark

    April 15, 2011 at 14:57

    Now it looks like a really good and promising webservice 🙂
    I am wondering if you already build a CakePHP Lib for it.
    I would test it right away!

  8. Patrick Daether

    October 24, 2013 at 18:35


    i have published a free service to check for disposable mail.
    You can find it here:

    fakeinator checks either a valid email or just the domain part – so you don’t need to expose complete client emails to another server.

    It is really simple, so that you can easily integrate it in addition to the basic validation routines of your website/app/software.


  9. Mentin

    October 11, 2017 at 10:49

    Hi, you can another site to your list of disposable email services