Prevent disposable emails to register

If you have a small social network site (or any other site for that matter), you usually want to keep the spammers and fakers outside.

There are hundreds of temporary email services out there which provide you with a garbage email account in less than 5 seconds.
This is helpful if you don’t want to get spammed yourself, but what about sites that do not misuse the users’ emails? Like your own probably.

The problem with those "10-minute-mail-accounts" is, that they compromise your security (what if other users find those registration emails a few days later?). The are also quite attractive to spammers and fakers who only want to get access in order to spam and harm other people.
It will at least slow them down if they cannot obtain hundreds of email accounts in a few seconds.

So in case you want to make sure that those people are locked out, you can add an additional validation rule "validateUndisposable" and match the email against a list of known providers – a so called "blacklist".

 * @return boolean $success
function validateUndisposable($data, $proceed = false) {
    $email = array_shift($data);
    if (empty($email)) {
        return true;
    // your logic goes here

With the second param you can ease it up a little bit. Just log the event and continue with the registration process.

In case someone is interested I could publish the complete functionality. But most programmers can easily program it themselves.

This is the current blacklist (collected by me – 2011/01) – feel free to mail me missing domains:

Mainly German and English…

Last words

I used to check against a webservice called For some reason the service
went offline, though. That was the reason i started the offline blacklist. Even if static it already provides a basic protection mechanism.

In those list are also some forwarding services that only cloak your real email. As of right now they are not allowed either because they can forward to another spam email.

5.00 avg. rating (93% score) - 1 vote


  1. Frankly it’s not a problem for most sites that don’t misuse the email. Security is not significantly strengthened, spamming is still a problem.

  2. Interesting.
    I used to connect to a similar webservice, until it went down.
    hopefully yours is available for a little bit longer ๐Ÿ™‚

    one question:
    is it possible to connect to the API to retrieve the current list of "undisposable addresses"?
    that would be nice in order to save traffic and reduce the amount of webservice queries necessary if I could store them locally.

  3. Hi Mark,

    I do not plan to publish a list of domains. Please find here the reason:

    Another reason is that nearly every week there are new domains for DEA’s. My service normally recognises new domains immediately as there are several checks. And this will only work if the service is used to query …

    If my service results in very high traffic I’ll try to find mirrors. Let’s promote it!


    PS: If you have the possibility to link to the website, please do so. Thanks.

  4. I think your API still needs some improvements.
    check out other web APIs.
    they usually return a distinct return code and not a "full text string". way easier to work with inside another web application.
    if you dont want to use integer values like 1,2,3 you could at least use slugs like "no_email", "invalid_email" etc

    i would also like to see basic email validation build in prior to returning a result.

    a) not Empty
    b) validEmail
    c) the rest of your return values


  5. Now it looks like a really good and promising webservice ๐Ÿ™‚
    I am wondering if you already build a CakePHP Lib for it.
    I would test it right away!

  6. Hi,

    i have published a free service to check for disposable mail.
    You can find it here:

    fakeinator checks either a valid email or just the domain part – so you don’t need to expose complete client emails to another server.

    It is really simple, so that you can easily integrate it in addition to the basic validation routines of your website/app/software.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.