How do you deal with registrations with disposable emails or invalid email addresses?

gogo

Active member
There are some add-ons here that can deal with bot mass registrations and human spamming (VPN, multiple accounts, country ban, etc) quite well.

But what if people use 1) disposable emails like 10minute emails 2) a non-existing email account, e.g. fhgfhjfd@gfrtth.fghg 3) someone else email account for registration?

For disposable emails, they can register without a problem. But any further email correspondences sent to those email address could lead to bounce back because those disposable emails usually only last for a short time, such as 10 minutes.

For non-existing emails, they could be typo or deliberately garbage entries. Server will get bounce back email after sending email confirmation mail.

For people randomly using other people's emails, it's not a big problem because recipients might just ignore and delete the mails. Few people will mark it as spam mails.

If the amount of bounced emails is huge, I think it will make my domain name flagged as spamming? Is it a common problem because of registration with above type of emails?

There are some ways to deal with this;

1) Blacklist. It just doesn't work as new domain names are being used for disposable emails every day. It's impossible for a static blacklist to do anything meaningful against them.

2) some companies provide anti-disposable emails verification services but that is too complicated for me and they bear a cost for each domain name checked.

3) Only email addresses in a self-defined domain names whitelist are allowed to register

This is actually the ideal method as I will expect majority of people use emails from public email providers to register xenforo rather than using company or other dedicated email addresses.

The whitelist won't be really long. I guess within 20 or 30 entries?

This needs to be done with an add-on which I found only one exists but it's unmaintained and never updated since its first release in Jan 2018.


It's unclear whether it's still compatible with 2.1x.

And it lacks the feature of using wildcards for domain entries. For example, sometimes email addresses end with *.edu or from local ISP is supposed to have lower chance to cause problems.

So what do you do? Share your view please.
 
Last edited:

djbaxter

Well-known member
For invalid emails:

AdminCP >> Setup >> Options >> User registration >> Enable email confirmation
If selected, users will need to click on a link in an email before their registration is completed.

For disposable emails:
 

gogo

Active member
For invalid emails:

AdminCP >> Setup >> Options >> User registration >> Enable email confirmation


For disposable emails:
For invalid emails:

AdminCP >> Setup >> Options >> User registration >> Enable email confirmation

Still, invalid emails invoke bounced emails.

For disposable emails:

I'm aware of this add-on. I posted the last reply in the discussion...
 
Top