1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lack of Interest Only allow certain e-mail addresses for registration to stop spam

Discussion in 'Closed Suggestions' started by Parminder Singh Chahal, Sep 10, 2013.

  1. Parminder Singh Chahal

    Parminder Singh Chahal Active Member

    I would like to request a feature for spam management where we could have an option to have an allow list instead of banned list that we currently have. I am sure there must be forums where this could be a problem so we could have an option so every forum could choose wether to have a banned list or an allow list.

    I have been adding domain after domain but it just doesnt end and the vast majority of my members if not all only use Gmail, yahoo and hotmail or may be a couple more. I have all the spam protection in place but the bot registration has no end. I believe having an allow list would atleast keep the uggboots kind of domains out. Spammers would keep Gmail and yahoo staff busy not us poor webmasters coz it would be gmail guys who would then be looking to stop automatic e-mail account creating and they do have the resources I would imagine to keep spammers on the run all the time.
    boeing747, Alfa1 and whynot like this.
  2. Martok

    Martok Well-Known Member

    An allow list is unworkable, you can't cater for every variation of legitimate email address. What about those who have their own domain names? You can't possibly add all of these and surely you aren't going to prevent these people from registering on your forum?!
  3. Parminder Singh Chahal

    Parminder Singh Chahal Active Member

    That is true hence the option for forum owners to either have an allow list or a baned list. I am yet to come across some one who does not have a gmail account and just having a little notice saying only Gmail address would do the trick for me. I might have a different opinion half an hour later but I am just too pissed at having to clean up the mess every day.. I just deleted a couple of dozen ids and added the domains to banned list.
  4. whynot

    whynot Well-Known Member

    You don't have to.
    Registration on this forum allowed only with:
    As soon as you become an approved registered member you may change it to almost anything, which includes your own domain name as well.
  5. Martok

    Martok Well-Known Member

    That's fine if you have a .com address. Not everyone does. I have a .co.uk address (personal) and a .net (work). That would make for a big list if you include many of the TLDs as well as the variations on these (e.g. .co.uk, .org.uk, .me.uk etc).

    Forcing people to only be able to register using certain email addresses is a sure-fire way of stopping people registering on your forum!
  6. whynot

    whynot Well-Known Member

    Let the forum owner decide if he wants a white list or not.
    On my forum gmail and a certain ISP's mail is not accepted to register.
    Members want to have them? They know that they can have them.
  7. Parminder Singh Chahal

    Parminder Singh Chahal Active Member

    That actually means this :


    and so on. You can add to that list and only allow email addresses from those domains to register. Having that listed in the registration form saying only these e-mails accepted will make it clear to perspective members that they can only register using so and so emails. Its really not for every one but I can myself afford to make every one only use gmail due to the nature of forums I run or atleast some of them.
    whynot likes this.
  8. Chris D

    Chris D XenForo Developer Staff Member

    Duplicate of: http://xenforo.com/community/threads/email-whitelist.57842/

    There's an add-on here that adds the functionality: http://xenforo.com/community/resources/*******-registration-email-domain.1530/

    I completely disagree with this as an effective method for combatting spam, by the way. Any site that forces you to have a certain e-mail domain, I'd be straight out the door. And, you may be underestimating just how many spammers use free e-mail services for their bot users. Blocking all but Gmail will absolutely not resolve the issue.

    It is, however, generally a good suggestion for slightly more private or specialist forums. For example if it's a company forum for internal use, you would want only @yourcompany.com to be able to register. From that point of view it's ideal.

    Please look around for better spam protection methods and ensure you're using all of the new methods in XenForo 1.2.x effectively.
    Amaury and Martok like this.
  9. Alfa1

    Alfa1 Well-Known Member

    Actually, this is an excellent method which I have applied successfully on my big board for years. Its no issue for users.
    But I would reword the suggestion. Here is how I have designed it:
    1. When a user with a 'new' email domain registers, the registration enters the moderation queue.
    2. From the moderation queue the moderator can check out the email domain with a google search link to the domain. The moderator can check out if the domain is a valid email domain, in contrast to a fake domain.
    3. The moderator either whitelists or blacklists the domain.
    4. All further registrations with the same domain are allowed if its on the whitelist or blocked if its on the blacklist.

    This allows the site to quickly build a whitelist and a blacklist of fake email domains and prevent a mass of bounced email and fake registrations.

    It would be more effective to have a central xenforo email domain blacklist.
    whynot likes this.
  10. Brogan

    Brogan XenForo Moderator Staff Member

    A central blacklist wouldn't work as what some would consider acceptable, others wouldn't, and vice versa.
    Amaury likes this.
  11. Alfa1

    Alfa1 Well-Known Member

    It depends on what the blacklist is for. If its about something subjective like what is acceptable then you are right. If its about real email providers vs fake / temporary email providers then it will work.
    A central database would probably need a domain to be reported by multiple websites before its blacklisted.
  12. Parminder Singh Chahal

    Parminder Singh Chahal Active Member

    You are a webmaster and none of my forums are targetted towards webmasters. People come to my forums for troubleshooting different kind of stuff and they would join even if I asked them to do a hand stand for half an hour and send me a video of that before I approve their membership (just kidding). Nothing will keep spam away for too long 100% but with a restriction like Gmail only in place you get a free team working for you at Google trying to find new ways of preventing automatic creation of new gmail accounts. Yes some spammers would find a way but then you have a team working for you to find a way to keep this activity to a minimum. There will be sudden bursts of bots being able to spam but I would sleep at night knowhing that Google is footing the bil for research on how to prevent them in future.

    Its just another hurdle not a complete solution. You cant kill spam with one arrow.. You just have to keep such little hurdles in place and keep the reward to a minum making it a waste of time for them as much as you can.

    I have all of them in place and that too with "1" flag in last 15 days. The only thing that I dont use is the question and answer because even with vbulletin it only took them 3-4 days to get over that so there is hardly a point having that in place. I will still give it another try and try being more creative with the questions this time.
  13. Parminder Singh Chahal

    Parminder Singh Chahal Active Member

    For that forum owners could be given an option to put new registerations with black listed e-mails into moderation instead of blocking the registration. Moderated members could be allowed to create posts which would again be kept under moderation without the new member knowing that their posts are going into moderation to keep people from being put off. Could have different actions for different situations.

    If there are ambitious people in the xenforo team then they could try creating a data base and have this built into the core for xenforo and create an addon for every other paid software out there and allow them to use it for free. Use your addon to advertise whatever you want right inside their admin panel. What more reward would the xenforo team want. Such an addon would be downloaded in thousands every single day.
  14. Parminder Singh Chahal

    Parminder Singh Chahal Active Member

    Built into the core but turned off by default with a disclamer that dont come complaining if a couple of genuine members are put into moderation.
  15. Chris D

    Chris D XenForo Developer Staff Member

    3-4 days is still a lot better than "instant". reCAPTCHA is currently completely ineffective and so you'd almost be as well to not have any captcha at all... but yeah... Q&A would be better. As long as the questions aren't solvable programatically (questions such as 5+5 can be solved automatically by bots).

    Personally, my favourite captcha solution is: http://xenforo.com/community/resources/customimgcaptcha-spam-combat.1161/

    If you use that and add some custom images to it, it should prove really effective.

    And, still, although I appreciate what you're proposing to do (whitelisting gmail only) is a comfortable solution for you, surely not having to do that is even better?

    In addition to CustomImgCaptcha above I highly recommend this one too:


    Try it out for free (it includes branding) and if you like it and it stops the spam, pay for the branding free version.
  16. Tracy Perry

    Tracy Perry Well-Known Member

    Most are pretty evenly split between gmail and hotmail in my FoolBotHoneyPot logs. Of course, there are the random mail.ru, yandex.com and other domains thrown into the mix - but by far the most come from hotmail and gmail. Funny thing is - a lot of the "real" domains that are being used are affiliated with OVH.NET.
  17. Sage Knight

    Sage Knight Well-Known Member

    If some sort of character limit can be specified for the e-mail domain name that would be even better as most major/popular hosts keep it at short as they can. They don't include numbers either.

Share This Page