Did you even feel disappointed, or even wronged, when people register on your website with a Disposable or temporary E-mail account? When they download your free ‘goodies’ that you worked so hard on and ‘thank’ you with a bouncing email address, leaving you with no possibility to contact them, for support, news, etc.
Did you ever feel bothered by the fact that people using disposable or temporary email accounts are most likely to spam or offend other members of your website, just because they have that ‘invincible’ feeling of being ‘anonymous’ and ‘untraceable’. Do malicious activity, spam bots, and internet trolls come to mind?
Or do you just want to make a statement: “if you don’t trust me with your real E-mail account, why trust me and my services at all...”
Time to stop Disposable Mail registrations on your website!
With the ochStopDMR system plugin, you can check every mail domain that a user uses to register on your website. When a user registers or (configurable) when a user changes his user profile, a request is made to an external API that checks the domain part of the E-mail:
- to have a valid mx-record in the domain’s DNS record;
- to have a valid TLD (Top Level Domain): checked against a daily updated Root Zone database;
- to not be in a 18K+ (and daily growing) maintained Disposable E-mail Domain names database.
The system plugin works with the Joomla! (3.9.0 introduced) onUserBeforeSave trigger and will work with all extensions (like Kunena, rd-subscriptions) that use Joomla! Users and follow the Joomla! API / Coding Standards.
Is this Guaranteed, 100% stopping Disposable E-mail registrations?
Unfortunately no. Even with 18 thousand+ disposable domains, the user may find himself ‘lucky’.
As with all security measures, this is a ‘cat-and-mouse-game’ where new Disposable E-mail domains are created on an almost daily bases. But there is also a community out there that is scavenging the internet for these (new) domains and when found share them.
What I see in practice is that they try two or three different Disposable domains at most and then just give up and use their real E-mail account.
Can I help?
Yes you can! When a new user registers on your website and it turns out that his E-mail domain was ‘validated’ but shouldn’t have been, you can always reach out to me so I can add it to the database and spread the word on the Internet. The same goes for false positives: when a user wants to register with an E-mail account that is flagged as Disposable but isn’t, you can directly whitelist it in the plugin and contact me too.
What about privacy?
In order to maintain this service, only the domain part (the part after the @) is sent to the API and is logged. This allows me to find new disposable domains that were not already in the database. Emails are not stored and logs will be removed when handled or on a monthly bases.