问题
In order to prevent users from signing up with my site using a disposable email address, I want to check the email address during registration. I found many web services that offer to validate an email address against its internal disposable email domain list. I've also found questions/answers here in Stack Overflow what explicitly recommend this method.
I think using this method is a very bad idea. Because of privacy concerns (or even privacy policies), you shouldn't ever expose the users email address (or even only its domain part) to a third party.
I've found some public lists, but neither seem to be updated:
- https://gist.github.com/michenriksen/8710649
- https://gist.github.com/adamloving/4401361
- http://www.digitalfaq.com/forum/web-tech/5050-throwaway-email-block.html
Does anyone know a publicly available list, which is updated regularly?
回答1:
See www.block-disposable-email.com for a source of disposable email domains. While the api access is the best way to get most recent responses a download for offline use is available for enterprise users (http://www.block-disposable-email.com/cms/help-and-usage/).
Public/free lists are not very reliable in my experience.
Full disclosure: I am a co-founder of this service that detects more than 6.500 dea domains (without false positives).
回答2:
You can use this free JavaScript library: https://github.com/AppBeat-io/JavaScript
Usage example:
AppBeat.Email.isDisposable('something@sharklasers.com'); //returns true
AppBeat.Email.isDisposable('something@mailinator.com'); //returns true
AppBeat.Email.isDisposable(' something@mailinator.com '); //returns true
AppBeat.Email.isDisposable('@mailinator.com'); //returns true
AppBeat.Email.isDisposable('mailinator.com'); //returns true
AppBeat.Email.isDisposable('unknown-domain.some-domain'); //returns false
AppBeat.Email.isDisposable('something@unknown-domain.some-domain'); //returns false
AppBeat.Email.isDisposable('something@gmail.com'); //returns false (whitelisted)
AppBeat.Email.isDisposable('something@outlook.com'); //returns false (whitelisted)
回答3:
For this you will need to use some sort of anti-fraud service or api validator. I personally use ipqs since its free for me (I use under 5,000 monthly lookups)
来源:https://stackoverflow.com/questions/29916266/filter-disposable-email-addresses-without-exposing-the-address-to-a-third-party