Reputation: 81
Preventing 10-Minute-Mails From Singing Up (Webpage)
Recently people have used services to generate 10-Minute mails to signup on my website. I would like to separate proper mails from spam-mails. I know that Discord has such a system, when signing up with a mail it would just say "invalid mail" and block you from signing up.
I have tried to find a solution on the web, but this doesn't seem to be a popular topic.
My first idea: Having a whitelist of mails like Gmail, GMX, iCloud, etc, and prompt users that don't have one of these emails with an additional phone number request (or something similar). This would help keeping spam out of my website.
My second idea: Having bots that scrape the most popular spam-mail-generators, and generates a list of blacklisted emails. This seems quite difficult because I would have to make an individual scraper for each website. Most websites also get different domains every day so I would have to scrape the sites regularly.
I couldn't find any APIs or any help in general on the internet.
Recently I found out that there also are public phone numbers. My next step would be to detect these too.
Is there a way of doing what I'm trying to? Should I maybe completely change my method of preventing spam registrations on my website (I'm already using reCaptcha, I mean preventing humans that have bad intentions of spam, etc)?
Kind regards, Florian Covy
Upvotes: 3
Views: 4292
Answers (2)
Reputation: 41
The testmail.top API works exactly according to the two ideas that you described:
1. Domain is checked for availability in the whitelist
2. Then the domain is checked against the blacklist
This is what makes it possible to reduce the probability of error to 0%. The base of temporary and trusted mails is updated daily.
All you need to determine the temporary mail is to send a GET request:
https://api.testmail.top/domain/check/[email protected]&ip=8.8.8.8
With authorization header:
Authorization: Bearer XXXXXXXXXX.XXXXXXXXXX.XXXXXXXXXX
And in response you will receive a message like this if the mail turns out to be temporary:
{
"error": 0,
"result": false,
"message": "This domain is in Blacklist"
}
You will receive such an answer if the mail turns out to be trusted (something like gmail.com or yahoo.com):
{
"error": 0,
"result": true,
"message": "This domain is in Whitelist"
}
I have described error codes and more detailed instructions on this page
Upvotes: 1
Reputation: 793
You can try either deep-email-validator or email-deep-validator ON TOP OF a confirmation email system. Note that using these validators alone is not enough, but they provide a first layer of "security" against disposable emails.
Upvotes: 1
Related Questions
- Preventing Spam; Using Nodemailer; Using Sendmail
- NodeJS form spam prevention
- NodeJS sending e-mails with a delay
- node.js sending mails with a delay
- JavaScript anti-flood spam protection?
- How do I use Node.js to send an email every 10 seconds?
- JS spam protection
- Javascript timed security to protect spams
- Need a little help with anti email spam javascript
- Hiding email from spambots without using javascript