Block Fake Disposable Email Addresses

If you run a website that allows account signups, you’ve probably faced abuse from fake users, abusive users, fraudsters, and other malicious actors. If you look at their email addresses, you may have noticed a pattern among these users. Fake users tend to use disposable emails and temporary email services that allow abusers to quickly cycle through new emails with unique address names across thousands of domains. These services make it possible with a simple mouse click to generate a brand new email address.

Since the creation of T.LY URL Shortener, I’ve had to learn a ton about how to stop malicious users on the internet. One part of this was preventing users from signing up using disposable email addresses. Fortunately, there is a Laravel package that handles this functionality. I got a quick solution released that auto-updated from an ever-growing list of fake email address domains.

Package Installation

  1. Run the Composer require command to install the package:

    composer require propaganistas/laravel-disposable-email
  2. If you don’t use auto-discovery, open up your app config and add the Service Provider to the $providers array:

    'providers' => [
  3. Publish the configuration file and adapt the configuration as desired:

    php artisan vendor:publish --tag=laravel-disposable-email
  4. Run the following artisan command to fetch an up-to-date list of disposable domains:

    php artisan disposable:update
  5. (optional) In your languages directory, add for each language an extra language line for the validator:

    'indisposable' => 'Disposable email addresses are not allowed.',
  6. (optional) It’s highly advised to update the disposable domains list regularly. You can either run the command yourself now and then or, if you make use of Laravel’s scheduler, include it over there (App\Console\Kernel):

    protected function schedule(Schedule $schedule)

I recommend implementing a system to prevent disposable emails from flooding your system with fake accounts. Another important step is adding a Captcha system to prevent automated multiple signups. Hopefully, this helps to protect your website!

Thanks for reading. Make sure you follow me on Twitter to stay up to date on the progress of my side projects T.LYWeather Extension, and Link Shortener Extension. If you are interested in the tech I use daily, check out my uses page.  

Leave a Reply

Your email address will not be published. Required fields are marked *