ilex01's avatar
ilex01
OP
1 year ago
Level 5

I am getting many fake email addresses signing up

I am getting many fake email addresses signing up, even though I have Google Recaptcha on the registration form. How can I validate emails during registration? Something simple to install.

See the screen capture below: https://i.gyazo.com/d294dc3890844dd98fa553731366eb81.png

0 likes
5 replies
Merklin's avatar

Enable email verification and set up a scheduled job purge of non-verified accounts every 30? days?

As for validation, what to validate? Having @? Having a valid domain? Count the number of dots in the address? This won't stop bot registration.

A solution could be to use external service like this one for example: https://emaillistverify.com/api and integrate the check during registration.

renato.hysa.dev's avatar

Those are valid Gmail emails, I don't think you can do much about it.

However, I have this class to prevent disposable emails:

<?php
declare(strict_types=1);

namespace src\Infrastructure\Services\Email;

use src\Domain\Authentication\Exceptions\DisposableEmailDomainException;
use src\Domain\Services\Blacklist\DisposableEmailDomainChecker;
use src\Domain\ValueObjects\Security\EmailAddress;

class DisposableDomainList implements DisposableEmailDomainChecker
{
    public function check(EmailAddress $emailAddress): void
    {
        $givenDomain = $emailAddress->domain();

        $disposableDomains = file(base_path('/src/Infrastructure/Services/Email/disposable-domains.txt'), FILE_IGNORE_NEW_LINES);
        foreach ($disposableDomains as $disposableDomain) {
            if (trim($disposableDomain) === $givenDomain) {
                throw new DisposableEmailDomainException($emailAddress->email);
            }
        }
    }
}

You can find lists of disposable emails on GitHub.

Merklin's avatar

@renato.hysa.dev In this case there is another task to do among many: regularly update the list. Implementing email verification or external service, if worthy, is better. In the end, that's why the verification exists in Laravel.

renato.hysa.dev's avatar

@Merklin Yep, I agree. The class I suggested is from a DDD project of mine, EmailAddress is a Value Object, it has built-in email validation inside.

Keeping the list up-to-date isn't an issue, the list I'm using has 3614 disposable emails, the project is https://thelisting.app and has done very well to prevent disposable emails.

Of course new disposable emails are added every day, but 3614 isn't bad.

Snapey's avatar
Snapey
1 year ago
Best Answer
Level 122

This is why email verification exists in the framework

2 likes

Please or to participate in this conversation.