Back
Question
Asked

How to block spam email domains to signup for the website?

I have added signup with email option on the website and it is getting lots of spam registration from domain like bestsky.info ,asassd.domailnew.com etc. Is there a library or API that can help to detect these type of spam domains?


Formspree have this "display: none" field. So when a spambot tries to send you a message, it discards the message. Maybe an implementation similar to this? Or use "Recaptcha", the new one it's not annoying :)

Does it automatically detect the spam domain?

No. Maybe filtering the domain with a firewall (or Cloudflare) can help. But formspree and recaptcha only detects a spam bot upon clicking "send".

I've noticed a sign up with facebook/twitter and grabbing email address from there greatly reduces spam. :)

Your best bet would be to remove the incentive for people to enter a spam email address (depends on your specific use case), and increase their cost (e.g. CAPTCHA).

If you want to block throwaway email addresses (like Mailinator) you can find list of domains they use on Github. They regularly add new domains however, so you'll want to keep those lists updated. I also vaguely remember having seen a developer API that lets you check whether an email address is a throwaway email or not. I think it was either on BetaList or here on WIP, but I'm unable to find it right now.

If it springs to mind I'll post it here.

currently, I have created a list of spam domains and check user's email against this list when they sign up. If it can reduce the spam account then it would be a good solution. but if spam from other domains will increase, then I need to use API mentioned by @drikerf below.

I've used Clearbit before and it worked really nice if you don't want to bother users or worry that a challenge like CAPTCHA would impact signups too much. You can check out the Risk API, they have a free plan for low volume clearbit.com/risk

woah. This is a great solution. It also provides 50k requests free per month. Thank you for sharing this.

I use github.com/lisinge/valid_emai… - It does two things:
1. Verifies the domain has a valid MX record, so it has to be a "real" email
2. Blacklists known disposable email providers

For the most part, it just picks up on people mistyping domains but I also don't get to many spam signups.

Is this only for Ruby app?