68bdd5939f
Noticed that 33Mail was on the `email_blocklist.conf`, but this service is not a temporary mail provider, and requires users to create an account, with valid contact details, and payment details (for premium plan). Since it's a privacy service, not a disposable email address, I'm making the suggestion that it probably doesn't need to be on this list, especially since there are no other forwarding mail providers included in the list **Bit of Background** Email alias forwarding services work by allowing users to use a different email alias for each online service (e.g. facebook@john.33mail.com, github@my-domain.com, heroku@john.anonaddy.com, etc). It enables users to protect their real email address, when creating online accounts, while still permanently receiving all email communication in their primary inbox. It works in exactly the same was as [other mail forwarding services](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md#anonymous-mail-forwarding) (like AnonAddy, SimpleLogin, ProtonMail aliases, and Firefox Private relay). 33Mail is one of the most long standing of them all, it's been running since 2008. |
||
|---|---|---|
| .travis.yml | ||
| allowlist.conf | ||
| disposable_email_blocklist.conf | ||
| README.md | ||
| requirements.txt | ||
| verify.py | ||
List of disposable email domains
This repo contains a list of disposable and temporary email address domains often used to register dummy users in order to spam or abuse some services.
We cannot guarantee all of these can still be considered disposable but we do basic checking so chances are they were disposable at one point in time.
Allowlist
The file allowlist.conf gathers email domains that are often identified as disposable but in fact are not.
Example Usage
Python
blocklist = ('disposable_email_blocklist.conf')
blocklist_content = [line.rstrip() for line in blocklist.readlines()]
if email.split('@')[1] in blocklist_content:
message = "Please enter your permanent email address."
return (False, message)
else:
return True
Available as PyPI module thanks to @di
>>> from disposable_email_domains import blocklist
>>> 'bearsarefuzzy.com' in blocklist
True
PHP contributed by @txt3rob, @deguif, @pjebs and @Wruczek
- Make sure the passed email is valid. You can check that with filter_var
- Make sure you have the mbstring extension installed on your server
function isDisposableEmail($email, $blocklist_path = null) {
if (!$blocklist_path) $blocklist_path = __DIR__ . '/disposable_email_blocklist.conf';
$disposable_domains = file($blocklist_path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$domain = mb_strtolower(explode('@', trim($email))[1]);
return in_array($domain, $disposable_domains);
}
Ruby on Rails contributed by @MitsunChieh
In resource model, usually it is user.rb
before_validation :reject_email_blocklist
def reject_email_blocklist
blocklist = File.read('config/disposable_email_blocklist.conf').split("\n")
if blocklist.include?(email.split('@')[1])
errors[:email] << 'invalid email'
return false
else
return true
end
end
NodeJs contributed by @martin-fogelman
'use strict';
const readline = require('readline'),
fs = require('fs');
const input = fs.createReadStream('./disposable_email_blocklist.conf'),
output = [],
rl = readline.createInterface({input});
// PROCESS LINES
rl.on('line', (line) => {
console.log(`Processing line ${output.length}`);
output.push(line);
});
// SAVE AS JSON
rl.on('close', () => {
try {
const json = JSON.stringify(output);
fs.writeFile('disposable_email_blocklist.json', json, () => console.log('--- FINISHED ---'));
} catch (e) {
console.log(e);
}
});
C#
private static readonly Lazy<HashSet<string>> _emailBlockList = new Lazy<HashSet<string>>(() =>
{
var lines = File.ReadLines("disposable_email_blocklist.conf")
.Where(line => !string.IsNullOrWhiteSpace(line) && !line.TrimStart().StartsWith("//"));
return new HashSet<string>(lines, StringComparer.OrdinalIgnoreCase);
});
private static bool IsBlocklisted(string domain) => _emailBlockList.Value.Contains(domain);
...
var addr = new MailAddress(email);
if (IsBlocklisted(addr.Host)))
throw new ApplicationException("Email is blocklisted.");
Contributing
Feel free to create PR with additions or request removal of some domain (with reasons).
Specifically, if adding more than one new domain, please cite in your PR where one can generate a disposable email address which uses that domain, so the maintainers can verify it.
Use:
$ cat disposable_email_blocklist.conf your_file | tr '[:upper:]' '[:lower:]' | sort -f | uniq -i > new_file.conf
$ comm -23 new_file.conf allowlist.conf > disposable_email_blocklist.conf
to add contents of another file in the same format (only second level domains on new line without @). It also converts uppercase to lowercase, sorts, removes duplicates and removes allowlisted domains.
Changelog
-
4/18/19 @di joined as a core maintainer of this project. Thank you!
-
7/31/17 @deguif joined as a core maintainer of this project. Thanks!
-
12/6/16 - Available as PyPI module thanks to @di
-
7/27/16 - Converted all domains to the second level. This means that starting from this commit the implementers should take care of matching the second level domain names properly i.e.
@xxx.yyy.zzzshould matchyyy.zzzin blocklist more info in #46