a list of disposable and temporary email address domains
Go to file
Sven Döring e483b503f1
Added additional disposable domain (#348)
Added tmmbt.net as domain. I just had a registration from this domain and checked it as a disposable 10 minute email provider.
2023-05-26 01:14:38 +02:00
.github Create pull_request_template.md 2022-09-01 05:57:24 +02:00
allowlist.conf remove personal domain (#347) 2022-12-01 20:52:30 +01:00
disposable_email_blocklist.conf Added additional disposable domain (#348) 2023-05-26 01:14:38 +02:00
LICENSE.txt include the project's CC0 dedication as license file 2022-12-01 18:26:45 +01:00
maintain.sh Make maintain.sh executable (#285) 2021-10-01 13:15:15 +02:00
README.md Added Bash script example, + spymail.com domain (#350) 2022-12-26 21:49:54 +01:00
requirements.txt use the altest version of PSL database 2018-02-04 23:55:37 -05:00
verify.py replace travis with gha (#269) 2021-04-28 13:54:09 +02:00

List of disposable email domains

Licensed under CC0

This repo contains a list of disposable and temporary email address domains often used to register dummy users in order to spam or abuse some services.

We cannot guarantee all of these can still be considered disposable but we do basic checking so chances are they were disposable at one point in time.

Allowlist

The file allowlist.conf gathers email domains that are often identified as disposable but in fact are not.

Contributing

Feel free to create PR with additions or request removal of some domain (with reasons).

Specifically, please cite in your PR where one can generate a disposable email address which uses that domain, so the maintainers can verify it.

Please add new disposable domains directly into disposable_email_blocklist.conf in the same format (only second level domains on new line without @), then run maintain.sh. The shell script will help you convert uppercase to lowercase, sort, remove duplicates and remove allowlisted domains.

Changelog

  • 2/11/21 We created a github org account and transferred the repository to it.

  • 4/18/19 @di joined as a core maintainer of this project. Thank you!

  • 7/31/17 @deguif joined as a core maintainer of this project. Thanks!

  • 12/6/16 - Available as PyPI module thanks to @di

  • 7/27/16 - Converted all domains to the second level. This means that starting from this commit the implementers should take care of matching the second level domain names properly i.e. @xxx.yyy.zzz should match yyy.zzz in blocklist more info in #46

Example Usage

TOC: Python, PHP, Go, Ruby on Rails, NodeJS, C#

Python

with open('disposable_email_blocklist.conf') as blocklist:
    blocklist_content = {line.rstrip() for line in blocklist.readlines()}
if email.partition('@')[2] in blocklist_content:
    message = "Please enter your permanent email address."
    return (False, message)
else:
    return True

Available as PyPI module thanks to @di

>>> from disposable_email_domains import blocklist
>>> 'bearsarefuzzy.com' in blocklist
True

PHP

contributed by @txt3rob, @deguif, @pjebs and @Wruczek

  1. Make sure the passed email is valid. You can check that with filter_var
  2. Make sure you have the mbstring extension installed on your server
function isDisposableEmail($email, $blocklist_path = null) {
    if (!$blocklist_path) $blocklist_path = __DIR__ . '/disposable_email_blocklist.conf';
    $disposable_domains = file($blocklist_path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    $domain = mb_strtolower(explode('@', trim($email))[1]);
    return in_array($domain, $disposable_domains);
}

Alternatively check out Composer package https://github.com/elliotjreed/disposable-emails-filter-php.

Go

contributed by @pjebs

import ("bufio"; "os"; "strings";)
var disposableList = make(map[string]struct{}, 3500)
func init() {
	f, _ := os.Open("disposable_email_blocklist.conf")
	for scanner := bufio.NewScanner(f); scanner.Scan(); {
		disposableList[scanner.Text()] = struct{}{}
	}
	f.Close()
}

func isDisposableEmail(email string) (disposable bool) {
	segs := strings.Split(email, "@")
	_, disposable = disposableList[strings.ToLower(segs[len(segs)-1])]
	return
}

Alternatively check out Go package https://github.com/rocketlaunchr/anti-disposable-email.

Ruby on Rails

contributed by @MitsunChieh

In the resource model, usually it is user.rb:

before_validation :reject_email_blocklist

def reject_email_blocklist
  blocklist = File.read('config/disposable_email_blocklist.conf').split("\n")

  if blocklist.include?(email.split('@')[1])
    errors[:email] << 'invalid email'
    return false
  else
    return true
  end
end

Alternatively you can use the disposable_mail gem: https://github.com/oesgalha/disposable_mail.

NodeJs

contributed by @martin-fogelman

'use strict';

const readline = require('readline'),
  fs = require('fs');

const input = fs.createReadStream('./disposable_email_blocklist.conf'),
  output = [],
  rl = readline.createInterface({input});

// PROCESS LINES
rl.on('line', (line) => {
  console.log(`Processing line ${output.length}`);
  output.push(line);
});

// SAVE AS JSON
rl.on('close', () => {
  try {
    const json = JSON.stringify(output);
    fs.writeFile('disposable_email_blocklist.json', json, () => console.log('--- FINISHED ---'));
  } catch (e) {
    console.log(e);
  }
});

C#

private static readonly Lazy<HashSet<string>> _emailBlockList = new Lazy<HashSet<string>>(() =>
{
  var lines = File.ReadLines("disposable_email_blocklist.conf")
    .Where(line => !string.IsNullOrWhiteSpace(line) && !line.TrimStart().StartsWith("//"));
  return new HashSet<string>(lines, StringComparer.OrdinalIgnoreCase);
});

private static bool IsBlocklisted(string domain) => _emailBlockList.Value.Contains(domain);

...

var addr = new MailAddress(email);
if (IsBlocklisted(addr.Host)))
  throw new ApplicationException("Email is blocklisted.");

Bash

#!/bin/bash

# This script checks if an email address is temporary.

# Read blocklist file into a bash array
mapfile -t blocklist < disposable_email_blocklist.conf

# Check if email domain is in blocklist
if [[ " ${blocklist[@]} " =~ " ${email#*@} " ]]; then
    message="Please enter your permanent email address."
    return_value=false
else
    return_value=true
fi

# Return result
echo "$return_value"