If you’re dealing with fake or temporary emails in your sign-up forms, you know they create issues. Whether it’s clogging up your database, wasting resources, or spamming.
We see a lot of bogus signups on RightBlogger for people trying to abuse our free tier. So I thought I would share some of my best tips and insights.
In this post, I’ll show you how to block disposable emails using JavaScript with a few API calls. Of course no matter your programming language some of the tips here might be helpful.
This method is useful if you want to keep things clean and prevent users from abusing sign-ups with throwaway accounts. Let’s get into it.
Full Code Snippet to Block Disposable Emails
Since you’re here for the code, here’s the full snippet I use to check for disposable emails with a few API calls:
How it Works
Each disposable email API checks the email’s authenticity differently:
- Debounce.io: Detects disposable email providers instantly (free API).
- VerifyMail.io (optional): Confirms whether the domain is known for disposable emails (paid API).
- StopForumSpam: Adds extra checks for known spam emails and IP addresses with high confidence scores (free API).
Using all three helps make sure no temporary email services slips through. I still have seen plenty of ones not on these lists but I will prevent a lot from just using these.
Additional Checks for Users Signing Up
Even with these APIs, people are persistent, so here are a few more tips you can add to your signup flow to prevent bad signups.
Other tips for preventing bad signups:
- Limit Sign-Ups per IP: Allowing up to two sign-ups per IP per week can prevent repeat sign-ups from the same person. This can easily be do this with an Upstash Rate Limit.
- Restrict Dot Variations: Some people create multiple accounts by adding dots in Gmail addresses (like [email protected]). Counting periods and blocking emails with three or more can help cut down on abuse. You can also normalize all Gmail addresses by removing the periods before the @ symbol, but ensure that your login/signup flows factor this in, so no one gets locked out of an account.
- Watch for ‘+’: Users might add “+something” to the end of their email name (e.g., [email protected]). You could strip any “+” and everything after it in the username to get the base email for verification. I wouldn’t outright block + usage since people like to do +yourservice but just something to look out for.
Wrapping It Up
Blocking disposable emails with JavaScript is straightforward with the right APIs. By combining these methods, you’ll have a solid way to prevent temporary emails in your sign-up form, making your user base more authentic and manageable. Best of all, you can offer more usage to trial users since you are warding off spammers.