The impossible task of blocking disposable email signups

When a user signs up for a service most of the time they have to share their email address. When a potential user shares an email address with a service during signup, within that sharing there is benefit for both the user and the service.

For the user, they can request a password reset, which usually sent to the given email address, they can get important updates of privacy policy, changes to TOS and even newsletters.

For the service provider, they can use the email address to keep the user in the loop and make sure the user returns back to the service. How many emails do you get from Facebook about notifications in a single day?

My last two months were spent on working on a small side project called Tuti, a service providing educational tools for teachers and students. When I shared the service on places like Reddit, HackerNews and with some of my colleagues, I received some signups that were made with temporarily email providers.

Temporary emails are like burner phones, they are not attached to a user and the email address and the inbox. They are good for the users to try out a service, but they provide no value for the service. They will use up space by creating an account for the user on the service, service can reconnect with the user because they are no longer going to use the email addresses again.

Trying to block temporary email addresses

For this reason, I wanted to restrict signups from temporary email addresses, my initial thought was create a list of temporary email address providers and filter them and block signups coming from these email addresses.

I did a small google search hoping to find an already existing list, and sure enough someone has made a GitHub gist with a list of temporary email providers.

The list was several years old and after checking the list I saw that there are sone legit email providers and there were some missing disposable email providers as well. So I decided to make a fork and edit the list.

I went though some of the comments made to the gist to see what other email providers users have provided. And then I came across this gigantic list of disposable email domains.

There were more than 100,000+ list of domains. This does not mean that there are 100,000 temporary email providers, but almost all of them use multiple domain names to provide disposable email addresses.

There is no way I’m going to put my system go through 100,000+ domain names just squat a system.

Yes sure I can make an array/hashmap with key being the domain name, and finding that would be quicker than looping though the whole list.

[0:a, 1:b, 2:c]
[a:1, b:1, c:1]

In the first instance I will have to loop though the array to find out if b exists inside the array. Where on the second instance I can quickly check for the existence of b by checking if (arr[b]).

So I quickly gave up the idea of blocking disposable emails , it’s much simpler to squash the account from an administrator panel when I detect that a temporary email address has been used for a signup.

Are you using a filter to prevent temporary email providers?

If you are interested, please checkout my service I created for teachers and students. If you like using flashcards, you can also use it to create Markdown powered flashcards as well.