How to block spam email domains to signup for the website?
I have added signup with email option on the website and it is getting lots of spam registration from domain like
bestsky.info ,asassd.domailnew.com etc. Is there a library or API that can help to detect these type of spam domains?
Formspree have this "display: none" field. So when a spambot tries to send you a message, it discards the message. Maybe an implementation similar to this? Or use "Recaptcha", the new one it's not annoying :)
I've noticed a sign up with facebook/twitter and grabbing email address from there greatly reduces spam. :)
Your best bet would be to remove the incentive for people to enter a spam email address (depends on your specific use case), and increase their cost (e.g. CAPTCHA).
If you want to block throwaway email addresses (like Mailinator) you can find list of domains they use on Github. They regularly add new domains however, so you'll want to keep those lists updated. I also vaguely remember having seen a developer API that lets you check whether an email address is a throwaway email or not. I think it was either on BetaList or here on WIP, but I'm unable to find it right now.
If it springs to mind I'll post it here.
I've used Clearbit before and it worked really nice if you don't want to bother users or worry that a challenge like CAPTCHA would impact signups too much. You can check out the Risk API, they have a free plan for low volume https://clearbit.com/risk
I use https://github.com/lisinge/valid_email2 - It does two things:
- Verifies the domain has a valid MX record, so it has to be a "real" email
- Blacklists known disposable email providers
For the most part, it just picks up on people mistyping domains but I also don't get to many spam signups.