Stop the Use of Disposable Email Addresses in WordPress

Originally published at: http://www.sitepoint.com/stop-the-use-of-disposable-email-addresses-in-wordpress/

Spammers are everywhere, they use automated software that crawls the web in search of websites (such WordPress sites) with the aim of submitting and registering hundreds and thousands of accounts and spam comments.

On one of my WordPress powered sites, I discovered over 50 newly registered spam accounts, all created with disposable email addresses. To prevent a re-occurrence, I had to create a plugin that prevented the registration of accounts with disposable email addresses.

In this tutorial, we’ll learn the meaning of disposable email addresses, how they work and finally, how they can be stopped in a PHP application – albeit with focus on WordPress.

Introduction to Disposable Email Addresses

DEA, an acronym for Disposable Email Address (sometimes referred to as throw-away, temporary email or self-destructive email), is a service that allows a registered user to receive email at a temporary address that expires after a certain time period lapses. Simply put, they are email accounts created to accomplish a short-term goal.

Continue reading this article on SitePoint

This solution is okay. The only problem is the size of that array of bad domains could grow quickly. So of course searching that array is O(n), generally. Not a big deal now at its current size.

There is also SpamHaus which you can use directly as a DNS server to check records of the offending domain.

Another option might be to block based on TLD, for example if you do not trust any .biz domains (most people do not).

I have also used Mollom for a very long time to stop spammers posting. https://mollom.com/

It is for the same “array size problem” I decided to use a third-party service.

Mollom seems to be a great spam catcher. I’ll check it out later.

Thanks for your contribution.

I use disposable e-mail addresses for the same reason: spammers. Most of the time websites demanding an account sign-up or e-mail before you can proceed don’t actually need it for any reason other than adding you to an e-mail list (without your permission) or selling your personal information to a 3rd-party (again, without you permission.)

Personally, I don’t see much value for the user from articles like this. There are other solutions for preventing spammers without putting yourself against the user. I’d also encourage you to consider whether you really need that e-mail at all. E-mail addresses you collect from your users without demand have much more value anyway.

1 Like

I used to use BugMeNot regularly, and keep a few “throwaway” email addresses for the reason mentioned by weareknights.

I also use throwaways for testing other people’s systems. I’m going to shortly be testing a ticketing service and a story-uploader-- no way am I going to use my real info for some site’s accessibility testing.

However, I think the majority of throwaway emails encountered by WP admins are spammers rather than spam-avoiders. I can see this being useful as one tool among the arsenal they should be using.

Since about maybe 4 years ago, I have never had a problem with spam and I register for a lot of websites now that I use a password management tool which auto-generates a password and auto-fills the forms (although Chrome is quite good at this too now). Every e-mail I get that I do not like has almost consistently had an Unsubscribe button, even a recent one from Brewster I got today (had no idea what Brewster was).

Beyond that, with the amount of email I receive in multiple accounts, Gmail’s spam filter is still the best and even occasionally gets some false positives (which is unfortunate if you are using an IMAP client like on iPhone).

In the worst case, a site has ‘spam’ email and you cannot unsubscribe (sometimes the only way to unsubscribe is to delete your account from that site). I sometimes bother with Gmail’s filters for these.

Sometimes, I use my other email account, the ‘spam’ one. This has become less and less so.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.