Hi there,

I would like to check the e-mail address, which the user provided for registration at my site, to see if it is one of those disposable e-mail addresses.

My idea is to have an array called $blacklist with the domains offering random, disposable e-mail addresses, like:

$blacklist = array("yopmail", "faker2","faker3", ... etc );

To simplifise, I just want to check for the name of the domain; not the whole domain. That is, "yopmail" instead of "yopmail.com".

The email $email should then be the string for which I test if any of the items in the array $blacklist is to be found as a substring of my string.

That is, if the user inputs "12345545@yopmail.com" then a function should return true, because "yopmail" is in the array. If none of the array items are a substring of the string $email, then the function should return false.

I have trawled the web, but not found any solution.

What I am looking for is a simple function which parses the e-mail string for the array substrings.

What I have so far is this:

	$blacklist = array("yopmail");

function disposable($theEmail) {
	foreach ($badInbox as $blacklist) {
		if(strpos($badInbox, $theEmail)) {
			return true;
		}
		else return false;
	}
}


if(disposable($email)) {
do ...
}

However, even if I test with an e-mail address, which should be banned, the address passes my check.

What is wrong, and how do I get a working function?

I am quite a newbee on php and hope that anyone can help.

Thank you very much in advance.

I just tried another approach, which did NOT work either:

	function isFake($theEmail) {

	$blacklist = array("fakemail","yopmail");

	$catch = 0;

	for($i=0; $i < count($blacklist); $i++) {
		$detect = strpos($theEmail, $blacklist[$i]);

		if($detect === true) {
			$catch++;
		}
	}

	if($catch) {
		return true;
	}
	else return false;
}

Why doesn't it evaluate as TRUE although the string "yopmail" indeed is in the string "123@yopmail.com" ?

when using strpos you want to look for false or not false, instead of true

if ($detect !== false) {

//instead of

if($detect === true) {

You are THE MAN!

Thanks a million, thanks a million

Here is my code which WORKS:

	function isFake($theEmail) {

        $blacklist = array("fakemail","yopmail");

        $catch = 0;

        for($i=0; $i < count($blacklist); $i++) {
    	    $detect = strpos($theEmail, $blacklist[$i]);

            if($detect !== false) {
    	        $catch++;
        	}
    	}

        if($catch) {
    	    return true;
    	}
        else return false;
	} 

		if(isFake($email)) {
			$errmsg = "<br><br><font color='#B80000;'><i>Fake e-mail address! Please use a valid service.</i></font>";
			unset($email);
			$onload = " onload='document.reg_form.email.focus()';";
		}

I know, it is not pretty, but it works.

there are a million disposable email address services that change all the time so maintaining a list would be a hard job, what are you actully trying to stop? You could send them an email with a link to confirm the existence of the account not that it would achieve much either.

as for the code above i would do this:

function isFake($theEmail){

$blacklist= array("fakemail","yopmail");
$match=false;
foreach($blacklist as $black){

	if(strpos($theEmail,$black) !== false){
		$match=true;
		break;
	}


}
return $match;
}

There are not millions of disposable e-mail address services, and they do not change all the time, either.

E.g. the e-mails generated by Yopmail all end with @yopmail.com and as such they do not change their domain.

What I am trying to reduce, is the number of duplicate accounts made by the same services. Duplicate accounts are most easily made by using a disposable e-mail address for which to confirm by clicking the link sent to them.

I have seen this practice implemented by e German movie site, and thus thought it would be a good idea to filter out the most frequently used services for randomly generated temporary e-mail addresses. If one has to set up e.g. a new Gmail every time, it is less likely that they will create duplicate accounts instead of using the one they already have.

The reason I would like to reduce the risk of duplicate accounts, is that they can be used for manipulating the outcome of votes for best stories at my site, for which there will be given a price. So it is important to secure the integrity of the user database.

There is no way to completely prevent multiple sign-ups, except from requiring civil registration numbers or such, but the risk can be reduced.

Also, it will have a preventive impact on spammers, which again increases the integrity of the site.

Hope this clarifies the idea :0)

i use my own domain(s) for disposable addresses and legit ones, guess i could be in trouble with your system.

Legit domains like google or hotmail will not be excluded, and neither will domains which I do not already know.

I will exclude domains from services which instantly generate a random e-mail address and an inbox for use-and-throw away, like yopmail.com.

Another approach to check for domains to ban (in particular for disposable email addresses) is to use services like http://www.block-disposable-email.com

One example to integrate is:

<?php

$domain = 'mailinator.com';
$key = '57faf1e9a07671acd8cdcf79237b403a';
$request = 'http://check.block-disposable-email.com/api/json/' . $key . '/' . $domain;

$response = file_get_contents($request);
$dea = json_decode($response);

if ($dea->request_status == 'success')
{
if ($dea->domain_status == 'ok')
{
// do something like register ...
echo "OK, lets register ...";
}

if ($dea->domain_status == 'block')
	{
	// deny registration ...
	echo "Please do not use one-time email addresses ...";
	}
}

// Do some other checks

?>

Regards,

Gerold