Skip to main content

Blocklist

Email blocklist

The email blocklist policy allows customization of email blocklist settings to prevent account sign-up abuse. It monitors email addresses used for sign-up and account settings. If a user attempts to sign up or link an email address that violates any blocklist rules, the system will reject the request, helping to mitigate spam accounts and enhance overall account security.

Visit the Console > Security > Blocklist to configure the email blocklist settings.

Block disposable email addresses

This is a cloud-only feature. Once enabled, the system will automatically validates the domain of the provided email address against a list of known disposable email domains. If the domain is found in the list, the request will be rejected. The list of disposable email domains is regularly updated to ensure its effectiveness.

Block email subaddressing

Email subaddressing allows users to create variations of their email addresses by adding a plus sign (+) followed by additional characters (e.g., [email protected]). This feature can be exploited by malicious users to bypass blocklist restrictions. By enabling the block email subaddressing feature, the system will reject any sign-up or account linking attempts that utilize subaddressed email formats.

Custom email blocklist

You can create a custom email blocklist by specifying a list of email addresses or domains to block. The system will reject any sign-up or account linking attempts that match these entries. The blocklist supports both full email address and domain matching.

For instance, adding @example.com to the blocklist will block all email addresses with that domain. Similarly, adding [email protected] will specifically block that email address.

note:

Disposable emails, subaddressing, and custom email are restricted during registration and account linking. Existing users with these email addresses can still sign in.

What is disposable email? How to handle them in your app?