You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
There are cases of spammers signing up with very similar emails (all on the same domain). These signups are done by humans so email verification does not stop them (and neither would a CAPTCHA, if we had one).
Describe the solution you'd like
Provide an option in the admin area to blacklist emails. This should ideally use glob-style wildcards (at least *) so you can blacklist e.g. *@spammerdomain.com but also individual email addresses.
Describe alternatives you've considered
Moderating registrations is an alternative, but puts more burden on the admins, especially if the majority of signups are legitimate.
The email blacklist needs to be checked during local registration, but we could safely ignore it for SSO signups since this data is generally trusted. But maybe it's easier to enforce everywhere, ie both local and sso registration and also when managing account emails.
The text was updated successfully, but these errors were encountered: