Allow blacklisting email addresses for local account registration #4644
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Is your feature request related to a problem? Please describe.
There are cases of spammers signing up with very similar emails (all on the same domain). These signups are done by humans so email verification does not stop them (and neither would a CAPTCHA, if we had one).
Describe the solution you'd like
Provide an option in the admin area to blacklist emails. This should ideally use glob-style wildcards (at least
*) so you can blacklist e.g.*@spammerdomain.combut also individual email addresses.Describe alternatives you've considered
Moderating registrations is an alternative, but puts more burden on the admins, especially if the majority of signups are legitimate.
Additional context
The email blacklist needs to be checked during local registration, but we could safely ignore it for SSO signups since this data is generally trusted. But maybe it's easier to enforce everywhere, ie both local and sso registration and also when managing account emails.
The text was updated successfully, but these errors were encountered: