Jump to content

Block email domain from registration

helsinkisisu
 Share

Recommended Posts

helsinkisisu Explorer

helsinkisisu

Posted
Posted

This question has been asked before, but it usually related to the contact form, and previous replies have given code changes to older versions of PS.

I have what I suspect to be a potential fraudster who regularly registers a new account during checkout, but their address is fake/incomplete , their email is either fake or temporary and their IP always changes. It is always mail*******@protonmail.com (where * are numbers), which suggests it might be Protonmail's hide-my-email aliases. I ban the email and IP, but that is no help in this case.

 

What I would like to do is block all mail*@protonmail.com email addresses from registration. It there a way to do this in PS 8.2.1?

  • Like 1
Link to comment
Share on other sites
helsinkisisu Explorer

helsinkisisu

Posted
  • Author
Posted
3 minutes ago, alex_developer said:

You can prohibit registration and order placement for users who use temporary email addresses, i.e., block email addresses registered on temporary email service domains.

There is a large list of such domains on the Internet.

I used this approach in one of my projects, and it works great.

Thanks for your reply. Is there a process written somewhere to do this?

Link to comment
Share on other sites
El Patron Veteran

El Patron

Posted
Posted

There are a many ways to do this.

Basic Syntax and DNS Validation (Built-in or Simple Hook)

Out of the box, PrestaShop only checks email format (@, . etc.).
You can extend this easily with a small PHP hook:

Validate that the domain has MX records (i.e., a mail server exists).

Reject or flag addresses from invalid domains or typos like gmai.com, hotmial.com.

if (!checkdnsrr(array_pop(explode("@", $email)), "MX")) { $this->errors[] = $this->l('Please use a valid email address.'); }

Fast and server-side, blocks emails that cannot receive mail at all.

however, we do not know your prestashop version so I cannot guide on how to implement, please always include this for best results.

a couple module that might solve most of your issues

https://addons.prestashop.com/en/website-security-access/95042-block-fake-email-block-disposable-or-fake-emails.html

I trust this developer: https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

 

Link to comment
Share on other sites
alex_developer Enthusiast

alex_developer

Posted
Posted (edited)
18 minutes ago, El Patron said:

Validate that the domain has MX records (i.e., a mail server exists).

All working temporary email services via DNS are no different from the DNS of real email services such as Gmail or others and temporary email domains has MX record, DKIM-signature, DMARC and SPF.

That is, DNS records for temporary email domains are no different from popular email domains.

Edited by alex_developer (see edit history)
  • Like 1
Link to comment
Share on other sites
El Patron Veteran

El Patron

Posted
Posted
40 minutes ago, alex_developer said:

All working temporary email services via DNS are no different from the DNS of real email services such as Gmail or others and temporary email domains has MX record, DKIM-signature, DMARC and SPF.

That is, DNS records for temporary email domains are no different from popular email domains.

Yes, you’re absolutely correct — temporary email services do have proper DNS setup. Most of them include valid MX, DKIM, DMARC, and SPF records, so from a DNS perspective, they look exactly like Gmail or Outlook. That’s why simple DNS or MX checks alone can’t really catch disposable addresses — they pass those tests just fine.

There are actually many different ways to handle this, and the approach really depends on which PrestaShop version you’re using and what you’re trying to block (fake registrations, spam checkouts, etc.). The example shown earlier is just one possible method.

Because of what you pointed out, most shop owners end up using a layered approach — something like this:

  • Use a blacklist or API service to detect disposable email domains.
  • Keep basic MX/DNS validation just to block obvious typos.
  • Add behavior or IP filters to stop bots reusing the same IPs.
  • Thanks 1
Link to comment
Share on other sites
helsinkisisu Explorer

helsinkisisu

Posted
  • Author
Posted
5 hours ago, El Patron said:

There are a many ways to do this.

Basic Syntax and DNS Validation (Built-in or Simple Hook)

Out of the box, PrestaShop only checks email format (@, . etc.).
You can extend this easily with a small PHP hook:

Validate that the domain has MX records (i.e., a mail server exists).

Reject or flag addresses from invalid domains or typos like gmai.com, hotmial.com.

if (!checkdnsrr(array_pop(explode("@", $email)), "MX")) { $this->errors[] = $this->l('Please use a valid email address.'); }

Fast and server-side, blocks emails that cannot receive mail at all.

however, we do not know your prestashop version so I cannot guide on how to implement, please always include this for best results.

a couple module that might solve most of your issues

https://addons.prestashop.com/en/website-security-access/95042-block-fake-email-block-disposable-or-fake-emails.html

I trust this developer: https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

 

Thanks for these suggestions!

  

5 hours ago, El Patron said:

however, we do not know your prestashop version so I cannot guide on how to implement, please always include this for best results.

  

On 11/3/2025 at 10:16 AM, helsinkisisu said:

It there a way to do this in PS 8.2.1?

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...