Block email domain from registration

helsinkisisu · Monday at 08:16 AM

This question has been asked before, but it usually related to the contact form, and previous replies have given code changes to older versions of PS.

I have what I suspect to be a potential fraudster who regularly registers a new account during checkout, but their address is fake/incomplete , their email is either fake or temporary and their IP always changes. It is always mail*******@protonmail.com (where * are numbers), which suggests it might be Protonmail's hide-my-email aliases. I ban the email and IP, but that is no help in this case.

What I would like to do is block all mail*@protonmail.com email addresses from registration. It there a way to do this in PS 8.2.1?

alex_developer · Monday at 09:58 AM

You can prohibit registration and order placement for users who use temporary email addresses, i.e., block email addresses registered on temporary email service domains.

There is a large list of such domains on the Internet.

I used this approach in one of my projects, and it works great.

helsinkisisu · Monday at 10:05 AM

3 minutes ago, alex_developer said:

You can prohibit registration and order placement for users who use temporary email addresses, i.e., block email addresses registered on temporary email service domains.

There is a large list of such domains on the Internet.

I used this approach in one of my projects, and it works great.

Thanks for your reply. Is there a process written somewhere to do this?

alex_developer · Monday at 10:11 AM

10 minutes ago, helsinkisisu said:

Thanks for your reply. Is there a process written somewhere to do this?

I haven't seen it anywhere on the internet.

I developed this functionality myself.

Here is a file with more than 100,000 temporary email domains:

Edited Monday at 10:16 AM by alex_developer (see edit history)

helsinkisisu · Monday at 10:22 AM

Thanks. However, while I am fine with editing code, but I am not a developer able to create something like this. 🙁

alex_developer · Monday at 10:35 AM

12 minutes ago, helsinkisisu said:

Thanks. However, while I am fine with editing code, but I am not a developer able to create something like this. 🙁

If you need help with this, please don't send me a private message.

El Patron · 2025-11-05T17:27:35Z

There are a many ways to do this.

Basic Syntax and DNS Validation (Built-in or Simple Hook)

Out of the box, PrestaShop only checks email format (@, . etc.).
You can extend this easily with a small PHP hook:

Validate that the domain has MX records (i.e., a mail server exists).

Reject or flag addresses from invalid domains or typos like gmai.com, hotmial.com.

if (!checkdnsrr(array_pop(explode("@", $email)), "MX")) { $this->errors[] = $this->l('Please use a valid email address.'); }

Fast and server-side, blocks emails that cannot receive mail at all.

however, we do not know your prestashop version so I cannot guide on how to implement, please always include this for best results.

a couple module that might solve most of your issues

https://addons.prestashop.com/en/website-security-access/95042-block-fake-email-block-disposable-or-fake-emails.html

I trust this developer: https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

alex_developer · 2025-11-05T17:44:08Z

18 minutes ago, El Patron said:

Validate that the domain has MX records (i.e., a mail server exists).

All working temporary email services via DNS are no different from the DNS of real email services such as Gmail or others and temporary email domains has MX record, DKIM-signature, DMARC and SPF.

That is, DNS records for temporary email domains are no different from popular email domains.

Edited yesterday at 05:45 PM by alex_developer (see edit history)

El Patron · 2025-11-05T18:24:35Z

40 minutes ago, alex_developer said:

All working temporary email services via DNS are no different from the DNS of real email services such as Gmail or others and temporary email domains has MX record, DKIM-signature, DMARC and SPF.

That is, DNS records for temporary email domains are no different from popular email domains.

Yes, you’re absolutely correct — temporary email services do have proper DNS setup. Most of them include valid MX, DKIM, DMARC, and SPF records, so from a DNS perspective, they look exactly like Gmail or Outlook. That’s why simple DNS or MX checks alone can’t really catch disposable addresses — they pass those tests just fine.

There are actually many different ways to handle this, and the approach really depends on which PrestaShop version you’re using and what you’re trying to block (fake registrations, spam checkouts, etc.). The example shown earlier is just one possible method.

Because of what you pointed out, most shop owners end up using a layered approach — something like this:

Use a blacklist or API service to detect disposable email domains.
Keep basic MX/DNS validation just to block obvious typos.
Add behavior or IP filters to stop bots reusing the same IPs.

alex_developer · 2025-11-05T19:03:55Z

Yes, I agree with you.

helsinkisisu · 2025-11-05T23:28:22Z

5 hours ago, El Patron said:

There are a many ways to do this.

Basic Syntax and DNS Validation (Built-in or Simple Hook)

Out of the box, PrestaShop only checks email format (@, . etc.).
You can extend this easily with a small PHP hook:

Validate that the domain has MX records (i.e., a mail server exists).

Reject or flag addresses from invalid domains or typos like gmai.com, hotmial.com.

if (!checkdnsrr(array_pop(explode("@", $email)), "MX")) { $this->errors[] = $this->l('Please use a valid email address.'); }

Fast and server-side, blocks emails that cannot receive mail at all.

however, we do not know your prestashop version so I cannot guide on how to implement, please always include this for best results.

a couple module that might solve most of your issues

https://addons.prestashop.com/en/website-security-access/95042-block-fake-email-block-disposable-or-fake-emails.html

I trust this developer: https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

Thanks for these suggestions!

5 hours ago, El Patron said:

however, we do not know your prestashop version so I cannot guide on how to implement, please always include this for best results.

On 11/3/2025 at 10:16 AM, helsinkisisu said:

It there a way to do this in PS 8.2.1?

El Patron · 2025-11-06T14:08:27Z

if you can budget, 29 euros is a very fair price and mypresta.eu has rock solid modules.

https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

the time you spend now trying to sort this issue manually could be spent on building your business. be careful with prestashop you will find yourself toying with ps and not focusing on your core business.

helsinkisisu · 2025-11-06T14:13:36Z

3 minutes ago, El Patron said:

if you can budget, 29 euros is a very fair price and mypresta.eu has rock solid modules.

https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

the time you spend now trying to sort this issue manually could be spent on building your business. be careful with prestashop you will find yourself toying with ps and not focusing on your core business.

No problem. I have used Mypresta modules previously. 🙂 I will assess the two modules you suggested to see which is best for my needs.

Block email domain from registration

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in