Use of Disposable Email Addresses in WordPress

View: 350    Dowload: 0   Comment: 0   Post by: hanhga  
Author: none   Category: WordPress template   Fields: Other

10 point/2 review File has been tested

Spammers are everywhere, they use automated software that crawls the web in search of websites

Introduction

Spammers are everywhere, they use automated software that crawls the web in search of websites (such WordPress sites) with the aim of submitting and registering hundreds and thousands of accounts and spam comments.

On one of my WordPress powered sites, I discovered over 50 newly registered spam accounts, all created with disposable email addresses. To prevent a re-occurrence, I had to create a plugin that prevented the registration of accounts with disposable email addresses.

Disposable Email Addresses WordPress

In this tutorial, we’ll learn the meaning of disposable email addresses, how they work and finally, how they can be stopped in a PHP application – albeit with focus on WordPress.

Introduction to Disposable Email Addresses

DEA, an acronym for Disposable Email Address (sometimes referred to as throw-away, temporary email or self-destructive email), is a service that allows a registered user to receive email at a temporary address that expires after a certain time period lapses. Simply put, they are email accounts created to accomplish a short-term goal.

The Good

The original intent behind disposable email addresses is to protect oneself from untrusted websites, typically to avoid spam.

Detecting Disposable Email Addresses

There is no algorithm (to the best of my knowledge) for detecting if an email is disposable or not.

To detect a disposable email address:
– Firstly, you will have to create and maintain a list/database of disposable email domains.
– Check if the domain part of the email (e.g. in “hi@trashmail.com”, “trashmail.com” is the domain part) is in the database.

Below is a PHP function that accepts an email address as an argument and return true if it is disposable or false otherwise.

<?php

/**
 * Check if an email is disposable or not.
 * 
 * @param $email string email to check
 *
 * @return bool
 */
function detect_disposable_email( $email ) {

 $disposable_list = array(
 'drdrb.net',
 'upliftnow.com',
 'uplipht.com',
 'venompen.com',
 'veryrealemail.com',
 'viditag.com',
 'viewcastmedia.com',
 'viewcastmedia.net',
 'viewcastmedia.org',
 'gustr.com',
 'webm4il.in',
 'wegwerfadresse.de',
 'wegwerfemail.de',
 'wetrainbayarea.com',
 'wetrainbayarea.org',
 'wh4f.org',
 'whyspam.me',
 'willselfdestruct.com',
 'winemaven.in',
 'wronghead.com',
 'wuzup.net',
 'wuzupmail.net',
 'www.e4ward.com',
 'www.gishpuppy.com',
 'www.mailinator.com',
 'wwwnew.eu',
 'xagloo.com',
 'xemaps.com',
 'xents.com',
 'xmaily.com',
 'xoxy.net',
 'yep.it',
 'yogamaven.com',
 'yopmail.fr',
 'yopmail.net',
 'ypmail.webarnak.fr.eu.org',
 'yuurok.com',
 'zehnminutenmail.de',
 'zippymail.in',
 'zoaxe.com',
 'zoemail.org',
 'inboxalias.com',
 'koszmail.pl',
 'tagyourself.com',
 'whatpaas.com',
 'emeil.in',
 'azmeil.tk',
 'mailfa.tk',
 'inbax.tk',
 'emeil.ir',
 'crazymailing.com',
 'mailimate.com'
 );

//extract domain name from email
 $domain = array_pop( explode( '@', $email ) );

 if ( in_array( $domain, $disposable_list ) ) {
 return true;
 } 
 
 else {
 return false;
 }

}

//extract domain name from email
 $domain = array_pop( explode( '@', $email ) );

 if ( in_array( $domain, $disposable_list ) ) {
 return true;
 } 
 
 else {
 return false;
 }

}

The numbers of disposable email providers are increasing by the day, thus making it impossible to easily keep our list of DEAs updated.

There exist a number of services that keep an updated list of disposable emails and also exposes an API for detecting them, such as NameAPI and block-disposable-email.com. We’ll be using the latter in coding a plugin that will block users trying to create an account with a disposable email in WordPress.

Stopping Disposable Email Registration in WordPress

As previously mentioned, we will use block-disposable-email.com. Before we delve into the plugin development, register an account at the site with a non-disposable email (of course) to grab a free API key.

Note: the free account comes with a limitation of up to 200 requests per month. To increase the quota, see the pricing page.

With that said, let’s begin the plugin development.

First off, include the plugin header.

<?php

/*
Plugin Name: Stop Disposable Email Sign-ups
Plugin URI: http://sitepoint.com
Description: Stop users from registering a WordPress account with disposable emails.
Version: 1.0
Author: Agbonghama Collins
Author URI: http://w3guy.com
License: GPL2
*/

Create a PHP class with a properties that will store the API key.

class Stop_Disposable_Email {

 /** @type string API key */
 static private $api_key = 'd619f9ad24052ad785d1edf65bbd33b4';

The class constructor method will consist of a filter that hooks a method (stop_disposable_email_signup) to registration_errors to validate the email address and ensure it isn’t disposable.

public function __construct() {
 add_filter( 'registration_errors', array( $this, 'stop_disposable_email_signups' ), 10, 3 );
 }

Next we use a helper is_email_disposable() method that will send a GET request to the block-disposable-email.com API via wp_remote_get using the WordPress HTTP API to check the status of the email – that is, if it is disposable or not.

/**
  * Check if an email is disposable or not.
  *
  * @param $email string email to check
  *
  * @return bool true if disposable or false otherwise.
  */
 public static function is_email_disposable( $email ) {

 // get the domain part of the email address
 // e.g in hi@trashmail.com, "trashmail.com" is the domain part
 $domain = array_pop( explode( '@', $email ) );

 $endpoint = 'http://check.block-disposable-email.com/easyapi/json/' . self::$api_key . '/' . $domain;

 $request = wp_remote_get( $endpoint );

 $reponse_body = $body = wp_remote_retrieve_body( $request );

 $response_in_object = json_decode( $reponse_body );

 $domain_status = $response_in_object->domain_status;

 if ( $response_in_object->request_status == 'success' ) {

 if ( $domain_status == 'block' ) {
 return true;
 } elseif ( $domain_status == 'ok' ) {
 return false;
 }

 }

 }

Here is the code for stop_disposable_email_signups() that will stop users of disposable email addresses from creating an account.

/**
  * Stop disposable email from creating an account
  *
  * @param $errors WP_Error Registration generated error object
  * @param $sanitized_user_login string sign-up username
  * @param $user_email string sign-up email
  *
  * @return mixed
  */
 public function stop_disposable_email_signups( $errors, $sanitized_user_login, $user_email ) {

 if ( self::is_email_disposable( $user_email ) ) {

 $errors->add( 'disposable_email', '<strong>ERROR</strong>: Email is disposable, please try another one.' );
 }

 return $errors;

 }

Finally, we close the plugin class.

} // Stop_Disposable_Email

Suggestions for Plugin Improvement

I created a class property and manually added my block-disposable-email.com API key to it. Ideally, a settings page for the plugin should have been created with a form field that will save the key to the database for reuse by the plugin.

Let’s make this an assignment for you. This is one way on how you might do this.

  • Create a settings page for the plugin with an input field that will save the key to the database, here is a great guide.
  • Retrieve the API key from the database with get_option function and use that instead.

Summary

In this article, we learned the meaning of DEAs, modus-operandi and the good, the bad and the ugly of disposable email address systems. We learned how DEAs can be stopped, and finally created a plugin for stopping users from registering an account with a disposable email address in a WordPress powered site.

Use of Disposable Email Addresses in WordPress

Use of Disposable Email Addresses in WordPress Posted on 18-03-2016  Spammers are everywhere, they use automated software that crawls the web in search of websites 5/10 350

Comment:

To comment you must be logged in members.

Files with category

 

File suggestion for you

File top downloads

logo codetitle
Codetitle.com - library source code to share, download the file to the community
Copyright © 2015. All rights reserved. codetitle.com Develope by Vinagon .Ltd