Prevent users from registering with throwaway mail providers #464

Open
opened 3 weeks ago by fnetX · 0 comments
fnetX commented 3 weeks ago
Collaborator

Block throwaway email providers upon creation and not on delivery stage.

Current setup:
We use a list of domains to prevent our mailservers from peering with well-known throwaway email providers. This list is synced from external resources.

Problems:
This approach leads to frequent issues, Although we added a static warning to the registration step, users often don't consider their email service providers as a throwaway email provider - and sometimes it isn't one either.
Also, users who sucessfully validated their email will stop receiving Codeberg news, if their domain was added later - even if they intended to continue using it (especially relevant for aliases)

ToDo:

  • prevent users from registering with throwaway email providers (instant user feedback)
  • re-allow sending emails to these domains to make sure users receive their email
    • (or: inform users their domain was removed and allow them to unlock their account with a new one - much more complicated!)
  • look for a new source of truth for throwaway email providers, because some of the listed domains (gmx.com, googlemail) are probably considered as legitimate use by us, maybe also reconsider deployment (not relying on cron and a text file?)
Might also be relevant: #174 #328 Codeberg/gitea!18
Block throwaway email providers upon creation and not on delivery stage. **Current setup:** We use a list of domains to prevent our mailservers from peering with well-known throwaway email providers. This list is synced from external resources. **Problems:** This approach leads to frequent issues, Although we added a static warning to the registration step, users often don't consider their email service providers as a throwaway email provider - and sometimes it isn't one either. Also, users who sucessfully validated their email will stop receiving Codeberg news, if their domain was added later - even if they intended to continue using it (especially relevant for aliases) **ToDo:** - [ ] prevent users from registering with throwaway email providers (instant user feedback) - [ ] re-allow sending emails to these domains to make sure users receive their email - [ ] (or: inform users their domain was removed and allow them to unlock their account with a new one - much more complicated!) - [ ] look for a new source of truth for throwaway email providers, because some of the listed domains (gmx.com, googlemail) are probably considered as legitimate use by us, maybe also reconsider deployment (not relying on cron and a text file?) ###### Might also be relevant: #174 #328 Codeberg/gitea!18
fnetX added the
contribution welcome
gitea-related
infrastructure
codeberg
labels 3 weeks ago
fnetX changed title from Block throwaway email providers upon creation to Prevent users from registering with throwaway mail providers 3 weeks ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.