By dizwell on

For the past 4 months, I've had a dirty great sign up on the front of my website saying, 'Do not attempt to register for membership here with a yahoo, hotmail, gmail or similar anonymous email account. Only valid ones accepted'.

Without fail, 50 users a week nevertheless sign up with yahoo, gmail, hotmail and the rest accounts, and I have to manually delete them.

Is there a nicer way of doing this? Is there some module I can use that, when a user tries to register with (eg) a yahoo account, it detects the fact, pops up a warning and gives the fellow another chance to supply a more acceptable email address? Failing that, is there a module which will simply and silently bin all attempts to register from a user-definable list of 'iffy' domains?

I've looked at the email module, but that simply seems to verify that an email address is valid -which is not the point here, as perfectly valid gmail/hotmail/etc accounts are nevertheless unacceptable.

I know I can set up Access Rules in the User Administration section of the site and Deny access to emails of the form %yahoo.com%, for example... but the problem there is two-fold. First the "this email address is not acceptable" warning message the user gets on registration is not very visible and doesn't make it obvious WHY it's unacceptable (so is there a way of editing that?); and second, a lot of my users registered before the ban on yahoo/etc email accounts was introduced and I'd rather not suddenly prevent them from logging on to the site. I would prefer a "rule" that only applies at the point of registration, not something that is a blanket rule governing all access.

Any suggestions gratefully received.

Categories: Drupal 5.x

Comments

Christefano-oldaccount’s picture

Christefano-oldaccount commented

Yes, you can create access rules in admin/user/rules (Administer -> User management -> Access rules) that block email addresses that have certain patterns. To block a hotmail.com address, for example, create a rule type that denies any email address with the pattern %hotmail.com

Keep in mind that not everyone uses popular webmail providers like Hotmail, Yahoo, etc. for throwaway addresses. For blocking addresses that are explicitly disposable (like addresses at Mailinator and BugMeNot), see my post about preventing users from using throwaway email addresses at http://exaltationoflarks.net/weblogs/christefano

dizwell’s picture

dizwell commented

I think you may have skipped the bit where I explained that (1) I know I can set up access rules to block particular email domains but that (2) doing so is not ideal because (a) the warning message is not very obvious and (b) it doesn't just stop registrations of new users but also prohibits old users who happen to use blocked email domains from logging on.

Perhaps I wasn't very clear in the way I asked it, so could I have another go, please.

A) How do I improve/customise the warnings produced by the Access Rules utility so that they are more clearly worded and more visible?
B) Is there some other technology I can use instead of the Access Rules so that I don't end up banning old users instead of just blocking registrations from poor email domains by new ones?

Thank you for your time.

Christefano-oldaccount’s picture

Christefano-oldaccount commented

Ah, sorry about that. I read only part of your post before I replied. It happens to the best of us. Thanks for giving me the benefit of the doubt.

You can use the Locale module to change the wording of things like the "the address has been denied access" message. The problem with this, though, is that the message only appears if you have access rules that block a pattern like %hotmail -- and you're right, that would lock out any members who've already signed up in the past with a Hotmail address.

Maybe someone else knows, but I don't know of any modules that blacklists email addresses of future registrations and you may need a custom module for that. What I would do is use the Email Verification module as a foundation and add a function that it searches a blacklist of disallowed domains. If you do this, please consider contributing a patch to the Email Verification issue queue.

Another approach is to use JavaScript to validate the email address field before the user registration form is submitted. The Username check module does this with the username field but it could be rewritten to validate the email address field instead.