Joomla! 4.4 PHP 8.1 PHP 8.2
Joomla! 5.1 Joomla! 5.2 PHP 8.1PHP 8.2 PHP 8.3
>Do you ever feel disappointed, or even wronged, when people register on your website with a Disposable or temporary E-mail account? When they download your free ‘goodies’ that you worked so hard on and ‘thank’ you with a bouncing email address, leaving you with no possibility to contact them, for support, news, etc.
Do you ever feel bothered by the fact that people using disposable or temporary email accounts are most likely to spam or offend other members of your website, just because they have that ‘invincible’ feeling of being ‘anonymous’ and ‘untraceable’. Do malicious activity, spam bots, and internet trolls come to mind?
Or do you just want to make a statement:
if you don’t trust me with your real e-mail account, why trust me and my services at all...
Time to stop User Registrations with Disposable Mail addresses on your website!
With the ochStopDMR system plugin, you can check every mail domain that a user uses to register on your website. When a user registers or (configurable) when a user changes his user profile, a request is made to an external API that checks the domain part of the E-mail:
- to have a valid mx-record in the domain’s DNS record;
- to have a valid TLD (Top Level Domain): checked against a daily updated Root Zone database;
- to not be in a 100K+ (and daily growing) maintained Disposable E-mail Domain names database.
Currently detecting well over 125 thousand fake and disposable mail domains!
The system plugin works with the Joomla! (3.9.0 introduced) onUserBeforeSave trigger and will work with all extensions (like Kunena, rd-subscriptions) that use Joomla! Users and follow the Joomla! API / Coding Standards.
When a user registers or updates his e-mail account to a disposable account the following error will be shown to the user (this is using the default Joomla! core language string (JGLOBAL_EMAIL_DOMAIN_NOT_ALLOWED), so it is available in all (installed) languages!):
The email domain [used black listed domain] is not allowed. Please enter another email address.
Is this Guaranteed, 100% stopping Disposable E-mail registrations?
Unfortunately no. Even with 125 thousand+ disposable domains, the user may find himself ‘lucky’. As with all security measures, this is a ‘cat-and-mouse-game’ where new Disposable E-mail domains are created on an almost daily bases. But there is also a community out there that is scavenging the internet for these (new) domains and when found share them.
What I see in practice is that they try two or three different Disposable domains at most and then just give up and use their real E-mail account.
Can I help?
Yes you can! When a new user registers on your website and it turns out that his e-mail domain was ‘validated’ but shouldn’t have been, you can always reach out to me so I can add it to the database and spread the word on the Internet. The same goes for false positives: when a user wants to register with an e-mail account that is flagged as Disposable but isn’t, you can directly whitelist it in the plugin and contact me too.
What about privacy?
In order to maintain this service, only the domain part (the part after the @) is sent to the API and is logged. This allows me to find new disposable domains that were not already in the database. Emails are not stored and logs will be removed when handled or on a monthly bases.
Screen-shots
[Gallery created with ochGlightbox]
Requirements
Joomla! 4.4 PHP 8.1 PHP 8.2
Joomla! 5.1 Joomla! 5.2 PHP 8.1PHP 8.2 PHP 8.3
- Basic Joomla! knowledge available between the chair and the keyboard :)
Installation is easy!
- Download the plugin
- in the Back-end go to menu Extensions > Manage
- in the tab [Upload file package] click [browse] and select your downloaded plug-in
- click [Upload & Install], wait for the installation to finish
Configuration
- in the back-end go to menu Extensions > Plugins
- search / locate the 'ochStopDMR' system plugin
- open the plug-in
- in the tab [Plugin] enable and configure your plugin settings (default settings work on most sites)
- in the [Advanced] tab configure your advanced settings
- click [Save & Close] and you are good to go
Activate Joomla! One Click update and change-log integration
When you install the extension, it will automatically integrate with the Joomla Updater for both updates and change-logs.
On first use, the Joomla updater will prompt you with a 'Download Key is missing!' message.
- On this site: Go to [Tools > My Account > My Download Keys], and copy your Download ID#.
- On your site: Go to System > Update Sites, locate the extension, and paste the Download ID into the 'Download Key' field. Click [Save and Close].
Important:
If you're using this Download ID on a new server, you’ll receive an email to approve the device. Click the link in the email to enable downloads from this server.
Without approval, updates won’t be authorized, and the Joomla updater will display a 401 Unauthorized error when trying to fetch updates.
That’s it! You're all set.
Activate your subscription on your site
In order to safe guard the service level of the API server, the API lookups from the ochStopDMR system plugin to the API server are authorized with two unique codes:
- The download ID > this will make sure that you have a valid subscription
- The Access Token > this is a unique token for your site ensuring that your Download ID cannot be reused on other sites
Plugin configuration:
- in the back-end go to menu Extensions > Plugins
- search / locate the 'ochStopDMR' system plugin
- open the plugin
- in the tab [Advanced] paste your 'Download ID#' (visible on your subscription page) in the [Download ID] field
- save the plugin configuration: the Access Token field will now be updated with a site specific hash code
When you have a 'Ten sites subscription´, you can skip the next step!
- You now need to copy the site specific Access Code into your Joomla! profile, tab ochStopDMR, Access Token field > https://onlinecommunityhub.nl/nl/tools/my-joomla-profile
- click [Save & Close] and you are good to go!
- You can now test if the plugin is authorized by saving a user account in the back-end (important: set 'enable on' to administrator or both): When you get the (back-end) message '403: Forbidden: ochStopDMR Not authorised.' there is either an error in your Download ID, or in the Access Token: please redo the steps outlined above and retry.
{tab-documentation Configuration}
Configuration
Plugin configuration:
- in the back-end go to menu Extensions > Plugins
- search / locate the 'ochStopDMR' system plugin
- open the plugin
- in the tab [Plugin] set status to [Enabled]
- Configure the following plugin settings:
- Enable on: enable the check on site (front-end), administrator, or both?
- Check Users: only check new registrations, or also check existing users who update their profile?
- Check e-mail change: always perform a check, or only perform the check when the user changed his e-mail address?
- Fail grey Listed Domains: Grey Listed domain are commercial 'Disposable E-mal accounts and account that are possibly black listed but not yet confirmed.
- White Listed Domains: here you can enter e-mail domains thatare reported as black listed (and thus fail), but you want to allow then (white list them).
- Mail Site owner: Sent email when black listed domain is used on front-end
- BCC System Emails: also sent mail to users who have enabled System Emails in their account profile
- Configure the following advanced settings:
- Download ID: you personal dowload ID, needed for authorization of the API request and for the Joomla one step updater
- Access Token: [read-only] Unique Access Token generated for your site, used for authorization of the API request
- Request Time Out: Set the request time out for the API request. In case there is no timely response, the API request will gracefully fail without the user noticing it
- Enable Log: All errors and warnings regarding the API request responses will be logged (./administrator/logs/plg_system_ochstopdmr-log.php
- Log Successful Validations: Also log info messages when a domain is validated correct
- Domain Lookup Caching: cache validated (successful) Domain look-ups to speed up additional requests to validate the same domain
- click [Save & Close] and you are good to go
Tips & Tricks
- ...
Technical support and feature requests via our forum (You need a valid subscription to be able to post)