Blacklist Email Working?

In an effort to stop certain bad actors I’ve started to add blacklisted domain names in the settings:

The two that I added a few days ago link to one of the more well-used “burner” email sites, https://10minutemail.com

But, this morning, I saw the same user was able to register and post via the mvrht.net address that was blacklisted:

Seriously frustrating…!

Possible that it’s not working as intended?

are you sure mvrht.net doesn’t contain any leading/trailing space? It is something I will improve but at the moment it’s possible you added spaces without seeing it.

1 Like

double-checked. no lead/trail.

apparently i can add it twice.

Can you repro this @jomaxro?

1 Like

Did you change your configuration since you posted the bug report, because I can’t sign up at you site with an address from mvrht.net.


Wild guess: Maybe we do not check the blacklist for every oauth provider.
Can you go to Admin -> Users, search for the user, click on it and look at the value of “Logins”? Does it list an oauth provider?

2 Likes

Nope. Went through a bunch of old users.

OK. Then I’m out of ideas.

1 Like

Old users who predate the setting change won’t be affected. So if new signups can’t use the address, the feature is working as designed…

Changing this to “support” since we can’t repro the problem, and it is working on your own site as shown in the screenshot @gerhard posted.

3 Likes

I just tested this on try.discourse.org, adding gmail.com to the blacklist and confirmed that I could not create a new account with my personal gmail. Also checked that Google and Facebook OAuth logins fail as well.

4 Likes

how to find a table (blacklist email) in data explorer?