Blocco dei tentativi di registrazione di domini spammer.

We’ve had a recent flood of registration attempts with email addresess looking like @services.cn that are filling up our MTA queue as non-deliverable.

My understanding is that there is no way to block domains using wildcards ( as per Use of an asterisk in blocked email domains prevents registration from any email address - #7 by selase )

Is there any other way to avoid this kind of attack ?

Discourse does not support wildcards in the blocked email domains list, so blocking entire domain patterns like @services.cn is not possible directly. However, there are several measures you can take to reduce or prevent these spam registration attacks:

1. Reduce “max new accounts per registration IP”
   Lower this setting to 1 or another low number to limit how many new accounts can be created from the same IP address. This helps prevent mass registrations from a single IP and is very effective during an attack.
2. Enable hCaptcha on Registration
   Add a CAPTCHA challenge to your signup form by enabling the Discourse hCaptcha Plugin. This increases friction for bots and automated signups and is available on all hosted plans.
3. Manually Block Known Bad Domains
   While wildcards are not supported, you can explicitly add problematic domains to your “blocked email domains” list.
4. Require New User Approval
   Temporarily enable the setting to “must approve users.” This puts all new registrations in a moderation queue for manual approval.