Email domain whitelist?

(Sam Bauch) #1

I’m working on replacing a private company social network type intranet with a Discourse instance and would like to restrict users from signing up with an email address that is not on the company domain.

There is the email blacklist site setting to prevent signups from certain domains.

I could easily go in and just negate the check and use the blacklist site setting as a whitelist for my instance, but I’m wondering if anyone else might consider this a useful feature, in which case maybe I can replicate the blacklist feature as a whitelist and make a pull request.

(Jeff Atwood) #2

Probably would be fine as an admin site setting; if the value is blank it can be ignored.

(picomancer) #3

I suspect there are a lot of people out there who have your exact use case (private forum available only to people associated with a specific organization). This should be a core feature.

When you start typing in the whitelist field, a big fat warning should appear in the admin UI telling you that you’re going to block everybody who’s NOT from the domain(s) you’re entering. Because “whitelist” in some software means “I know these people are OK, other people might or might not be OK,” but in our case means “These people are the only people who are OK.”

And forum owners should be very clear on this point before they enable the setting.

(Jeff Atwood) #4

The admin site setting descriptions are usually a good place to do this, we have a few that are dangerous and we put WARNING in the description – it works!

(Neil Lalonde) #5

Yes, this would be useful. A pull request would be great!

(Jeff Atwood) #7

This exists as a site setting now

email domains whitelist

A pipe-delimited list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!

(Jeff Atwood) #8