Disposable Email Addresses

Started by Skhilled, February 01, 2015, 09:56:08 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Skhilled

These are email addresses that are temporarily used to mask your real email address. Most will last about 10 minutes to one day which is just enough for you (or spammers/hackers) to register on a website using a false email address, thus protecting your own. Don't get me wrong, they do serve a purpose such as registering on a site you are not sure about or a site that may be a tad naughty and you do not wish to give out your real email address for fear they will spam you or give out your email address to others or otherwise make it public. The downside is many sites know about these and will block them as I do.

The real problem is that spammers and hackers use them to register on legit sites to do their evil deeds. One way to guard against them is to add them to your Ban List using a wildcard like this:

*@spammail.com

This will block any adress they will try to use such as viagara@spammail.com, etc. You can easily find a list of the most common disposable addresses but searching for them using your favorite search engine. However, these services do use a lot of different email address that may be different like:

*@spammail.net
*@spammail.biz
*@spambait.com

Or use one like the following for the ones that will use .net, .biz, etc. (imo, this is best):

*@spammail.*

..you get the idea. The point to all of this? You can create a list of the email addresses and add them to your Ban List. I've named my list "!Disposable Emails".  Why? You can easily find it by going to:

Admin -> Mambers -> Ban List and clicking on the "Ban name" column. This will sort that column alphabetically...A-Z. Since characters such as !, #, etc. will come before letters or numbers it will show first making it easy to find, especially, if you have a long list of "Ban names".  :cool2:

NOTE: Before you add an email address to the list you should search your members by email address to make sure none are using any of them or they will be banned!!! You have been warned!

I have gathered a list of the most popular addresses at this time for all to add, if they choose. If you find any, you are welcome to add them to the list.  :cool2:

The List:

*@10minutemail.com
*@110mail.net
*@123people.com
*@126.com
*@163.com
*@1dl.us
*@2prong.com
*@anonymbox.com
*@bk.ru
*@bugmenot.com
*@deadaddress.com
*@discard.email
*@discardmail.com
*@dispostable.com
*@dodgit.com
*@e4ward.com
*@emailias.com
*@emailko.in
*@emailthe.com
*@email-unlimited.com
*@fakeinbox.com
*@filzmail.com
*@getairmail.com
*@gishpuppy.com
*@goemailgo.com
*@guerrillamail.*
*@hushmail.*
*@incognitomail.com
*@laposte.net
*@list.ru
*@mailcatch.com
*@maildrop.cc
*@mailex.org
*@mailinator.*
*@meltmail.com
*@mini.burmails.com
*@mintemail.com
*@nokiamail.com - this one may have legit users but is used a lot for disposable email addresses. Choose wisely.
*@nowmymail.com
*@o2.pl
*@ovi.com
*@qq.com
*@sneakemail.com
*@sogetthis.com
*@spamex.com
*@spamfree24.org
*@spamgourmet.com
*@techcrunch.com
*@tempemail.com
*@temp-mail.org
*@tipforus.us
*@trash-mail.com
*@trashmymail.com
*@urx7.com
*@whyspam.me
*@yandex.com
*@yopmail.com
*@xyzfree.net
*@zoemail.com

NOTE: Please keep in mind that new services are created all of the time and current services will add new email domain address all of the time. It is not possible to catch and ban all of them but this list will make your life a lot easier!

I am looking for a way to easily add the list to a database via a SQL Query so you'll be able to add them all at one shot! When I figure it out I'll post it too.  :dancebun:

Ken.

Thanks for posting!
This is useful info for anyone who admin's a site because the spammers are getting worse every day.
" If everything seems under control, you're not going fast enough." - Mario Andretti

Skhilled

Actually, I've meant to do this a long time ago.  :baghead:

I had a much longer list at SMF Arcade, when I started this. But I can't find it anymore. But keep in mind that a lot of them will also use Google, Yahoo, and other popular email accounts. So there only so much you can do without auto-banning them all!  :rofl1:

There's also a list of servers that they like to use like ubiquityservers.com, you can add it to the "hostname" trigger like this:

*.ubiquityservers.com

Unfortunately, I've lost the list of servers and need to rebuild it. I'll make a separate topic when I do and both of these will be stickied for easy access.

Ken.

" If everything seems under control, you're not going fast enough." - Mario Andretti

Skhilled

I knew I posted a list on a couple of sites but forgot which ones.  :rofl1: Thanks!

EDIT: Updated and alphabetized!

Chen Zhen

I can show you a quick edit to an existing SMF file that will allow you to add multiple email addresses as ban triggers to an existing ban group.
After the edit what you do is create a new ban group (name) but only add 1 email address to it. Then you modify that same ban group/name where you can add multiple email addresses separated by a comma.

Here are the edits..

File: ../Sources/ManageBans.php

find:

elseif ($_POST['bantype'] == 'email_ban')
{
if (preg_match('/[^\w.\-\+*@]/', $_POST['email']) == 1)
fatal_lang_error('invalid_email', false);
$_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));

// Check the user is not banning an admin.
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
AND email_address LIKE {string:email}
LIMIT 1',
array(
'admin_group' => 1,
'email' => $_POST['email'],
)
);
if ($smcFunc['db_num_rows']($request) != 0)
fatal_lang_error('no_ban_admin', 'critical');
$smcFunc['db_free_result']($request);

$values['email_address'] = $_POST['email'];

$modlogInfo['email'] = $_POST['email'];
}


replace with:

elseif ($_POST['bantype'] == 'email_ban')
{
$emails = explode(',', $_POST['email']);
foreach ($emails as $email)
{
list($email, $check) = array(trim($email), false);

if (preg_match('/[^\w.\-\+*@]/', $email) == 1)
fatal_lang_error('invalid_email', false);

$email = strtolower(str_replace('*', '%', $email));

// Check the user is not banning an admin.
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
AND email_address LIKE {string:email}
LIMIT 1',
array(
'admin_group' => 1,
'email' => $email,
)
);

if ($smcFunc['db_num_rows']($request) != 0)
fatal_lang_error('no_ban_admin', 'critical');

$smcFunc['db_free_result']($request);

$request = $smcFunc['db_query']('', '
SELECT email_address
FROM {db_prefix}ban_items
WHERE id_ban_group = {int:ban_group} AND email_address LIKE {string:email}
LIMIT 1',
array(
'ban_group' => (int)$_REQUEST['bg'],
'email' => $email,
)
);

while ($row = $smcFunc['db_fetch_assoc']($request))
$check = $row['email_address'];

$smcFunc['db_free_result']($request);

if (!empty($check))
continue;

$values['email_address'] = $email;
$modlogInfo['email'] = $email;

if ($email !== $emails[count($emails)-1])
{
if ($newBan)
{
$smcFunc['db_insert']('',
'{db_prefix}ban_items',
$insertKeys,
$values,
array('id_ban')
);
}
else
$smcFunc['db_query']('', '
UPDATE {db_prefix}ban_items
SET ' . $updateString . '
WHERE id_ban = {int:ban_item}
AND id_ban_group = {int:id_ban_group}',
array_merge($values, array(
'ban_item' => (int) $_REQUEST['bi'],
))
);

// Log the addion of the ban entry into the moderation log.
logAction('ban', $modlogInfo + array(
'new' => $newBan,
'type' => $_POST['bantype'],
));

list($values['email_address'], $modlogInfo['email']) = array('', '');
}
else
$_POST['email'] = $email;
}
}





find:

else
fatal_lang_error('no_bantype_selected', false);


add AFTER above code

if (!empty($check) && empty($modlogInfo))
fatal_lang_error('no_bantype_selected', false);


Regards.

Skhilled

Sounds great! Thanks! I'll give it a shot. It will be easier than entering then one by one.

EDIT: When I try to add a 2nd one and save it, it says:

(There are currently no ban triggers.)

And there's no triggers.

Ken.

" If everything seems under control, you're not going fast enough." - Mario Andretti

Maxx

Thanks Gents!

great post!

regards,
Maxx

Chen Zhen

Skhilled,

  I just checked the file I instructed to edit and there was no edit done to it.
If you want it to work as I explained then you have to follow my instructions regarding the 2 edits.
Anyhow, I just edited the file for you and added all the emails from your first post to the #Disposable Emails group.
I added them all at once separated by commas as I previously instructed.

Skhilled

LOL, sorry but I was a tad busy when I posted that and forgot to mention that I did edit the files, found a problem and reverted back until I heard from you again. I must have made a bad edit somewhere.  :baghead:

And thanks again.  :cool2:

Chen Zhen


Just in case anyone uses the edit/instruction I provided, here is the same list of disposable emails using commas to separate each one.


*@10minutemail.com,
*@110mail.net,
*@123people.com,
*@126.com,
*@163.com,
*@1dl.us,
*@2prong.com,
*@anonymbox.com,
*@bk.ru,
*@bugmenot.com,
*@deadaddress.com,
*@discard.email,
*@discardmail.com,
*@dispostable.com,
*@dodgit.com,
*@e4ward.com,
*@emailias.com,
*@emailko.in,
*@emailthe.com,
*@email-unlimited.com,
*@fakeinbox.com,
*@filzmail.com,
*@getairmail.com,
*@gishpuppy.com,
*@goemailgo.com,
*@guerrillamail.*,
*@hushmail.*,
*@incognitomail.com,
*@laposte.net,
*@list.ru,
*@mailcatch.com,
*@maildrop.cc,
*@mailex.org,
*@mailinator.*,
*@meltmail.com,
*@mini.burmails.com,
*@mintemail.com,
*@nokiamail.com,
*@nowmymail.com,
*@o2.pl,
*@ovi.com,
*@qq.com,
*@sneakemail.com,
*@sogetthis.com,
*@spamex.com,
*@spamfree24.org,
*@spamgourmet.com,
*@techcrunch.com,
*@tempemail.com,
*@temp-mail.org,
*@tipforus.us,
*@trash-mail.com,
*@trashmymail.com,
*@urx7.com,
*@whyspam.me,
*@yandex.com,
*@yopmail.com,
*@xyzfree.net,
*@zoemail.com


... just copy & paste that list into the Ban on Email Address input field for adding ban triggers and it will add them all at once.
Duplicate email addresses for the same ban group will be ignored.

Skhilled


Skhilled

You can add "*@*.xyz" to the list as they are starting to be seen everywhere now...

Skhilled

Here's an update to this. Pulgoki created a SQL query that you can easily add to your SMF database using phpmyadmin. You can see the topic here:

https://www.smfhelper.com/index.php?msg=7995

I'll post the query here as well:

QuoteYou have to change it to fit your database prefix and ban group.  The table smf***_ban_items edit the *** to match your database. the '1' just happens to be my ban group as I only have a single group.

INSERT INTO `smf***_ban_items`(`id_ban_group`, `email_address`)
VALUES
('1', '%@sogetthis.com'),
('1', '%@10minutemail.com'),
('1', '%@110mail.net'),
('1', '%@123people.com'),
('1', '%@126.com'),
('1', '%@163.com'),
('1', '%@1dl.us'),
('1', '%@2prong.com'),
('1', '%@anonymbox.com'),
('1', '%@bk.ru'),
('1', '%@bugmenot.com'),
('1', '%@deadaddress.com'),
('1', '%@discard.email'),
('1', '%@discardmail.com'),
('1', '%@dispostable.com'),
('1', '%@dodgit.com'),
('1', '%@e4ward.com'),
('1', '%@emailias.com'),
('1', '%@emailko.in'),
('1', '%@emailthe.com'),
('1', '%@email-unlimited.com'),
('1', '%@fakeinbox.com'),
('1', '%@filzmail.com'),
('1', '%@getairmail.com'),
('1', '%@gishpuppy.com'),
('1', '%@goemailgo.com'),
('1', '%@guerrillamail.*'),
('1', '%@hushmail.*'),
('1', '%@incognitomail.com'),
('1', '%@laposte.net'),
('1', '%@list.ru'),
('1', '%@mailcatch.com'),
('1', '%@maildrop.cc'),
('1', '%@mailex.org'),
('1', '%@mailinator.*'),
('1', '%@meltmail.com'),
('1', '%@mini.burmails.com'),
('1', '%@mintemail.com'),
('1', '%@nowmymail.com'),
('1', '%@o2.pl'),
('1', '%@ovi.com'),
('1', '%@qq.com'),
('1', '%@sneakemail.com'),
('1', '%@sogetthis.com'),
('1', '%@spamex.com'),
('1', '%@spamfree24.org'),
('1', '%@spamgourmet.com'),
('1', '%@techcrunch.com'),
('1', '%@tempemail.com'),
('1', '%@temp-mail.org'),
('1', '%@tipforus.us'),
('1', '%@trash-mail.com'),
('1', '%@trashmymail.com'),
('1', '%@urx7.com'),
('1', '%@whyspam.me'),
('1', '%@yandex.com'),
('1', '%@yopmail.com'),
('1', '%@xyzfree.net'),
('1', '%@zoemail.com')