Jump to content
bartelsmedia

Disposable E-Mail address filter for FormBuilder

Recommended Posts

Input fields can be checked for correct email syntax.

Would be nice if it additionally could check the email against a local database of disposable email address domains, e.g. https://github.com/FGRibreau/mailchecker/blob/master/list.json

The disposable email domain database should be selfhosted to avoid any privacy issue (if a legit domain would be transmit to 3rd party). Ideally, Processwire would auto-pull database updates in intervals.

Hot or not?

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites

I always prefer an API when available to keep the information up to date and future friendly and The link @bartelsmedia posted looks like it's dead.

This repo maintains an updated list, but also provides a link to an API that lets you check a domain on-demand. https://github.com/ivolo/disposable-email-domains

The API is simple, send a GET request here https://open.kickbox.com/v1/disposable/{DomainOrEmailAddress} and it will return a JSON response like {"disposable": true} (or false)

I think that using a live service is preferable to relying on PW to continually update an internal database unless there's a special use case. Integrating this feature into the Pro form-based modules would be great.

Share this post


Link to post
Share on other sites
1 hour ago, usualCommission said:

I think that using a live service is preferable to relying on PW to continually update an internal database unless there's a special use case. Integrating this feature into the Pro form-based modules would be great.

Such list should be pulled by Processwire. Otherwise, you would need to pass user email addresses to (unknown?!) third party.

GDPR alert! 🙂

.

Share this post


Link to post
Share on other sites
8 hours ago, bartelsmedia said:

Such list should be pulled by Processwire. Otherwise, you would need to pass user email addresses to (unknown?!) third party.

GDPR alert! 🙂

.

You only have to send the domain, so your GET request would be: https://open.kickbox.com/v1/disposable/mailinator.com

I'd write a server side validation script that makes a call to that endpoint and also have that script return data to AJAX requests. You get server side validation as well as a way for your client side validation scripts to make an AJAX call to your own server so your user's IP address is never exposed to a third party site either. If you wanted maximum privacy for your users.

Share this post


Link to post
Share on other sites

I really don't want to nit-pick, but sending the domain of "jon@jondonson.com" would still create a privacy issue.

*sigh* Yes, I know, it is pedantic but GDPR legislation is harsh now.

  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, bartelsmedia said:

I really don't want to nit-pick, but sending the domain of "jon@jondonson.com" would still create a privacy issue.

*sigh* Yes, I know, it is pedantic but GDPR legislation is harsh now.

100% don't think it's pedantic. I think this needs to be part of the conversation for developers who look to implement features that are truly needed for a website to function well while considering security. As a dev in the U.S. we have a data free for all over here- but one day I might build a site/app with an international focus- other devs as well.

Share this post


Link to post
Share on other sites
48 minutes ago, usualCommission said:

As a dev in the U.S. we have a data free for all over here

Didn't California pass a privacy law/bill/act in 2018 as a foundation for something similar to the GDPR?

Oh... and in regards to the EU-US privacy shield and the GDPR-compliance of a company those have to follow the rules as well or have to find someone who certifies them anyway.

Share this post


Link to post
Share on other sites

I'm not really sure, why this would need to be bundled with FormBuilder. The attached module is a totally self contained module, which downloads the list from the given github url. It automatically tries to update once a day and uses the etag/if-none-match headers to determine if the list itself changed, to prevent sending of the list if there wasn't a change. The list and the etag are stored using WireCache in the db. There's public api to fetch the list and check if a domain is in the list. To use it in FormBuilder hooks should be the answer. 

EmailSchreck.module

  • Like 4

Share this post


Link to post
Share on other sites
3 hours ago, LostKobrakai said:

I'm not really sure, why this would need to be bundled with FormBuilder. The attached module is a totally self contained module, which downloads the list from the given github url. It automatically tries to update once a day and uses the etag/if-none-match headers to determine if the list itself changed, to prevent sending of the list if there wasn't a change. The list and the etag are stored using WireCache in the db. There's public api to fetch the list and check if a domain is in the list. To use it in FormBuilder hooks should be the answer. 

EmailSchreck.module 2.55 kB · 1 download

Never knew about that module. Good share.

Outside of having the manually coded implementation, an integrated approach would be great for those who aren't strong back end developers and wouldn't be comfortable digging into hooks. There is value in the behavior. One of the big draws of PW is it's raw power combined with ease of use which puts this kind of feature within the hands of developers like you and I but beyond many others.

I couldn't find this module being listed anywhere that could be found. Is it something that you put together? If it's used by someone then having proper attribution is something that would be a good practice to keep going (myself included). Thanks again for the share.

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, wbmnfktr said:

Didn't California pass a privacy law/bill/act in 2018 as a foundation for something similar to the GDPR?

Oh... and in regards to the EU-US privacy shield and the GDPR-compliance of a company those have to follow the rules as well or have to find someone who certifies them anyway.

Well- I live in California and I heard about the CCPA (California Consumer Privacy Act) and had to look it up. When I found the rules it put in place I remembered why- the requirements for entities having to comply with it are well outside of most companies. (Sharing the details here for anyone who stumbles upon this thread).

  • Businesses that earn $25,000,000 or more a year in revenue
  • Businesses that annually buy, receive, sell or share personal information of 50,000 or more consumers, households or devices for commercial purposes
  • Business that derive 50% or more of its annual revenue from selling consumer personal information

Basically- Google, Facebook, Twitter, etc. are located here in California and this was targeting them. Apart from that politicians in America and the states within it basically dilute legal measures or do nothing at all. We're lucky in California we even got that.

I also had to look up the EU-US privacy law and from what I understand that was basically the U.S. telling the EU that their privacy laws do not protect any American citizen in the EU (surprise). You're totally right about American companies operating with respect to actual EU citizens though.

  • Like 1

Share this post


Link to post
Share on other sites
32 minutes ago, usualCommission said:

Never knew about that module.

I just wrote that before posting it here. It didn‘t exist a few hours ago 🙂

  • Like 2
  • Haha 1

Share this post


Link to post
Share on other sites
5 minutes ago, LostKobrakai said:

I just wrote that before posting it here. It didn‘t exist a few hours ago 🙂

^This guy!

Big thanks to that effort on your part. Another reason to love the PW forums...

Here's something that would be pretty great- a companion to the Modules directory that serves to be a repo for snippets like this. I know there are a lot of people whipping up fixes for odds and ends that never got a proper module, are a module but need more work to integrate, or don't need one at all to work. Like a place for pure ProcessWire gists- or even just a directory of links to gists.

If you want to whip that up and reply with it that would be great 😜

Share this post


Link to post
Share on other sites
10 hours ago, usualCommission said:

Here's something that would be pretty great- a companion to the Modules directory that serves to be a repo for snippets like this.

I'd much rather have this in the modules directory, but it still has potential: maybe some config, an option to add custom domains, fresh/stale status detection or a manual way to trigger list retrieval (also retrieve it on install). I mostly wanted to get the basics across and show that often times it's not too hard to implement stuff on your own. This became a 100 line file with maybe ~30 lines of actual business logic. I'd be happy if someone else would pick it up from here and properly support it as a module in the directory. I simply don't want to add more to the few stale modules I already have with no longer doing much work in processwire.

Share this post


Link to post
Share on other sites
On 6/13/2019 at 10:08 PM, usualCommission said:

Here's something that would be pretty great- a companion to the Modules directory that serves to be a repo for snippets like this. I know there are a lot of people whipping up fixes for odds and ends that never got a proper module, are a module but need more work to integrate, or don't need one at all to work. Like a place for pure ProcessWire gists- or even just a directory of links to gists.

I wrote a script a while back to search for this kind of thing, though it doesn't spider Gitlab, PW gists or forum code yet. I've made a start at putting it online at pwgeeks.com. Currently only has about 60 items of over 1300 it has found to date - but as I massage it back to life, the directory will fill up.

  • Like 5

Share this post


Link to post
Share on other sites

Ok, I think the directory is about there now. Has about 1400 assets - many of which are not available via the modules directory.

Enjoy.

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, netcarver said:

Has about 1400 assets - many of which are not available via the modules directory.

This is great, thanks! It would be cool if there was a filter option to show only assets that are not in the modules directory.

Share this post


Link to post
Share on other sites

Yeah, it's pretty bare-bones at the moment.

A form to allow folks to manually submit finds/report classification errors would be neat too. 

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...