Prevent signup/verification with temporary email accounts

Recently I’ve seen a lot of bots joining my groups and posting spam links.

(Sidenote: These bots now seem to be deleted)

When I checked the user, I saw they were verified, and that got me thinking - how can a bot account verify their account so easily?
So I went onto one of my accounts and changed the email to a temporary email. Guess what? ROBLOX allowed me to have it as an address and sent me the verification email.

Here are a few reasons why they should be disallowed, and only emails on say, a whitelist including gmail, hotmail, outlook and yahoo domains etc, should be allowed:

  • Someone using a throwaway email clearly only wants to verify it for a specific purpose - i.e spam.
  • Temporary emails have no captcha’s and can be created quickly, like the bots that use them.
  • There is no point in verifying a temporary email, because it can’t be used later to reset a password.
  • Reputable email hosts require more information that just clicking a google search link and giving you an address, it will significantly slow down creation of these emails and thus the associated ROBLOX bots.
  • There are loads of websites that require an address from a reputable provider.

So I can’t use my family’s mail address for my account? (Did use in the past, is changed now)

I think there are legimate cases that are being blocked with this solution, although a blacklist wouldn’t be very effective either, as I see it.

1 Like

I think inconveniencing what I imagine to be quite a small proportion of users is probably worth it, especially when making a new email address is pretty quick for a human to do.

Any solution comes with compromise, I’m not sure how many users actually have emails that are legit but wouldn’t be on a blacklist vs those that have a temporary email tied to their account.

What we really need is some numbers on how many verified users have emails associated with Gmail, Outlook and Yahoo, but I doubt we will ever see those numbers :joy:

1 Like