You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/en/advanced/spam-filter.mdx
+34-6Lines changed: 34 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,16 +88,44 @@ Patterns are validated when saved:
88
88
89
89
### Spam Email Domain List
90
90
91
-
A separate toggle (`spamEmailDomainCheckEnabled`) checks the email domain against a maintained list of known disposable/spam email providers. This runs independently of the rules above.
91
+
Toggle **Spam email domain checking** (`spamEmailDomainCheckEnabled`) on to block signups from known disposable and throwaway email providers — `tempmail.*`, `guerrillamail.*`, `mailinator.*` and the thousands of recycled variants spammers cycle through.
92
+
93
+
The check goes beyond matching the address's domain directly: Prosopo also follows the domain through any HTTP redirect, CNAME alias and MX record, so newly-registered throwaway domains can't bypass the list by simply pointing at a known disposable backend.
94
+
95
+
The blocklist is maintained and refreshed for you — there's nothing to configure beyond the toggle. Rejected requests come back with status `API.SPAM_EMAIL_DOMAIN`.
96
+
97
+
#### Standalone Endpoint
98
+
99
+
You can also check an address without running a full CAPTCHA verification:
100
+
101
+
```http
102
+
POST /v1/prosopo/provider/client/spam/email
103
+
Content-Type: application/json
104
+
105
+
{
106
+
"email": "user@example.com",
107
+
"dapp": "YOUR_SITE_KEY"
108
+
}
109
+
```
110
+
111
+
```json
112
+
{
113
+
"isSpam": true,
114
+
"emailDomain": "example.com"
115
+
}
116
+
```
117
+
118
+
Available to sites with the domain check enabled, and rate-limited per site key.
92
119
93
120
## Evaluation Order
94
121
95
-
When the email filter is enabled and an email is provided, rules are evaluated in this order:
122
+
When the email filter is enabled and an email is provided, the verification endpoint evaluates the email in this order:
96
123
97
-
1.**Email validity** — malformed addresses are rejected
98
-
2.**Maximum dots** — if configured, checked first
99
-
3.**Default patterns** — if enabled, evaluated next
100
-
4.**Custom regex blocklist** — each pattern is tested in order; first match wins
124
+
1.**Email validity** — malformed addresses are rejected immediately.
125
+
2.**Maximum dots** — if configured, checked first.
126
+
3.**Default patterns** — if enabled, evaluated next.
127
+
4.**Custom regex blocklist** — each pattern is tested in order; first match wins.
128
+
5.**Spam-email-domain list** — if enabled, the domain (and any redirect, CNAME or MX it points at) is checked against the maintained blocklist.
101
129
102
130
Evaluation stops at the first match. The rejection reason is recorded for audit purposes.
0 commit comments