Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Block Disposable Email Addresses in WordPress (2 Ways)

Do you want to block disposable email addresses in WordPress?

Some of our readers are concerned about protecting their websites against problematic users who can abuse their services. Disposable email addresses are one source of this problem, so it’s important to block them on your website.

In this article, we will show you how to block disposable email addresses in WordPress to keep your website secure.

How to Block Disposable Email Addresses in WordPress

Why Block Disposable Email Addresses in WordPress?

Disposable email addresses are temporary and free email accounts that users can use to register on your website without revealing their actual email addresses.

Some users use these disposable addresses for harmless testing to avoid potential spammers or promotional emails. That said, many people have misused them by creating fake accounts, exploiting free trials, or tricking online systems for deceptive purposes.

When fake emails are used in forms, it becomes hard to know who your real users are. For people running a membership site, this confusion can mess up the data and performance of your website because you can’t be sure which registrations are genuine.

If you run a WooCommerce store, then these temporary emails can also allow bad actors to exploit your payment system, create fake orders, and cause you to lose money.

Plus, important emails like order confirmations won’t reach customers who use these disposable emails.

Pro Tip: Want to maintain your WordPress website security without all of the hard technical work? Skip the hassle and let our WordPress Site Maintenance services do the job for you.

With that in mind, let’s look at how you can block disposable email addresses in your WordPress website. You can use these quick links to navigate through our guide:

If you use popups or opt-ins on your website for email marketing campaigns, then we recommend using OptinMonster to block disposable email addresses.

This lead generation platform uses the TruLead® Lead Verification feature to block any disposable email addresses from signing up on your campaigns. TruLead® is a paid add-on, but there is a 30-day free trial so that you can try out the service with no risk.

For more information, see our complete OptinMonster review.

To get started with OptinMonster, you need to visit the OptinMonster website to create an account. After that, click the ‘Get OptinMonster Now’ button to get started.

OptinMonster

You will need a Pro plan or higher because they offer the Lead Verification feature as an optional paid add-on.

After that, you need to install and activate the OptinMonster plugin on your WordPress site. For more details, see our step-by-step guide on how to install a WordPress plugin.

Now, you can go ahead and create your first OptinMonster email campaign. You can read our article on how to build your email list in WordPress with OptinMonster for guidance.

To use the Lead Verification feature, log in to the OptinMonster campaign dashboard. After that, select a campaign and click the ‘Edit Campaign’ button.

Clicking the Edit Campaign button in OptinMonster

Next, navigate to the ‘Integrations’ tab. You should then see some explanation about the Lead Verification feature on the left-hand side.

Select ‘Click Here to Learn More & Enroll.’

Enabling the Lead Verification add-on in OptinMonster

Once you’ve done that, you will complete the payment for the add-on.

At this stage, you can return to the Campaign Dashboard and go to Leads » Lead Verification.

The Lead Verification menu in OptinMonster

You will now arrive at the Lead Verification page.

Once you are there, simply click ‘Create New Filter.’

Creating a new Lead Verification filter in OptinMonster

Let’s go ahead and create a new email verification filter to block temporary or throwaway email addresses.

First things first, you can give this filter a name. It can be something like ‘Email Verification.’ Then, toggle on the Status setting to make the filter active.

After that, choose a domain name where you are running an OptinMonster campaign and want the filter to be implemented.

Besides email validation, the TruLead® feature can block specific IP addresses from signing up for your campaigns. Feel free to list them here if you have any.

Configuring the email verification filter settings in OptinMonster

Scrolling down, you will find more options to configure the filter. We recommend enabling the ‘Block temporary email addresses’ setting to prevent disposable email addresses from being used.

You can also choose to block free email addresses like Gmail, Yahoo, or Outlook. This means only business email addresses can be used on your site.

We only recommend enabling this option if you run a business-to-business website. Otherwise, you can skip it.

Other than that, you can block specific role-based addresses (like admin@example.com or editor@example.com) if needed so that only people outside of your team can become leads.

Besides these settings, you also have options to block specific characters that exist in lead email addresses, autocorrect common email address misspellings, and block email addresses using non-alphanumeric characters.

Modifying the email verification settings in OptinMonster

The last few settings are quite advanced, but we recommend checking the box next to the ‘Run MX Records and SMTP Checks?’ option. This setting can block temporary email domains further by checking to see if they actually exist.

Once you are happy with the filter settings, click the ‘Create Filter’ button.

Clicking the Create Filter button in OptinMonster

Now, go ahead and visit your website to test if the filter works on your campaign. To do this, just fill out the form with a fake email address from a temporary email provider.

If it works, then you should see this notification:

OptinMonster blocking a temporary email address from being used

Method 2: Block Temporary Email Addresses in WordPress Forms

If you are looking to block disposable email domains in your contact forms or registration forms, then we recommend using Clearout Email Validator.

This plugin will automatically block domains by temporary email providers from being used in contact forms or registrations in WordPress. It’s also compatible with WPForms, which is the best form builder plugin on the market.

The first thing you will do is install and activate the plugin. For step-by-step guidance, check out our article on how to install a WordPress plugin.

Once you have activated the plugin, you can go to Settings » Clearout Email Validator from your WordPress admin panel. You will notice that there is a notification message saying, ‘Please get your Clearout API Token from here and save in setting page.’

What you need to do now is click the ‘here’ link, but keep the plugin settings page open.

Clearout Email Validator's notification message about getting an API token

After that, create a Clearout account or sign in using your Google credentials.

By default, you will get a free Clearout account with 100 email validation credits. This amount may not be a lot when you receive tons of signups or contact messages every day, but you can upgrade to a paid Clearout plan if needed.

Signing up for a Clearout account

Now, you will arrive at the Apps dashboard.

Go ahead and click the ‘+ Create App’ button to get the API key.

Creating a Clearout app

Once you’ve done that, a popup will appear, asking you to choose where to run the app. Here, simply click ‘Server.’

You can then give a name to your app like ‘Email Validation.’ Optionally, you can write a description to differentiate between your apps.

After that, simply click the ‘Create’ button.

Choosing the Server option in the Create App popup in Clearout

You will now go back to the Clearout dashboard and see your new app and API token.

Go ahead and copy the token, and return to the Clearout Email Validator plugin settings page in WordPress.

Copying Clearout's API token

In the plugin settings page, paste the token in the appropriate field.

Once you’ve done that, you can start configuring the email validation settings in the next step.

Pasting the Clearout API in WordPress

Configure Settings to Block Temporary Email Addresses

By default, Clearout Email Validator will blacklist any email domain names that look suspicious or disposable. But there are several settings you can configure if needed.

In the ‘Valid Email Address’ section, you can choose whether to consider role-based addresses (like admin@example.com or editor@example.com) as valid.

Then, there are options to make disposable addresses and gibberish addresses valid. To ensure maximum safety against all kinds of temporary email addresses, we recommend not checking these boxes.

If you tick the ‘Accept only Business address as valid’ setting, that means addresses using non-custom email domains like Gmail, Yahoo, or Outlook will be considered invalid.

The Valid Email Address settings in the Clearout plugin

Let’s move down to the ‘Apply Validation’ section. As you can see, Clearout Email Validator is compatible with many major form builders, including WPForms. If you use any of these plugins, then you can check them off in the ‘Select Forms’ setting.

Up next, you can choose to apply email validation in the WordPress is_email hook, which is used to verify that an email is valid.

Be sure to read the warning message for this because it may cause validation issues on your site. But during our testing, the plugin works fine even if you don’t enable this setting.

The Apply Validation settings in Clearout plugin

Scrolling down, you can set the timeout period for the validation to perform.

The default time is 10 seconds. This means that the plugin will wait for 10 seconds after the form is submitted before validating the email address. During this time, the plugin will perform real-time validation to ensure the email address is legitimate.

Below that, you can set a custom invalid error message, but you can leave it empty if you want to use the plugin’s default notification text.

In the ‘Disallow Validations from Page URLs’ field, you can specify which form page URLs you want the plugin to not do email validations on.

On the other hand, the ‘Allow validation on Page URLs’ field is where you can tell the plugin to only do email validations on certain pages.

But if you have many forms and want the plugin to check the email addresses entered in all of them, then you can leave both fields empty.

Once you have configured all of the settings, go ahead and click the ‘Apply’ button.

The last few email validation plugin settings in the Clearout plugin

See if the Clearout Email Validator Plugin Works

At this stage, you are ready to test if the WordPress plugin will actually block temporary email addresses on your WordPress site.

One way to do this is to scroll all the way down on the plugin page to the ‘Test Plugin Settings’ section. After that, enter a fake email address in the field and click ‘Test.’

If that specific email is invalid, you will see an ‘Invalid – You have entered an invalid email address, Please try again with a valid email address’ notification.

Beware that doing this can decrease your free credits. So, if you want to do this without incurring credits, then you can use one of Clearout’s test email addresses.

Clearout's Test Plugin Settings

Another way to test the plugin is by going to your registration, comment, checkout, or contact form page URL and entering a fake form entry.

If the plugin works, then you should see an error message.

Here’s what it looks like on our WPForms contact form:

Testing the Clearout plugin in a WPForms contact form

We also tried to see if the plugin works on our test site’s login URL.

This is the error message we received:

Testing the Clearout plugin in the WordPress registration form

Bonus Tip: Use a Form Plugin With Anti-Spam Protection

Blocking disposable email services is one of the best ways to keep your site secure and make sure that you only get legitimate form submissions.

But unfortunately, new burner email accounts are generated every day, and it may be hard for any email validation plugin to keep up with these new addresses.

To protect your site further, we recommend installing a form plugin with a built-in feature to block spam entries, like WPForms.

With WPForms, you can prevent spam bots from hijacking your forms and sending you malicious links, even if their email address looks legitimate. WPForms uses a secret anti-spam token that is unique to each form submission and invisible to all visitors, including spam bots.

Since the token is created automatically, the spam blocker won’t have any impact on the user experience.

WPForms' Spam Protection features

To learn more about WPForms, just check out our full WPForms review and our article on how to create a secure contact form in WordPress.

We hope this article has helped you learn how to block disposable email addresses in WordPress. You may also want to check out our list of crucial WordPress maintenance tasks to perform regularly and our expert picks of the best WordPress security plugins.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

12 CommentsLeave a Reply

  1. Syed Balkhi

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Mrteesurez

    Nice post. I implore all bloggers to take email validation very serious. It is difficult to identify a disposable email if not for these tools you have shared, this makes it easier to measure genuine conversion for forms and optins.

  3. mohadese esmaeeli

    How excellent and practical it was. By the way, users should also consider that fake and temporary emails can be not only disruptive by inflating and occupying the database but also pose a threat to the security of the website.

  4. Jiří Vaněk

    Thanks for the tutorial. I’ve had OptinMonster for the first month and I’ve already created a few campaigns in it. I had no idea that this function was there, but after reading the article, I activated it in campaigns. Thank you once again.

  5. Mitchell

    Ban Hammer is no longer available on wordpress.org. it was removed at the author’s request.
    I wish someone would pick it up.
    I need a new one that’s preferably free. I have 10+ sites that need it.
    Mitch

    • WPBeginner Support

      Thank you for letting us know, we will be sure to look for an alternative option for us to update this article :)

      Admin

  6. Michael Jones

    Do you know of a plugin that allows you to block domains on forms throughout the site? I tried the Gforms code snippet extension with no luck. A plugin that allows sites to prevent specific domains from successfully filling out forms would be a huge help if you know of something like that.

    Thanks!

    • Ernst

      Hi Michael, did you find a solution ? I would be very interested to know how to solve the same issue..

  7. Mark

    As a wordpress beginner this is a really useful tutorial to know about – thanks a lot!

  8. Jennifer DeFrates/Heaven Not Harvard

    I have hundreds of people signed up as users on my blog/site. I went through and blocked most of the addresses that seemed like spam, but I wondered if there is a way to find out if registered users are spam or actual followers?

  9. Ubbegubben

    Hello
    Thanks for all your great tutorials. I wonder IF u can assist me?
    I have i Site were i show my future customers How there site would look like if the let me build it for them!
    I usualy sets a password to That page so that only that One customer can see it.

    Do you know of Any way for me to see if anyone is login in to the site?
    Would be nice for me to know if the are active at all. Or if i should get my offer to another client!

    Best regards
    Urban Eriksson

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.