I didn't find a module that can provide such feature, but as spammers begin to overflow the internet, this idea is quite interesting in my opinion and suits well this module.
the basic idea is to permit or deny certain domain names emails to be used to register to the site.
Some web email services let you create thousands of emails without any kind of identification.
Extending email_verify_check could be really easy, the problem is "how would you provide such list?"

thank you for your answers, feel free to contact me directly, I have no experience in drupal module writing but I'm willing to contribute for such a feature.

Comments

beginner’s picture

beginner CreditAttribution: beginner commented

Interesting proposal. It seems you've been reading my mind.

Before we talk about adding any such feature in this module, consider using the tool in core (see at ?q=admin/user/rules).

Set up username and e-mail address access rules for new and existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.

If I understand well what you request, core already provides this feature. If not, explain further.

Having said that, one area that interest me particularly, is cooperation amongst Drupal webmaster to create a reliable default blacklisting list, that we be present when the admin enables the module.
How to we create this list?
How to we use it with this module?
How to we protect ourselves against black sheep who would contribute false-positives to the blacklist?
etc.

e.g. In my experience, I would add any @mail.ru or even any @*.ru to my deny rules: all the Russians interested in my web sites were spammers, so far. But think about a Russian Drupal site (in Russian): wouldn't bona-fide users with mails in @mail.ru want to register, too?

you say:

Some web email services let you create thousands of emails without any kind of identification.

Thousands?
Like what?
mail.ru? hotmail.com? yahoo.com?
I can sign up at yahoo.com without any kind of identification.
Or does hotmail have different policies than mail.ru that make the former less attractive to spammers than the latter?

Where I think the idea of cooperation to create a blacklist would be useful, would be in identifying those domain names that are created especially for spamming, i.e. the domain names only used by spammers. Such domains would be less known (not like hotmail or mail.ru), but we could help each other by tagging them as spammers' domains.

We can talk, and once we have a beginning of a feature set that we agree on, we can speak about implementation.

@dbr: What do you think? If we can clearly identify a feature like this, that could be added to this module, would you agree to add it to this module?

ThePeach’s picture

ThePeach CreditAttribution: ThePeach commented

thanks for the reply beginner.

since recently I'm working on a 4.7 drupal release, I forgot to check the 5.x release where I could find that feature.
So what I meant can be done only with the latest version.
But as far as I can see there's no way to provide automatically a full list for the black/whitelist
the only problem, as you point out, is: how to provide such a list?
in my opinion this could be done in two ways, or either a combination of the two:
1) human listing (check all the sites one by one, country by country)
2) find a way to use xml, xpath and rdf for this purpose to auto-check an address registration form. (is this really widely possible?)

maybe the only way is to fill in a whitelist by hand (at least I think there're fewer sites with ID-check on submission form) but this can lead to the opposite effect, having lot of ppl complaining because their provider hasn't been included in such a list.

we can discuss further on this topic and decide if it's worth working on it (I do think yes)

beginner’s picture

beginner CreditAttribution: beginner commented

The feature is available with 4.7, too, as far as I Remember.

I don't know at all how the process could be automated. I am not that knowledgeable (remember who you are talking to!! ;-)

So, the only solution I can see so far would be by allowing trusted members to report known spammer's email and domains, and compile a list that could be updated for all to benefit.

My dream would be if we could manage to have a reliable list, to turn this list to higher authorities (anti-spam organizations) who would trust us and use this to fight spam at the root. I don't know how much is humanely and technically possible, but I am open to suggestions.

If you want to work on something like that, it could be a fairly big project and I'll be contributing code, too.

beginner’s picture

beginner CreditAttribution: beginner commented

@ThePeach : not interested anymore in pursuing a wider solution, are you?

If so, you may as well close this issue, since you already have what you originally requested.

beginner’s picture

beginner CreditAttribution: beginner commented
Status: Active » Closed (won't fix)

He got what he wanted, so obviously he lost interest in the wider issue... :-/