The internet, and more so WordPress, is swarming with spammers who are dying to get their hands on your servers. Registering an account on your site is a relatively easy way for amateur spammers to brake into your system and use it as part of their spamming strategy. Whether human or bot machines, spammers would normally be using an email spam domain, therefore we cannot stress enough the importance of identifying those domains and blocking them in advance, which is relatively easy to do. If they catch you unprepared though, they can cause serious damage to your site.
There are several tools which can be used to restrict spammers such as CAPTCHA protection, email confirmation, security questions, and many other functions that add increased security measures to your site’s registration process. On top of this you can also restrict which domains are allowed to be registered in your site and which ones to blacklist. This is a simple and highly effective prevention method that will block spamming attempts right from square one.
Identifying Email Spam Domains using SpamAssassin
SpamAssassin is part of the Apache Foundation. It uses a variety of spam-detection techniques, including DNS-based and fuzzy-checksum-based spam detection, Bayesian filtering, external programs, blacklists and online databases. SpamAssassin also publishes a list of free email domains which is available at this location. Using this list as a way to prevent spammers can help reduce the number of registrations from free email domains, which are often used by spammers as they tend to be less supervised. Bare in mind though, that not all free email domains are necessarily spamming domains, and Gmail.com is only one of many cases. Looking at spam assassin’s listings, you should take notice of the lesser known platform which have lower support and supervision and therefore likely to be used by spammers.
Using Spamhaus DB Blacklist
The Spamhaus DBL is a realtime domain found in spam messages. The DBL is query-able in realtime by mail systems throughout the Internet, allowing mail server administrators to identify, tag or block incoming email containing domains which Spamhaus deems to be involved in the sending, hosting or origination of Unsolicited Bulk Email (aka “Spam”). Using the DBL can help prevent spammers from registering into your site. However, making use of Spamhaus’s free public DNSBL service is restricted to low-volume non-commercial users only.
Introducing the Email Registration Blacklist Plugin
The plugin is based on both the above services (SpamAssassin and Spamhaus DB Blacklist) allowing WordPress website administrators to block registration attempts from one of the blacklisted domains appearing in these lists. The plugin also enables users to create their own blacklists and manually add them whenever necessary.
Whitelisting Banned Domains
To override some domains which exist in the above lists, such as gmail.com, the plugin also comes with a manual whitelisting feature, allowing you to add specific domains so they can still be used for registering to your site.