This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Block Disposable Email


This plugin prevents people from registering with disposable email addresses (dea) like the ones provided by mailinator (also known as throw-away email, one-time email). It protects your most important asset, your registered user base, by preventing contamination by fake accounts. This plugin working principle is similar to spam blacklists.

It hooks in the wordpress function is_email() so it will extend the known email validation of wordpress to detect dea domains.

The plugin itself does not contain a list of domains to block. Instead of local maintenance the plugin uses the service of This is a very accurate free service for up to 200 queries a month. For huge sites several commercial plans are available.

Please see the FAQ section for some more information.


  1. Unpack the *.zip file and extract the /block-disposable-email-addresses/ folder and the files.
  2. Using an FTP program, upload the full /block-disposable-email-addresses/ folder to your WordPress plugins directory (Example: /wp-content/plugins).
  3. Register at and pick your api key. Please note that you have to register your server with its ip address to get a key. Simply follow the guideline of the service.
  4. Go to Plugins, click Settings and insert your api key.
  5. Go to Plugins and activate the plugin.


What about privacy?

This plugin does NOT submit email addresses. I do not run this service to collect your subscribers data.

Before the data is sent to the domain part is separated. So only the domain part is sent. For further information see the mentioned website.

What happens if the service is down?

First of all I try to have minimum downtime. That’s why there are currently 3 servers at different locations (UK, US, AT) waiting for your requests. For further information see

And yes, even if the service is down your users are able to leave comments.

What happens if my credits are used up?

If your credits are running low you will be informed by email. If the credits are used up you get an additional email. In case you do not have any credits left the service will always respond with an OK (like the used domain is valid to subscribe).

In other words: even if you do not have any credits left your subscribers are allowed to subscribe (or leave comments or whatever). But users subscribing with trashmail / disposable email addresses are also allowed …

Please see if you need more than the 200 free credits a month.

Why should I use this service? I use CAPTCHA so it is hard for robots to register automatically. Captcha normally does a great job. For robots it is hard to register indeed.

What Captcha cannot block are human subscribers using one-time email-addresses. It is bad to have such addresses in your userbase for several reasons. And yes, it is easy to block *.ru addresses, known domains as, and some others – but they are changing continuously. This service currently detects about 3.000 domains. So maybe it is a good alternative for your manually maintained blocklist.

I got a “BLOCK” response for a domain which is running no dea (disposable email address) services. How can I prevent or correct these false positives?

This should be happen very rarely. In this case I kindly ask you to report this mistake.

Is there a documentation for the api in case I need to use the service without WordPress?

Sure. Have a look at There are several documents for the json, txt and php-serialized api.


January 2, 2017
Works as desired. Blocks hell a lot of comment spam. External api looks well maintained (they say to have more than 10k dea domains on file).
September 18, 2016 2 replies
Activated it, entered API key (which was accepted). Then tried registering using a Mailinator email (including a few others) and they all registered without a hitch. Disappointing!
Read all 4 reviews

Contributors & Developers

“Block Disposable Email” is open source software. The following people have contributed to this plugin.


Change log


  • Added support for WordPress 4.6.4
  • Changed backend to select between 3 options (check all email interactions, check comment emails only, check registration email addresses only)


  • Added support for WordPress 4.6.1
  • Changed query method to wp_remote_get (WordPress native) to support shared hosting providers with file_get_contents limitation.
  • Changed handling of response codes to check for unexisting domains.


  • Added support for WordPress 4.1.2
  • Changed used api to easyapi (see


  • Added a huge warning message in case no api key has been inserted after activation. Should make clear that the plugin does not work without the free registration.


  • Changed host for status messages from www. to
  • In the admin section of the plugin the server ip will be listed to make it easier to register an api key.
  • Added some more information to readme.txt regarding privacy and other issues.
  • Added a FAQ section.


  • Added status request for the admin part of the plugin. Shows now if a entered api key is valid or not. Additionally the number of free credits are shown.


  • First version released.