-
-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Welcome to the jelban-js wiki!
This library aims to filter out disposable and masked email addresses that are used in order to bypass account creation limits. Basically, it's a library that I would hate if people start using, I love creating quick and disposable email addresses in order to subscribe to mailing lists or create free-trial accounts to download and use things for free.
Imagine having a SaaS offering a certain amount of free API requests for every user registering with only their email address (because we all love that No credit card required
and you want us to try it).
As a greedy and lazy user, I can create tons of accounts only with my only one Gmail account by using features like: https://support.google.com/mail/answer/7436150?hl=en, if I own a john.doe@gmail.com
, I would be able to create different accounts by placing dots and labels everywhere, so I would create accounts with: johndoe@gmail.com
, johndoe+something@gmail.com
, john.doe+something@gmail.com
, j.o.h.n.d.o.e@gmail.com
, johndoe@googlemail.com
, john.doe@googlemail.com
... All of them pointed to my single mailbox. Now that you know this trick, you would be able to strip these dots next time you want to limit this account's usage, same for outlook.
One more trick would be the usage of free and temporary email services like mohmal.com
, 10minutemail.com
... and others. Because it's annoying to keep track of all these tricks, I thought of making this library public and open-source to be used for free, and to be improved by smarter people.
As a part of a previous experience, we received user complaints of users who couldn't login to their accounts, and as we had email addresses hashed in our systems for compliance reasons, we had to guess what email address that user provided when registering (probably they used some sort of a Google Login, Browser form autocomplete feature), so they forgot if they wrote their email addresses with dots or without, and whether they used @gmail.com
, or for weird creepy reasons @googlemail.com
.
As a workaround to that issue, we may use Jelban
to normalize all email addresses, before saving them to the DB, or before checking their existence in our systems.
Another use case would be that we need to create a small landing page for offers to provide to our business clients, all of these clients should register with their business emails, so for that Jelban
offers a feature of checking if the provided email address has an allowed email domain name.
See README#security-and-privacy-concerns
Basically, as a user, I choose and I have the right to set any email address alias when registering to any website, so if I choose to use john.doe+facebook@gmail.com
, it's because I intentionally want to use that, maybe only for housekeeping and apply some rules on my mailbox to group and filter emails coming from Facebook, or because it helps me know whether my email address got leaked from Facebook if some Nigerian prince contacted me on that address 😅 .