Skip to main content

Email Verification and Filtering

1. What criteria are used for email verification?

The verification process consists of the following steps:

Configuration Check for Disposable Emails: By default, disposable emails are not allowed unless explicitly enabled.

Validation of MX Records: The system checks whether the email domain has a valid MX (Mail Exchange) record.

Domain Blacklist Check: Emails are compared against a list of blacklisted domains.

2. How are emails filtered during the verification process?

If a user attempts to sign up with an email from a domain lacking an MX record, such as "@y.com," it suggests that this might be a disposable email sign-up attempt. In such cases, the registration API will flag the email as invalid.

However, it's important to note that some domains may have been registered through social media platforms like Facebook. In such instances, our system relies on the information provided by the social provider, considering it the authoritative source during signup. This means that users cannot modify their email addresses during registration, and any attempt to do so will be detected as potential manipulation.

3. How is email security maintained during account updates?

When users attempt to change their email addresses on existing accounts, email verification is required. We recommend using the OTP (One-Time Password) flow to ensure the legitimacy of the change. This process requires users to confirm the email change by entering a unique OTP code. In cases where users make typographical errors during registration, they have the option to start the registration process anew.

4. How are social accounts handled in terms of email verification?

Implementing email verification for social accounts poses challenges due to security considerations. To address this, we've introduced manipulation checks to detect any attempt to link social accounts with existing accounts. One approach is to prompt users to update their email addresses within the social provider's platform. Our system will then synchronize the correct email address, ensuring seamless integration without compromising security.

Need Support?

Please contact us directly on our support page