- by x32x01 ||
Important Warning Before We Start 🛑
This topic is for awareness and security purposes only.
It’s not about breaking websites or abusing signup systems 👌
The goal is to help you, as a developer, understand the problem and fix it the right way 🔐
The main reason behind this issue is how Gmail handles email addresses.
Google ignores dots
For example, if your email is:
You can also use:
However, most databases treat these as different emails, so validation passes without any problem.
🔗 https://github.com/Propaganistas/Laravel-Disposable-Email
🚫 This ensures fake and temporary emails are blocked automatically.
Before validation or saving the email to the database, you must clean Gmail addresses.
📌 Result:
The simplest and most effective solutions include:
And that’s a core foundation for any successful website 🔐
This topic is for awareness and security purposes only.
It’s not about breaking websites or abusing signup systems 👌
The goal is to help you, as a developer, understand the problem and fix it the right way 🔐
The Problem: Multiple Accounts Using the Same Email ❌
One of the most common issues in user registration systems is allowing users to create multiple accounts with the same email 😤The main reason behind this issue is how Gmail handles email addresses.
Google ignores dots
(.) in Gmail usernames.For example, if your email is:
example@gmail.comYou can also use:
e.xample@gmail.comex.ample@gmail.comexam.ple@gmail.come.x.a.m.p.l.e@gmail.com
However, most databases treat these as different emails, so validation passes without any problem.
Why This Is a Serious Security Risk 🧠
Allowing duplicate email registrations can lead to:- 🚫 Fake and spam accounts
- 💾 Unnecessary server resource usage
- 🎁 Abuse of free trials and bonuses
- 🔗 Broken referral or reward systems
The Correct Way to Prevent Duplicate Accounts 🛡️
Let’s solve this problem step by step as developers 👨💻Block Temporary (Disposable) Email Addresses
🔵 Temporary email services are a huge risk if left unchecked 😑The Solution
Use a ready-made package with a large and updated database of disposable email domains 👇🔗 https://github.com/Propaganistas/Laravel-Disposable-Email
Why This Works
- ✅ Over 135,000 disposable email domains
- 🔄 Regularly updated
Automatically Update the Disposable Email List
🧩 To keep the list always up to date, schedule a weekly update using Cron: SQL:
$schedule->command('disposable:update')->weekly();Normalize Gmail Emails by Removing Dots
🔵 This is the most important step 👌Before validation or saving the email to the database, you must clean Gmail addresses.
The Idea ✨
For any Gmail address:- Remove all dots (.)
- Store the normalized email in the database
PHP Example: Gmail Email Normalization 💻
PHP:
$email = strtolower($request->email);
if (str_contains($email, '@gmail.com')) {
[$name, $domain] = explode('@', $email);
$name = str_replace('.', '', $name);
$email = $name . '@' . $domain;
}example@gmail.come.xa.mple@gmail.com
Protect Your Signup System from Bots 🤖
Even after fixing email issues, bots are still a threat.The simplest and most effective solutions include:
- Google reCAPTCHA
- Cloudflare Turnstile
- Any reliable bot detection system
- 🚫 Automated registrations
- 🚫 Spam accounts
- 🚫 Brute-force attacks
Final Summary ✅
If you run a user registration system, make sure to:- ✔️ Block disposable email addresses
- ✔️ Normalize Gmail emails (remove dots)
- ✔️ Enable bot protection
And that’s a core foundation for any successful website 🔐
