June 4, 2020 by Paul G. | Blog, Features, Shield Pro, Updates

Improvements to SPAM User Email Detection

Shield Image

ShieldPRO 8.6 came with a brand new feature to detect, and allow you to then block, spammy user registrations based on their email addresses.

This feature is completely separate to our bot-protection features that detect bots on your site attempting to register users automatically.

The newer feature is designed to capture spam users who are signing up with fake, non-existent, or disposable email addresses.

It works by examing the domain name of the email address to see how it’s configured, as it related to Email.

The original tests included:

  1. Does the domain name resolve to an IP address?
  2. Does the email have an MX record? (i.e. can it actually receive email)
  3. Is the domain a “known” disposable email address?

This was a great start to this work, but there was always going to be room for improvement.

Areas For Improving The SPAM User Registrations Feature

The first area of improvement was decoupling all the different tests. In the 1st version, each test relied on the success result of the previous test.

So for example, we didn’t just test MX records (2), we tested whether the domain resolved (1) and if it didn’t have an IP address we didn’t even perform the MX checking.

This was based on the assumption that if the domain didn’t resolve, then there wouldn’t be MX records.

This assumption was false, but we knew this and accepted this limitation going into the 1st version of the feature as it would apply to 99.99% of cases.

Based on some feedback, we’ve decided to release these dependencies between tests, and we’ve adjusted the tests to be more granular.

There are now 5 tests:

  1. Is the email structure valid? i.e. does it “look” like a valid email: i.e. [email protected]
  2. Is the domain of the email address a registered domain name?
  3. Does the domain resolve to an IP address?
  4. Are there MX records for the domain
  5. Is the email address a disposable domain?

So you can see we’ve split up the original “domain” test into 2 parts of whether the domain is actually registered, and does it have an IP.

Each of these options are completely independent, except for Option 1. Option 1 must be verified before attempting any of the other tests.

The 1 Drawback To More Tests

As you might imagine, more tests means more time taken to complete the tests. There’s no way around that.

We feel however that for the feature to be useful, these tests are required.

Remember, the tests aren’t 100% – there’s no way to know all possible disposable email domains, so some will fall through the cracks.

Also, whether a domain is registered is up to each domain registrar to provide the information accurately. We just report on what they say.

If you’re unsure, always set the system to log these events first and assess the results – the Activity Log will always tell you what’s happening.

Feedback Welcome

As always we welcome feedback on this feature and any others. The best way to know if our system is working is when you report how it works for you and if you see any issues or room for improvement.

These updated email tests are available with ShieldPRO 9.0.3.

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@grampamike's Gravatar @grampamike

Super protection. I'm very happy with this plug in.

No problem with compatibility. No slow page loads. Easy to install and configure. Does a great job protecting my site. The biggest plus is the support. I ran into a log in problem and sent a support ticket for help. Less than 24 hours later, Paul responded. His solution was…

@dtcfl123's Gravatar @dtcfl123

Security Shield Works

I saw one bad review; user said it was difficult or impossible to use. IT IS A COMPREHENSIVE SECURITY PLUGIN with LOTS of settings. Of course it can be difficult, but the default settings let you use it without much thought (or experience). I can’t believe that this plugin is…

@focusfitness's Gravatar @focusfitness

Seems good; no issues.

Seems to perform well. Hasn’t affected my page load perfomance. So far, so good.

@ladysb's Gravatar @ladysb

Excellent security free plugin . Highly recommend it

i am very much happy with the whole functionality of the Shield. First of all it is very well documented and for newbies like me this is a plus! it guides you step by step to configure it and even if you are not sure about turning on an option…

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese