[Accounts] RFC: Disable account creation from disposable sources?
We are currently contending with a wave of SPAM on this GitLab instance. This is not our first rodeo - we've been dealing with SPAM since the dawn of ages. But one thing is common across all scenatios: disposable email addresses are used to create Eclipse accounts, SPAM is created, then the attacker repeats the process since there is no cost to a disposable email address.
This may seem a tad controversial, but how feasible/practical would it be to deny account creation from a database of known disposable email address providers? There are already numerous sources to pull from:
- https://github.com/7c/fakefilter
- https://github.com/unkn0w/disposable-email-domain-list
- https://github.com/disposable-email-domains/disposable-email-domains
/cc @cguindon