Stop fake sign-ups on your WordPress site or WooCommerce store. Blocks throwaway emails like Mailinator, 10MinuteMail, and Guerrilla Mail across registrations, checkouts, comments, and contact forms. No subscription, no external service — everything runs on your own site.
Your visitors' emails never leave your site. There's no external service to trust, no monthly subscription, and nothing extra to add to your privacy policy.
The blocklist refreshes itself automatically every day, so when a new throwaway email service appears, your site catches it without you having to lift a finger.
Block fake sign-ups outright, let them through but flag them for review, or just quietly log everything to see what would have been blocked — without changing anything yet.
Protects your checkout, customer accounts, product reviews, and even coupon redemption — stopping the classic "burner email to claim the welcome offer again" trick.
Twelve practical features built for real WordPress and WooCommerce sites. Free forever, no upgrades to unlock.
Over 9,000 known disposable email services out of the box, including Mailinator, 10MinuteMail, Guerrilla Mail, Yopmail, Temp-Mail, and thousands more. Expandable to over 100,000 with a single click.
Three modes to match your comfort level. Block stops fake sign-ups outright. Flag lets them through but tags them for review. Log silently records what would be blocked — perfect for testing before going live.
Optionally block Proton Mail, Tutanota, SimpleLogin, Apple's Hide My Email, Firefox Relay, DuckDuckGo Email, and other privacy services. Off by default — you decide whether to allow them.
Spots fake-looking addresses such as gnail.com, hotmial.com, or addresses on expired domains by checking that the domain actually accepts email. Optional, falls back gracefully if the check fails.
Stops disposable emails at the checkout, customer registration, account email change, and product reviews. Works with both classic checkout and the new block-based checkout.
Refuses coupon codes when the billing email is on a blocklist. Stops the common pattern of grabbing a fresh disposable email to redeem the same welcome coupon over and over.
Add custom rules with simple wildcards: block an entire domain, block a whole country code, or block specific username patterns. The allow list always wins, so you can whitelist trusted addresses.
See the last 14 days of blocked sign-ups in a simple chart, plus the top blocked domains and a breakdown by reason. There's also a small widget right on your main WordPress dashboard.
Get a daily or weekly summary in your inbox: how many sign-ups were blocked, where they came from, and which domains tried hardest. Know your gates are working without ever logging in.
Every blocked attempt is recorded with the email, the reason, and where it happened. Filter by date, reason, or location, then export to a CSV file for offline review.
Built-in support for Contact Form 7 and Gravity Forms — just turn it on. Easy to add to WPForms, Elementor Forms, Forminator, and Fluent Forms with one line of code.
Five minutes of setup and the plugin maintains itself. Blocklists refresh in the middle of the night so they never slow down your busy hours, and the email digest keeps you in the loop.
Most email-checking services charge per email and send your visitors' addresses to their own servers. Here's how Disposable Email Blocker stacks up.
| Feature | Disposable Email Blocker | Paid Email Validators | Basic Free Blockers |
|---|---|---|---|
| Cost per email check | Free | $0.001 to $0.01 | Free |
| Sends emails to outside service | Never | Yes, every time | Never |
| Number of blocked services | 9,000 to 100,000+ | Yes | ~500 (hardcoded) |
| Lists update automatically | Daily, hands-off | Provider handles it | Manual only |
| Block Proton, Tuta, etc. (optional) | Yes | Rarely supported | No |
| Catches typo & dead domains | Yes (optional) | Usually included | No |
| Flag for review without blocking | Yes — unique to us | No | No |
| WooCommerce coupon abuse blocker | Yes | No | No |
| "Flagged" column in WooCommerce orders | Yes | No | No |
| Custom wildcard rules | Full support | Whole domains only | Whole domains only |
| Daily / weekly email reports | Yes | In their dashboard | No |
| Works on private / firewalled sites | Yes | Needs internet to validate | Yes |
| Yearly cost (100,000 sign-ups) | $0 | $50 to $500+ | $0 |
Other tools charge per email check or lock features behind a Pro upgrade. This plugin is fully free with everything included.
Everything you need to know about blocking fake email sign-ups on your WordPress site.
No. Every check happens entirely on your own site, against a list stored locally. The plugin only reaches out to the internet once a day to refresh that list — and those requests don't include any visitor data, just the public list files themselves.
No noticeable impact. Each email check takes a fraction of a millisecond because the plugin keeps the blocklist in memory rather than querying a database or external service. Even a list with 100,000 domains is checked instantly.
Only the very first time anyone signs up from a particular domain. After that, the result is remembered for 24 hours so repeat sign-ups from the same domain are checked instantly. The check is also optional and disabled by default, and if it ever fails it just allows the email through rather than blocking.
Nothing breaks. The previously-downloaded list keeps working until the next successful refresh. Even if your site has never managed to download a list, a built-in copy of about 5,400 known disposable domains ships with the plugin so protection is active from day one.
Block stops the sign-up immediately and shows the visitor an error message. Flag lets the sign-up through but tags it in your admin so you can review or remove it later. Log silently records every match without changing anything — ideal for testing the plugin before turning it on for real.
Yes — set the mode to "Log only". The plugin will record every match in the dashboard and log without rejecting anyone. After a few days you'll have a clear picture of what would have been blocked, and you can switch to Block or Flag with confidence.
Only if you choose to. Anonymous email services like Proton and Tutanota are off by default, so legitimate users on those services aren't affected unless you turn the option on. Even then, you can add specific email addresses to your allow list to let them through.
You can add specific addresses (spammer@example.com) or use simple wildcards: *@example.com blocks every address from that domain, *@*.ru blocks every .ru domain, and spam*@* blocks any address whose username starts with "spam". The allow list always wins, so you can whitelist exceptions to your own rules.
It checks the email at every place WooCommerce uses one: customer registration, checkout (billing email), the My Account page when a customer changes their email, and product reviews. It works with both the classic checkout and the newer block-based checkout.
It refuses to apply a coupon if the billing email at checkout is a known disposable address. This stops the very common pattern where someone repeatedly grabs a fresh throwaway email to redeem the same "first-time customer" coupon. You can turn it off if you don't need it.
Right in your normal WooCommerce orders list. A new "Flagged" column shows a colored badge next to any order placed with a suspicious email, and a filter dropdown lets you see only flagged orders. You can also bulk-trash all of them with one click.
Yes. The plugin works with both the classic WooCommerce orders storage and the newer High-Performance Order Storage (HPOS), as well as the older classic checkout and the new block-based checkout. No configuration needed — it just works with whichever you're using.
Yes — both are supported out of the box. Just turn the relevant toggle on in the settings and emails submitted through your forms will be checked the same way as registrations and checkouts. Whichever mode you've chosen (Block, Flag, or Log) applies to forms too.
These work too, with one line of code from a developer. Each form plugin has its own way of validating fields, so we provide a simple hook your developer (or your developer-friend) can drop in to bring the same protection to any form.
Yes. The plugin exposes WordPress filters so you can override decisions per request, allow specific user roles, or plug it into any custom validation flow. Full developer documentation is in the readme on WordPress.org.
Yes — an optional "aggressive" mode hooks into WordPress's main email-validation function so disposable addresses are caught everywhere, including places other plugins might add later. It's off by default because it can be too strict for some setups, and the settings page explains the trade-off.
Yes. No pro version, no paid upgrade, no feature locked behind a paywall, no account required. Every feature on this page is included in the free download. The plugin is open source under the GPL license, the same as WordPress itself.
Paid services like ZeroBounce, Hunter, or Kickbox charge per email checked — typically $0.001 to $0.01 each. For a site that gets 100,000 sign-up attempts in a year that adds up to $100 to $1,000, plus your visitors' emails get sent to a third party. This plugin does the same job for free, on your own server.
Free WordPress plugin. Five minutes to install, no account required. Keeps throwaway emails out of your registrations, comments, checkouts, and forms — forever.