Skip to content

Add blocklist of email domains to restrict sign ups

Taken from discussion here: gitlab-com/support#61 and here: gitlab-org/gitlab-ce#5932

As a way of fighting spam, we can add a blacklist of email domains that will be denied sign ups.

I believe that this option will also be usable for other public facing GitLab installations, so this is a spam fighting measure that we can include with GitLab itself.

I'm still thinking about the best way to implement such a blacklist. If we takes this list as an example, the amount of domains can be quite long.

My initial, simple suggestion for implementation would be:

  • Add a field to the ApplicationsSettings to enable/disable a sign up email domain blacklist and one for the blacklist.
  • If enabled, show a text area where you would input one domain per line.

On sign up, the email domain would be checked against this list.

This would be the simplest approach to the blacklist. What do you think @DouweM, @stanhu?