Auth0 blacklisted domain can still signup but can't receive mails

ting.lee · May 10, 2023, 1:42pm

Hey
On Configuration or rule for: "Failed Sending Notification" with the error "the domain is blacklisted" - #3 by Sam.Pillay a list of blacklisted domain is shown where no mails/notifications can be sent to, though those domains can still be used for signup and login flow. As a customer it’s not a desirable behavior to have an account that can’t receive default mails like verification mail, reset password, confirm change email,…

Is there an Auth0 way to prohibit users to signup and login with those domains?
Is the above mentioned list complete or does Auth0 blocks more domains?

rueben.tiow · May 10, 2023, 8:04pm

Hi @ting.lee,

Welcome to the Auth0 Community!

I understand that you would like to block blacklisted domains from signing up or logging in.

For this, I recommend using a Pre-User Registration and Post-Login Action scripts.

Here is an example Post-Login script:

exports.onExecutePostLogin = async (event, api) => {
 const blacklist = ["domain1", "domain2"];
  var userEmailDomain = event.user.email.split('@')[1].split('.')[0] // Get the user's email domain
  if(blacklist.includes(userEmailDomain)){
    api.access.deny('invalid_request', "Access from your domain is not allowed.");
  }
};

And an example Pre-User Registration script:

exports.onExecutePreUserRegistration = async (event, api) => {
 const blacklist = ["domain1", "domain2"];
  var userEmailDomain = event.user.email.split('@')[1].split('.')[0] // Get the user's email domain
  if(blacklist.includes(userEmailDomain)){
    api.access.deny('invalid_request', "Access from your domain is not allowed.");
  }
};

I hope this helps!

Please let me know if you have any questions.

Thanks,
Rueben

system · May 24, 2023, 8:05pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.