/burnex

📨🔥 Elixir burner email (temporary address) detector

Primary LanguageElixirMIT LicenseMIT

Burnex

Build Status Coverage Status Module Version Hex Docs Total Download License Last Updated

Compare an email address against 3900+ burner email domains (temporary email providers) based on this list from https://github.com/wesbos/burner-email-providers.

Installation

Add :burnex to your list of dependencies in mix.exs.

def deps do
  [
    {:burnex, "~> 3.1.0"}
  ]
end

Usage

Be aware that Burnex will not check if the email is RFC compliant, it will only check the domain (everything that comes after @).

iex> Burnex.is_burner?("my-email@gmail.com")
false
iex> Burnex.is_burner?("my-email@yopmail.fr")
true
iex> Burnex.is_burner? "invalid.format.yopmail.fr"
false
iex> Burnex.is_burner? "\"this is a valid address! crazy right ?\"@yopmail.fr"
true

iex> Burnex.providers |> MapSet.member?("yopmail.fr")
true

With an Ecto changeset

Following code ensures email has a valid format then check if it belongs to a burner provider:

def changeset(model, params) do
  model
  |> cast(params, @required_fields ++ @optional_fields)
  |> validate_required([:email])
  |> validate_email()
end

@email_regex ~r/\A([\w+\-].?)+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i

defp validate_email(%{changes: %{email: email}} = changeset) do
  case Regex.match?(@email_regex, email) do
    true ->
      case Burnex.is_burner?(email) do
        true -> add_error(changeset, :email, "forbidden_provider")
        false -> changeset
      end
    false -> add_error(changeset, :email, "invalid_format")
  end
end
defp validate_email(changeset), do: changeset

MX record DNS resolution

As an extra precaution against newly-created burner domains, you can use Burnex to do MX record DNS resolution. This is done like this:

iex> Burnex.check_domain_mx_record("gmail.com")
:ok
iex> Burnex.check_domain_mx_record("gmail.dklfsd")
{:error, "Cannot find MX records"}

Here is an example function to check if an email is valid:

  # Use a regex capture to get the "domain" part of an email
  @email_regex ~r/^\S+@(\S+\.\S+)$/

  # hard-code some trusted domains to avoid checking their MX record every time
  @good_email_domains [
    "gmail.com",
    "fastmail.com"
  ]

  defp email_domain(email), do: Regex.run(@email_regex, String.downcase(email))

  defp is_not_burner?(email, domain) do
    with {:is_burner, false} <- {:is_burner, Burnex.is_burner?(email)},
         {:check_mx_record, :ok} <- {:check_mx_record, Burnex.check_domain_mx_record(domain)} do
      true
    else
      {:is_burner, true} ->
        {false, "forbidden email"}

      {:check_mx_record, {:error, error_message}} when is_binary(error_message) ->
        {false, error_message}

      {:check_mx_record, :error} ->
        {false, "forbidden provider"}
    end
  end

  @spec is_valid?(String.t()) :: true | {false, String.t()}
  def is_valid?(email) do
    case email_domain(email) do
      [_ | [domain]] when domain in @good_email_domains ->
        true

      [_ | [domain]] ->
        is_not_burner?(email, domain)

      _ ->
        {false, "Email in bad format"}
    end
  end

License

This software is licensed under MIT license. Copyright (c) 2018- Benjamin Piouffle.