How to Block Spam E-mail from registering on Magento2 site

Today the internet is surging with spammers who are dying to get their hands on your servers. Spammers register an account on your site to brake into your system as it is a relatively easy way for amateur. It is one of the key parts of their spamming strategy. We cannot stress enough the importance of identifying spam domains and blocking them in advance because whether human or a bot machines, spammers would normally be using an email spam domain. You need to integrate your web store with additional anti-spam protection making definite email domains and zones blocked. If you allow your customers to use guest checkout, don’t forget it is hassle-free for spammers or hackers.

With Restrict Domain Registration feature you can block users from registering for accounts using email addresses from certain domains. This feature is useful for blocking spam and bots from logging into your website and it will effectively increase the security of the store. You can easily put the domains to block and set the error message to be displayed when a user attempts to register with an email domain on your block list. Full instructions are as follows –

The coding starts here…

Create a new module with a name EmailCheck in the folder Ecomsolver

Step – 1 Write the following code at admin panel. Path of the file will be – Ecomsolver >EmailCheck > etc > Adminhtml > System

<?xml version="1.0"?>
<config xmlns:xsi="" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
        <tab id="ecomsolver" translate="label" sortOrder="999">
        <section id="emailblock" translate="label" sortOrder="130" showInDefault="1" showInWebsite="1" showInStore="1">
            <label>Email Check</label>
            <group id="domains" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
                <label>Domain Names</label>
               <field id="domains" translate="label" type="textarea" sortOrder="1" showInDefault="1" showInWebsite="1" showInStore="1">
                    <label>Domain names to block</label>
                    <comment>Comma separated values eg,,</comment>
                <field id="message" translate="label" type="textarea" sortOrder="1" showInDefault="1" showInWebsite="1" showInStore="1">
                    <label>Message to display</label>
                    <comment>The error message to show users who try to register with one of the above domain names</comment>

Step – 2 Write the following code in a file. Path of the file will be – Ecomsolver >EmailCheck > etc > Frontend > di

<?xml version="1.0"?>
<config xmlns:xsi=""
    <type name="Magento\Customer\Controller\Account\CreatePost">
        <plugin name="restrictCustomerEmail"

Step – 3 Write the following code in XML file with name Config. Path of the file will be – Ecomsolver >EmailCheck > etc > Config

<config xmlns:xsi="" 
                    <domains>We do not allow registration from your email domain</domains>

Step – 4 Write the following code in XML file with name Module. Path of the file will be – Ecomsolver >EmailCheck > etc > Module

<config xmlns:xsi= xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
    <module name="Ecomsolver_Emailcheck" setup_version="1.0.0">

Step – 5 Create the folder name Model in EmailCheck. Then create subfolder Plugin > Controller > Account. Write the following code in php file with name RestrictCustomerEmail. Path of the php file will be – Ecomsolver >EmailCheck > Plugin > Controller > Account > RestrictCustomerEmail

/* Ecomsolver @@@@@@ */
namespace Ecomsolver\Emailcheck\Model\Plugin\Controller\Account;
use Magento\Framework\Controller\Result\RedirectFactory;
use Magento\Framework\UrlFactory;
use Magento\Framework\Message\ManagerInterface;
use Magento\Framework\App\Config\ScopeConfigInterface;
class RestrictCustomerEmail
    /** @var \Magento\Framework\UrlInterface */
    protected $urlModel;
     * @var \Magento\Framework\Controller\Result\RedirectFactory
    protected $resultRedirectFactory;
     * @var \Magento\Framework\Message\ManagerInterface
    protected $messageManager;
     * RestrictCustomerEmail constructor.
     * @param UrlFactory $urlFactory
     * @param RedirectFactory $redirectFactory
     * @param ManagerInterface $messageManager
    public function __construct(
        UrlFactory $urlFactory,
        RedirectFactory $redirectFactory,
        ManagerInterface $messageManager,
  ScopeConfigInterface $scopeConfig
        $this->urlModel = $urlFactory->create();
        $this->resultRedirectFactory = $redirectFactory;
        $this->messageManager = $messageManager;
  $this->scopeConfig = $scopeConfig;
     * @param \Magento\Customer\Controller\Account\CreatePost $subject
     * @param \Closure $proceed
     * @return mixed
     * @throws \Magento\Framework\Exception\LocalizedException
    public function aroundExecute(
        \Magento\Customer\Controller\Account\CreatePost $subject,
        \Closure $proceed
        /** @var \Magento\Framework\App\RequestInterface $request */
        $email = $subject->getRequest()->getParam('email');
        list($nick, $domain) = explode('@', $email, 2); 
  $domains = $this->scopeConfig->getValue('emailblock/domains/domains', \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
  if(!$domains) { 
   return $proceed; 
  $domainArray = array_map('trim', explode(',', $domains));
  if(count($domainArray) < 1) { 
   return $proceed;
        if (in_array($domain, $domainArray, true)) {
 $message = $this->scopeConfig->getValue('emailblock/domains/message', \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
   if(!$message) { $message = __('We do not allow registration from your email domain'); }
            $defaultUrl = $this->urlModel->getUrl('*/*/create', ['_secure' => true]);
            /** @var \Magento\Framework\Controller\Result\Redirect $resultRedirect */
            $resultRedirect = $this->resultRedirectFactory->create();
            return $resultRedirect->setUrl($defaultUrl);
        return $proceed();

Using this module you can block registration from certain domains and make your security level higher. Spammers and fraudulent orders can cause sturdy damage to your store; hence it will result in bad reputation. If you have any queries or feedback, then feel free to drop us a line. Ecomsolver is a company promoted by a group of highly experienced professionals. Specialize in providing top-notch web solutions through innovation and use of latest technology.