Skip to content

Laravel validation rule — fake email

Matt Kingshott 👨🏻‍💻 on March 26, 2019

Image courtesy of Unsplash Laravel validation rule — fake email In this new series, we’ll be exploring the concept of custom validation... [Read Full]
markdown guide

Why would one want to do such a validation? There are reasons why people use temporary e-mails, from unwanted e-mail newsletters to e-mail leaks.

The later one made me to spin up my own e-mail forward service, so I could easily block unwanted e-mails and detect e-mail leaks. Does my case counts as a disposable/fake e-mail as well?


There are indeed reasons, and I'm not advocating it as standard for all apps. I'm simply providing the option if you wanted / needed to use it. As for why you might want to...

Suppose your app suffered a breach, if you have disposable details on your system, you wouldn't be able to contact the user to let them know.

It can also depend on the nature of your application, e.g. if it is financial, legal, medical, governmental. In these situations, and depending upon the region, there may even be laws / regulations that require you to ensure you have a valid email address for the account holder.


Well I didn't think about the second case, but I guess if it's financial/legal, there are some other validation steps (such as a copy of your ID) so I don't really see any reasons to validate an e-mail. Of course unless the only info you'd provide to the government/bank/medical clinic would be e-mail, then you should cut out any disposable e-mails.

If your app suffered a breach, then those who uses disposable e-mails does not care about that at all. That's why they used disposable e-mails: "If it leaks, it leaks. I'm safe."

Regardless, thanks for your answer :)

With regards to your first point, you would think so, however I've dealt with systems that actually didn't require other forms of identification, yet still had regulations about email. Crazy, but it does exist!

Yeah, I reckon you're probably right about your second point, however, there is always the possibility of "data creep". You sign up with a disposable not intending to do much with the app, then over time you start adding more real data, but never remember to change the email address (particularly if you login with a username instead of an email). The breach occurs, important data of yours is stolen, but we can't contact you. Admittedly, this is more of a "what if" scenario, but there you go :)

And you're welcome :)

code of conduct - report abuse