
Ask HN: How to check if e-mail belongs to a “work” domain? - duroth
Hey everyone!<p>What is the best way to verify that an e-mail address belongs to a business (&quot;work&quot;) domain? For example, I don&#x27;t want _john.doe@gmail.com_ or _jane.doe@outlook.com_. But I do want _johnny@apple.com_ or _ma.baker@thebakercompany.com_.<p>The first thing that comes to me is to have a rule to exclude gmail.com, outlook.com, yahoo.com, but there are huge amounts of those and it feels stupid to me.<p>Any thoughts?
======
akg_67
It is not "stupid", it is simple and effective. I use the blacklist process to
exclude disposable email domains (there are 100s of them and everyday new ones
come up) from registering on my service. It is much faster and inexpensive
than making a round trip API call to some remote service to confirm validity
of the email domain.

Unless you don't have better things to do with your time, I will suggest
focusing your time on things that are more important.

~~~
victorstanciu
Ditto. And since akg_67 didn't link to one, here is a great disposable email
domain list:

[https://github.com/ivolo/disposable-email-
domains/blob/maste...](https://github.com/ivolo/disposable-email-
domains/blob/master/index.json)

New domains are added to the list via pull requests.

------
murtza
If you are doing this verification on the client-side, you can restrict form
submissions when a user enters a free email address like Gmail or Yahoo.

Here's a post I wrote with an implementation of this approach (specific to
Marketo forms, but can be made generic for any form):
[http://developers.marketo.com/blog/restrict-free-email-
domai...](http://developers.marketo.com/blog/restrict-free-email-domains-on-
form-fill-out/)

I would also recommend labeling the email address field on the form, "Work
Email."

------
fragmede
For really big corporations that own their own netblocks, the listed whois
owner's email address should match the domain name entered, but that fails on
domains that use Google for their mail. (Ie 'gmail.com' lists an @google.com
contact which doesn't match the domain name.)

Just start with a blacklist for the big ones, and then manually opt-in domains
after a look at a domain's webpage under pg's "do things that don't scale"
mantra.

~~~
nailer
Wouldn't

whois 'domain foo.com'

likely return an admin contact at foo.com even if they're using Google Apps?

------
panorama
Blacklisting is an okay option, but as you said, it's tough to do so just
going by your memory. In fact there are actually thousands of free, public
domains, which you will likely want to blacklist. Here's a good list (2013):

[https://gist.github.com/tbrianjones/5992856](https://gist.github.com/tbrianjones/5992856)

P.S. Maybe someone should make an API to verify if a domain is free/public or
not :)

------
Nadya
Why does your solution "feel stupid"? It's the most straight forward and
workable solution.

You have two options:

a) Whitelist all domains you want (if you only want _specific_ 'work' domains)

b) Blacklist those you do not want

~~~
duroth
It "feels stupid" because I don't want to allow any sort of generic domain and
off the top of my head I can think of 20 generic e-mail domains, not event
counting the ones I don't think of.

In the situation I need it in, that's an OK solution, but I was interested in
finding out if there exists a better solution.

~~~
theaccordance
There's an off chance you could do an extra level of verification using the
mail headers, but I wouldn't bet on it. Keep in mind that email is an old
technology, it lacks a lot of things that would make it more efficient/useful
in 2015

------
nailer
Bayesian filtering. Add points for things that seem personal, set a threshold
of points.

This is how, eg, anti spam often works.

------
ivankirigin
What is the context? I help do this kind of analysis over a user's contacts as
part of YesGraph.

~~~
duroth
I am building a product that works automatically for all the people "inside"
an e-mail domain. So everybody that's a part of @yesgraph.com would have
access to all of the content from other people with the @yesgraph.com e-mail
address.

~~~
ivankirigin
I'd recommend just asking the user to confirm the email domain they care
about. I solve this on YesGraph's registration page indirectly just by making
the entry field label "work email".
[https://www.yesgraph.com/signup/](https://www.yesgraph.com/signup/)

