Email Restrictions

Control who can sign up for your application using email allowlists, blocklists, and disposable email detection.

Overview

Email restrictions give you fine-grained control over user registration by filtering which email addresses or domains are allowed to create accounts.

✅ Allowlist

Only permit specific emails/domains

🚫 Blocklist

Block specific emails/domains

📧 Disposable Detection

Block temporary email providers

Email Allowlist

When using RESTRICTED sign-up mode, only emails matching the allowlist can register. Perfect for:

  • Internal tools: Only @company.com emails
  • B2B SaaS: Pre-approved customer domains
  • Partner access: Specific partner email addresses
  • Beta testing: Curated tester list

Pattern Types

@company.com

Allow all emails from a domain

john@company.com

Allow specific email address

Add to Allowlist

typescript

List Allowlist Entries

typescript

Email Blocklist

Block specific domains or emails from signing up, even in PUBLIC mode. Useful for:

  • Competitor blocking: Prevent competitor domains
  • Spam prevention: Block known spam domains
  • Abusive users: Block specific troublemakers
  • Geographic restrictions: Block country-specific domains

Add to Blocklist

typescript

⚠️ Note: Blocklist takes precedence over allowlist. If an email matches both, it will be blocked.

Disposable Email Blocking

Automatically block temporary/disposable email providers like:

  • mailinator.com, guerrillamail.com, 10minutemail.com
  • Hundreds more in built-in database
  • Updated regularly with new disposable providers

Enable Disposable Email Blocking

typescript

💡 Tip: Enable this in PUBLIC mode to reduce spam and fake accounts. Disable only if your use case requires disposable emails.

Bulk Management

Import Multiple Entries

Bulk Import

Best Practices

✅ Use Allowlist for Internal Tools

For employee-only apps, set RESTRICTED mode with company domain on allowlist.

✅ Block Disposables in Public Apps

PUBLIC mode should almost always have disposable email blocking enabled.

✅ Document Patterns

Use the description field to note why each pattern was added (e.g., "Q1 2024 beta testers").

✅ Test Before Rollout

Test email restrictions with your own account before enabling for all users.

⚠️ Wildcards Not Supported

Use @domain.com for entire domain. Regex patterns like *@company.* are not supported.

⚠️ Blocklist Overrides Allowlist

If email matches both lists, it will be blocked. Be careful with broad blocklist patterns.

Related

EmailListManager Component →

UI for managing lists

Sign-up Modes →

Learn about RESTRICTED mode