A library for filtering fake, disposable and duplicated email addresses.

TLDR; See Usage And Wiki.

• Filters and checks for disposable email addresses from temporary email services (like 10minutemail and Mohmal), see the full list of domains at lib/validators/temporary-email-domains.
• Filters and checks for aliases that lead to the same email box from providers like Gmail.
• Filters for emails within an allowed domain list, or that are not in an excluded domain list.

Jelban's Gmail provider normalizes Gmail addresses to lowercase, non dotted and non aliased @gmail.com email addresses, since:

0. Gmail addresses are not case sensitive, [email protected] is equivalent to [email protected].

1. Gmail offers an aliases feature where you can create multiple aliases for your address, example:

   For example, messages sent to the following aliases will all go to [email protected]:

   janedoe+school@gmail.com janedoe+notes@gmail.com janedoe+important.emails@gmail.com

2. Also, @gmail.com addresses, can be reached by using @googlemail.com, source http://techcrunch.com/2010/05/03/gmail-uk/. So [email protected] is exactly equivalent to [email protected].

3. Dots don't matter in Gmail addressees (source), so [email protected], and [email protected], and [email protected] and [email protected] are all similar.

Similarly to the previous provider, Jelban's Outlook provider normalizers Outlook (aka. Hotmail) email addresses as it has also the option to create aliases (src), example:

Emails to jane.doe+school@hotmail.fr and jane.doe+work@hotmail.fr will land at [email protected]'s mailbox

If you rely on the email normalization feature of this library you might be making account enumeration and brute force attacks easier. As attackers will have to guess for only a small subset of strings that does not have dots, upper/lowercase characters or aliases.

Also, users may choose to use the aliases when registering to your applications, and that a choice that must be respected as they may route that kind of emails to certain folders in their mailboxes.

Store email addresses in both formats, the user input and your normalized format, and when checking if an address is used you can rely on the normalized one, this may cause another issue if a user wants to change from their address [email protected] to [email protected] in their profile settings, then you know best what to do :)

npm i jelban.js

import { Jelban } from 'jelban.js';


// Instantiate the library
const jelban = new Jelban();

console.log(jelban.isValid('[email protected]')); // prints "true"

console.log(jelban.isValid('[email protected]')); // throws: "Invalid email address "[email protected]", rules: ["IsExcludedDomainValidator"]" because "@boxmail.live" is a temporary domain from mohamal.com service

// If you don't want to throw on failed validations and return "false" instead:
console.log(jelban.isValid('[email protected]', false)); // prints "false"

To run the project locally

# Use recommended Node version
nvm install
nvm use

# install dependencies
npm i

# run tests
npm test

# run mutation tests
npm run mutate

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

This project is licensed under the MIT License - see the LICENSE file for details