Block disposable email signups in Django
Add a form validator that calls CheckDisposable Email before saving the user. Works in any Django version (3, 4, 5). Pairs cleanly with django-allauth or Django's built-in auth.
The code
# settings.py
import os
CDE_KEY = os.environ["CDE_KEY"]
# forms.py
import requests
from django import forms
from django.conf import settings
def is_disposable(email: str) -> bool:
try:
r = requests.get(
"https://api.checkdisposable.email/v1/check",
params={"email": email},
headers={"Authorization": f"Bearer {settings.CDE_KEY}"},
timeout=3,
)
if not r.ok:
return False # fail open
return bool(r.json().get("is_disposable"))
except Exception:
return False
class SignupForm(forms.Form):
email = forms.EmailField()
password = forms.CharField(widget=forms.PasswordInput)
def clean_email(self):
email = self.cleaned_data["email"]
if is_disposable(email):
raise forms.ValidationError("Please use a real email address.")
return emailNotes
- Where to call it
- Putting the check inside `clean_email` runs it during normal Django form validation, so the standard form-error UI surfaces the message. Works in both function- and class-based views.
- allauth integration
- If you use django-allauth, override `SignupForm.clean_email` the same way, or implement an `allauth.account.adapter.DefaultAccountAdapter.is_email_blacklisted` hook that calls `is_disposable`.
- Async note
- On Django 4.1+ with async views, swap the synchronous `requests` call for `httpx.AsyncClient` to avoid blocking the event loop.
Get a free API key
500 checks/month, no credit card. No credit card. 30 seconds.
Sign up free →