In the last few months there has been a huge effort by malicious spam bots to create customer accounts on Magento websites across the globe. The bogus accounts are very easy to spot – they contain advertising text and links within the name and address details in the hope that the email address they enter will then get visibility of their links.

In almost all the cases we’ve seen, the targeted email domain to receive these spurious comms is

You can, and probably should add captcha to your registration forms, but some bots are able to spoof these and captcha is pretty rotten for your real users – especially on a smaller device.

So we’ve created a plug-in for Magento2 which will interrogate the account registration request and block it if the email address is from domain or 163·com. It’s free to download and very easy to install.

You are free to modify it for your needs too. If you would like to block other email domain names from registering, simple open the file;


And edit line 57 like this;


$email = $subject->getRequest()->getParam('email');
        list($nick, $domain) = explode('@', $email, 2);
        if (in_array($domain, ['', ''], true)) {


$email = $subject->getRequest()->getParam('email');
        list($nick, $domain) = explode('@', $email, 2);
        if (in_array($domain, ['', '','',''], true)) {

Happy coding!