[egeozcan]

Searching in a hard-coded list of strings is not the best idea, and why try to detect them anyway? You can block all the free email services as well because they can also be used as disposable mail providers with a few more steps to get going. Not to mention that it takes around 10 minutes to set up a disposable email service if you have a spare domain and when it's in this list so you let it expire, even if this repo gets updated, there'll be many sites using an older version, causing too much problems for the new owners.

[iheartmemcache]

I agree with the hard-coding being not-too-great-of-an-idea. However, I'm going to argue that a @gmail has a way higher chance of being a legitimate email out of a random sample space than a domain from @tempx.com.

The larger issue here is if someone is entering false information, it's likely because you don't have a good UX and are soliciting information before value is delivered.

With passport.js, it's so easy to implement authentication providers against existing FB/Twitter/LinkedIn accounts, which should suffice for your SaaS 14-day trial. When it expires, they'll enter in legitimate information if they see value added to it.

I understand everyone wants to capture e-mails for drip marketing purposes, but if you have a bunch of people entering fake information because you walled off something critical (Oracle, I'm looking at you and your JRE...), it's not an engineering problem - its a social one.