[iheartmemcache]

I agree with the hard-coding being not-too-great-of-an-idea. However, I'm going to argue that a @gmail has a way higher chance of being a legitimate email out of a random sample space than a domain from @tempx.com.

The larger issue here is if someone is entering false information, it's likely because you don't have a good UX and are soliciting information before value is delivered.

With passport.js, it's so easy to implement authentication providers against existing FB/Twitter/LinkedIn accounts, which should suffice for your SaaS 14-day trial. When it expires, they'll enter in legitimate information if they see value added to it.

I understand everyone wants to capture e-mails for drip marketing purposes, but if you have a bunch of people entering fake information because you walled off something critical (Oracle, I'm looking at you and your JRE...), it's not an engineering problem - its a social one.