The easiest way I could see of banning a list of email addresses would be to modify the "validate email" script in the advanced user guide. It won't let the user continue checking out until the address has been entered twice. You could modify this to continue only if the address is not on a 'banned' list (or even better, looks for patterns so you can ban whole domains etc).

I would be very careful when implimenting this though, as you could quite easily prevent honest paying customers from checking out.

Just as a matter of interest, why would you want to do this?

Cheers,
simon
Cult Pens

I don't care about banning 'honest, paying customers' being banned - one site we have has an escalating fraud rate - the common factor on ALL bogus transactions are hotmail, gmail and a couple of other freebie email providers - the percentage of transactions from 'real' customers using free accounts is slim, and they will be directed to use a paypal checkout (and reminded that they don't need an account to do so).

The problem with the fraudulent transactions, is that these appear to be full blown identity theft - EVERYTHING is correct on the transaction, EXCEPT the email address - and given that it's an electronic download product ...

We tried stopping customers from using hotmail & Yahoo accounts and it worked. We made it our policy and people stayed away in droves. The problem is that people are afraid to get spammed, so that's why they do it. It really depends on the type of customer you are dealing with. If you are selling products, then I don't recommend it for the reason stated.

Hi there

All i can think of, is implementing a javascript which on the email textbox which compares the string to a list like ("@hotmail.com","@yahoo.com","@gmail.com")

Kind Regards

So did you implement a script? can you share it?

Tis the season to be fraudulent apparently, so this would be really useful to have.

ho ho ho.

Never mind, this javascript seems pretty simple. Just knocked this together, and it seems to do the trick (just putting it here in case anyone else needs it, or someone wants to improve on it) -

Read the 'validate email' part of the advanced user guide, and put this code in instead. Don't forget to replace the submit button as per the manual.

Oh, and I don't know javascript, I just welded this together from the code in the AUG, a verification script I found online, and a couple of jave tutorials example code - SO USE AT YOUR OWN RISK!

I'd find another option - perhaps tighten up your credit scoring at the checkout.

I personally only ever use one of two gmail addresses when ordering online, I figure that I can get the receipt anywhere anytime plus if I get spammed, it doesn't affect my main e-mail.

Many people ordering from work too will use a similar account, it makes sense to keep your use of company e-mail to a minimum!

What you're doing is cutting the risk of fraud-ish, but simultaneously punishing genuine customers.

Other than demanding everyone use 3D secure authentification it can't get any tighter.

The number of genuine customers that use these is very small, although the one's that do are mostly more trouble than they're worth. Generally speaking they place very small orders with hardly any profit, and they require more post sales support. (eg. "I just placed an order 2 minutes ago, can you let me know when it will be dispatched/delvered?", or "I accidently ordered the wrong item, and failed to notice at any stage in the checkout, or in the confirmation email, so please send me the one I meant to order...", and so on).

So pretty much killing 2 birds with one stone there. I realise that there may be a potentially good customer out there who insists on trying to use one of these accounts, and that I may lose out, but to be honest it's worth it just to get rid of the hassle of dealing with the fraudulent orders.

Also, because of the increase in fraud attempts we are manually reviewing every order (that has made it past the cc checks), and have picked up several dodgy looking ones that may or may not be fraudulent. So we have cancelled these.

Now, as a *genuine* customer, would you prefer to be told in the checkout that we don't accept hotmailing, gmailer yahoo's and given the chance to enter a proper email - or go elsewhere - or would you prefer to have the order go through and then get an email later telling you your order had been cancelled because it looked fraudulent? Clearly, the 1st one should be preferable!

Your call - your business I guess!

Just for info - 95% of our orders are digital download.
Over the last week, we have sold 700 items - of those 52 were Gmail, Hotmail or Yahoo addresses.

I've always been in the paranoid school - too scared to lose a sale so hate rocking the boat.

Regards

Phil

So if they're digital download then effectively you haven't really lost any money if a fraudster gets you? just the annoyance of someone getting your product for free.

But if you're selling high volume low margin products you can afford to turn people away because of single fraudulent order can take 10, 20 maybe 30 genuine identical orders just to recover the cost of the lost item(s)...

Sorry, I see now - I had in mind webyourbusinesses original query, who also had electronic download products.

If I were selling real stuff I'd probably be with you and err on the side of caution.
On a similar note, we have a problem at the moment where people sign up for our affiliate scheme, then use a stolen card to order a load of stuff and hope we'll sign off the commission!

Now that's annoying - invariably the order is a real looking one in England through an affiliate whose strike rate is 1 click one £1000 sale - he's based in Thailand or Malaysia or Russia....

That's annoying!

also annoying are those idiots that use stolen american cards and order £1000 worth of stuff with a delivery address in America. despite being a UK site. with UK as the only country in the country list. and the products are freely available in the US anyway at lower prices. and no genuine customer would order that quantity of that product for any reason. ever. muppets...

grrrrr...

emails/orders I have received today, from before the ban -

A Yahoo - "You have sent me black, and the delivery note says black - I wanted colour"... (also didn't give any order number or address details to help track down the order number)

A hotmailer - ordered £200 worth of stuff for isreal, on a UK only website

another hotmailer - "I ordered 2 products and neither of them work" (what are the chances that 2 separate different, normally very reliable, items are both faulty, and what are the chances that they are just installing them wrong...)

another hotmailer - from gurnsey - selected UK not channel islands from the country list, so I have to cancel the order. And after I went to all the trouble of adding gurnsey to the site with Nil rate VAT!

ok, this one was AOL but I though it deserved a mention - "Hi there just wondering when my order will be delivered? Thank you " - No subject line, no order reference, no address details, no mention of the items - not even a name! "I predict that your order, containing some type of items, will be with you sometime, at somepoint in the future...."

I don't think I'm going to miss these customers at all!