
Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
If you have to reach out to your users with important information and they signed up with a trash e-mail address you're not like to get the desired attention.This gem checks the e-mail address domain against a blacklist of trash mail providers.
Add this line to your application's Gemfile:
gem 'spam_email'
And then execute:
$ bundle
Or install it yourself as:
$ gem install spam_email
Be advised that the validation checks NOT if a correct e-mail address is given.
Validation will pass with empty string/nil
value! Checking the input with
valid_email
or at least checking presence: true
is strongly recommendend!
class User < ActiveRecord::Base
validates :email, presence: true, spam_email: true
end
or specify a custom message with (the gem comes with en/de/fr locales):
validates :email, presence: true, spam_email: { message: "is a blacklisted provider!" }
If you want to add/remove providers you can use an initializer and modify SpamEmail::Blacklist
.
To disable a provider just set the hash value for the domain to false.
You can add new domainsby modifing the hash.
You can also check the blacklist directly:
SpamEmail.blacklisted?(email)
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)Thanks go to Chris Birner (cbhp@lima-city.de) for the (inital) blacklist and to https://github.com/hallelujah/valid_email for inspiration.
FAQs
Unknown package
We found that spam_email demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.
Security News
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
Research
/Security News
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.